Tag Archives: criminal law enforcement agencies

LifeLock Identity Theft Company pays $11 million to Federal Trade Commission (FTC)

  By Charles | March 9, 2010 - 9:47 pm | News, Press Release, True Stories
Leave a comment

For Release: 03/09/2010

LifeLock Will Pay $12 Million to Settle Charges by the FTC and 35 States That Identity Theft Prevention and Data Security Claims Were False.

LifeLock, Inc. has agreed to pay $11 million to the Federal Trade Commission and $1 million to a group of 35 state attorneys general to settle charges that the company used false claims to promote its identity theft protection services, which it widely advertised by displaying the CEO’s Social Security number on the side of a truck.

In one of the largest FTC-state coordinated settlements on record, LifeLock and its principals will be barred from making deceptive claims and required to take more stringent measures to safeguard the personal information they collect from customers.

“While LifeLock promised consumers complete protection against all types of identity theft, in truth, the protection it actually provided left enough holes that you could drive a truck through it,” said FTC Chairman Jon Leibowitz.

“This agreement effectively prevents LifeLock from misrepresenting that its services offer absolute prevention against identity theft because there is unfortunately no foolproof way to avoid ID theft,” Illinois Attorney General Lisa Madigan said. “Consumers can take definitive steps to minimize the chances of having their personal information stolen, and this settlement will help them make more informed decisions about whether to enroll in ID theft protection services.”
Since 2006, LifeLock’s ads have claimed that it could prevent identity theft for consumers willing to sign up for its $10-a-month service.

According to the FTC’s complaint, LifeLock has claimed:

“By now you’ve heard about individuals whose identities have been stolen by identity thieves . . . LifeLock protects against this ever happening to you. Guaranteed.”
“Please know that we are the first company to prevent identity theft from occurring.”
“Do you ever worry about identity theft? If so, it’s time you got to know LifeLock. We work to stop identity theft before it happens.” The FTC’s complaint charged that the fraud alerts that LifeLock placed on customers’ credit files protected only against certain forms of identity theft and gave them no protection against the misuse of existing accounts, the most common type of identity theft. It also allegedly provided no protection against medical identity theft or employment identity theft, in which thieves use personal information to get medical care or apply for jobs. And even for types of identity theft for which fraud alerts are most effective, they do not provide absolute protection. They alert creditors opening new accounts to take reasonable measures to verify that the individual applying for credit actually is who he or she claims to be, but in some instances, identity thieves can thwart even reasonable precautions.

New account fraud, the type of identity theft for which fraud alerts are most effective, comprised only 17 percent of identity theft incidents, according to an FTC survey released in 2007.

The FTC’s complaint further alleged that LifeLock also claimed that it would prevent unauthorized changes to customers’ address information, that it constantly monitored activity on customer credit reports, and that it would ensure that a customer always would receive a telephone call from a potential creditor before a new account was opened. The FTC charged that those claims were false.

In addition to its deceptive identity theft protection claims, LifeLock allegedly made claims about its own data security that were not true. According to the FTC, LifeLock routinely collected sensitive information from its customers, including their social security numbers and credit card numbers. The company claimed:

“Only authorized employees of LifeLock will have access to the data that you provide to us, and that access is granted only on a ‘need to know’ basis.”
“All stored personal data is electronically encrypted.”
“LifeLock uses highly secure physical, electronic, and managerial procedures to safeguard the confidentiality and security of the data you provide to us.” The FTC charged that LifeLock’s data was not encrypted, and sensitive consumer information was not shared only on a “need to know” basis. In fact, the agency charged, the company’s data system was vulnerable and could have been exploited by those seeking access to customer information.

The FTC and state settlements with LifeLock bar deceptive claims, and prohibit the company from misrepresenting the “means, methods, procedures, effects, effectiveness, coverage, or scope of any identity theft protection service.” They also bar misrepresentations about the risk of identity theft, and the manner and extent to which LifeLock protects consumers’ personal information. In addition, the settlements require LifeLock to establish a comprehensive data security program and obtain biennial independent third-party assessments of that program for twenty years.

The Attorneys General of Alaska, Arizona, California, Delaware, Florida, Hawaii, Idaho, Illinois, Indiana, Iowa, Kentucky, Maine, Maryland, Massachusetts, Michigan, Missouri, Mississippi, Montana, Nebraska, Nevada, New Mexico, New York, North Carolina, North Dakota, Ohio, Oregon, Pennsylvania, South Carolina, South Dakota, Tennessee, Texas, Vermont, Virginia, Washington, and West Virginia participated in this settlement.

In addition to LifeLock, the FTC complaint named co-founders Richard Todd Davis and Robert J. Maynard, Jr., who will be barred from the same misrepresentations as LifeLock.

The Commission vote to authorize staff to file the complaint and the settlement with LifeLock and Richard Todd Davis was 4-0. The Commission vote to authorize staff to file the settlement with Robert J. Maynard, Jr. was 3-1, with Commissioner J. Thomas Rosch dissenting. The documents were filed in the U.S. District Court for the District of Arizona.

The FTC will use the $11 million it receives from the settlements to provide refunds to consumers. It will be sending letters to the current and former customers of LifeLock who may be eligible for refunds under the settlement, along with instructions for applying. Customers do not have to contact the FTC to be eligible for refunds. Up-to-date information about the redress program can be found at 202-326-3757 and at www.ftc.gov/lifelock.

NOTE: The Commission files a complaint when it has “reason to believe” that the law has been or is being violated, and it appears to the Commission that a proceeding is in the public interest. The complaint is not a finding or ruling that the defendant has actually violated the law. Stipulated judgements are for settlement purposes only and do not constitute an admission by the defendant of a law violation. Consent judgments have the force of law when signed by the judge.

In addition to announcing the LifeLock case, the FTC’s Northeast Regional Office sponsored an event to kick off National Consumer Protection week. The goal was to alert consumers to the top complaint categories in the Northeast Region and to arm consumers with the tools to recognize and protect themselves against all types of fraud. Also participating were the Better Business Bureau serving Metropolitan New York, the New York Attorney General’s Office, the New York City Department of Consumer Affairs, and AARP.

The Federal Trade Commission works for the consumer to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, click http://www.ftccomplaintassistant.gov or call 1-877-382-4357. The FTC enters Internet, telemarketing, identity theft, and other fraud-related complaints into Consumer Sentinel, a secure, online database available to more than 1,700 civil and criminal law enforcement agencies in the U.S. and abroad. For free information on a variety of consumer topics, click http://www.ftc.gov/bcp/consumer.shtm.

MEDIA CONTACT:
Claudia Bourne Farrell
Office of Public Affairs
202-326-2181
STAFF CONTACT:
Maneesha Mithal or David Lincicum
Bureau of Consumer Protection
202-326-2771 or 202-326 2773
(FTC File No. 072-3069)
(Lifelock)

Protecting Your Childs Privacy

  By Charles | January 16, 2010 - 2:23 am | Child Identity Theft, identity theft awareness, Identity Theft Shield, Self Help
Leave a comment

Protect your childs identityWhether to study or socialize, play games or learn something new, it’s likely your kids are spending time online. And as a parent, chances are that you’re spending time thinking about ways to make sure they make smart and safe choices when they do. Among the many choices they’re faced with online is how to deal with their personal information.

The Children’s Online Privacy Protection Act – COPPA – gives parents control over what information websites can collect from their kids. Any website for kids under 13, or any general site that collects personal information from kids it knows are under 13, is required to comply with COPPA. The Federal Trade Commission, the nation’s consumer protection agency, enforces this law.

Thanks to COPPA, sites have to get a parent’s permission if they want to collect or share your kids’ personal information, with only a few exceptions. That goes for information sites ask for up-front, and information your kids choose to post about themselves. Personal information includes your child’s full name, address, email address, or cell phone number.

Under COPPA, sites also have to post privacy policies that give details about what kind of information they collect from kids — and what they might do with it (say, to send a weekly newsletter, direct advertising to them, or give the information to other companies). If a site plans to share the child’s information with another company, the privacy policy must say what that company will do with it. Links to the policies should be in places where they’re easy to spot.

What Can You Do?
Your kids’ personal information and privacy are valuable — to you, to them, and to marketers. Here’s how to help protect your kids’ personal information when they’re online.

Check out sites your kids visit. If a site requires users to register, see what kind of information it asks for and whether you’re comfortable with what they tell you. If the site allows kids to post information about themselves, talk to your child about the risks and benefits of disclosing certain information in a public forum. You also can see whether the site appears to be following the most basic COPPA requirements, like clearly posting its privacy policy for parents and asking for parental consent before kids can participate.

Take a look at the privacy policy. Just because a site has a privacy policy doesn’t mean it keeps personal information private. The policy should tell you what the site does with the information it collects; then, you can decide how you feel about it. Remember, if the policy says there are no limits to what it collects or who gets to see it, there are no limits.

Ask questions. If you’re not clear on a site’s practices or policies, ask about them. If the site falls under COPPA, the privacy policy has to include contact information for the site manager.

Be selective with your permission. In many cases, websites need your okay before they’re allowed to collect personal information from your kids. They may ask for your permission in a number of ways, including by email or postal mail. Or, you may give your consent by allowing them to charge your credit card. In addition to considering when to give your permission, consider how much consent you want to give — in many cases, it’s not all or none. You might be able to give the company permission to collect some personal information from your child, but say no to having that information passed along to another marketer.

Know your rights.

    As a parent, you have the right to have a site delete any personal information it has about your child. Some sites will let you see the information they’ve collected. But first, they’ll need to make sure you really are the parent, either by requiring a signed form or an email with a digital signature, for example, or by verifying a charge made to your credit card. You also have a right to take back your consent and have any information collected from your child deleted.

    Report a website. If you think a site has collected or disclosed information from your kids or marketed to them in a way that violates the law, report it to the FTC at ftc.gov/complaint or 1-877-FTC-HELP (382-4357).

    More Tips For Parents
    Talk, and talk often. Make sure your kids know what information should be private, and what information might be appropriate for sharing. When they give out their personal information, they give up control of who can reach them, whether it’s with a marketing message or something more personal. On the other hand, sharing some personal information may allow them to participate in certain activities or to get emails about promotions and events they’re interested in.

    Depending on what they do online, also remind your kids that once they post information online, they can’t take it back. Even if they delete the information from a site, older versions may exist on other people’s computers and be circulated online.

    Know what sites your kids go to. Talk with your kids about the sites they like to visit. Do some exploring on your own to get to know how the sites work and what privacy settings and controls they offer.

    Make agreements. Be sure your kids know what your family has decided is okay — and not okay — to divulge online. Consider writing down a list of the rules your family has agreed on, and posting them where everyone can see them.

    Let your kids know you’ll keep an eye on the sites they visit. One option is to check your browser history and temporary files, though keep in mind that older kids may know how to delete these files or keep them from getting recorded. If you’d like more controls, check to see what privacy settings your browser offers or consider software that offers a range of controls. Visit the GetNetWise website to learn more.

    Know how your kids get online. Kids may get online using your family computer or someone else’s, as well as through cell phones and game consoles. Know what limits you can place on your child’s cell phone — some companies have plans that limit downloads, Internet access, and texting on cell phones; other plans allow kids to use those features at certain times of day. Check out what parental controls are available on the gaming consoles your kids use, as well.

    For More Information
    The FTC works for the consumer to prevent fraudulent, deceptive, and unfair business practices in the marketplace and to provide information to help consumers spot, stop, and avoid them. To file a complaint or to get free information on consumer issues, visit ftc.gov or call toll-free, 1-877-FTC-HELP (1-877-382-4357); TTY: 1-866-653-4261. The FTC enters consumer complaints into the Consumer Sentinel Network, a secure online database and investigative tool used by hundreds of civil and criminal law enforcement agencies in the U.S. and abroad.

    Visit OnGuardOnline.gov for more tips on securing your computer, protecting personal information whether you’re using a wireless connection or a traditional one, and guarding against Internet fraud. OnGuardOnline.gov is maintained by the Federal Trade Commission, the nation’s consumer protection agency.