Credit, Credit Bank, Credit Auto

credit bureau systems


 

Privacy and Security Law Blog

  • Beware the Flirtbot

    Posted by Brian Kennan

    Ever since the computer was invented, people have wondered when such machines would be able to think. In 1950, mathematician Alan Turing suggested a simple test for computer intelligence: if a computer can fool a human being into thinking it is also human, said Turing, the machine should be considered intelligent.

    Turing died in 1954 but must have rolled over in his grave last week when the Turing test's reputation hit a new low: security analysts discovered a "sex chat" computer program so lifelike it was fooling customers into disclosing their personal data.

    The program is called "CyberLover" and exploits a technique long known to security researchers as "social engineering," a fancy term for manipulating users into disclosing information. What's new with this con is that the one doing the social engineering is a computer program. And a hard working one.  According to Ina Fried, citing a report from PC Tools, CyberLover "can work quickly, too, establishing up to 10 relationships in 30 minutes.... It compiles a report on every person it meets complete with name, contact information, and photos."

    Of course, the user must volunteer this information, which raises another intriguing question: Are users that are naive enough to give out personal information to a computer sex-chat program able to pass the Turing test themselves?

  • FTC Announces "Crackdown" on Do-Not-Call Violators

    Posted by Ronald G. London

    The Federal Trade Commission recently announced that as a result of a new crackdown by the agency on violations of the National Do-Not-Call Registry (“NDNCR”) and related provisions of the FTC’s Telemarketing Sales Rule (“TSR”), it entered several consent decrees with multiple companies totaling $7.7 million in civil penalties, with one complaint still outstanding. The FTC brought the enforcement actions against Craftmatic (purveyor of adjustable beds and mobility assistance scooters) and affiliated entities through which it conducts telemarketing, ADT for TSR-violative actions by authorized third-party dealers of its security systems, Ameriquest Mortgage Company, Guardian Communications and its prerecorded call vendor U.S. Voice Broadcasting, and Global Mortgage Funding. Each of the first four companies and their affiliated entities entered consent decrees with the government and agreed to pay substantial civil penalties (amounts provided below) and to injunctive relief prohibiting them from engaging in similar violations in the future, while the FTC’s complaint for civil penalties and injunctive relief against Global was to be filed.

    The thrust of the FTC’s complaints are as follows:

    For Craftmatic, which agreed to pay a $4.4 million civil penalty, the second highest NDNCR fine ever, its attempt to use sweepstakes to create an established business relationship and/or obtain prior express consent to future telemarketing calls was insufficient to permit calls to the sweepstakes entrants who were on the NDNCR, and the FTC further alleged violations of its rule against “abandoned” telemarketing calls (i.e., those that connect to a consumer but disconnect before a live sales agent comes on the line), and that Craftmatic failed to honor company-specific do-not-call requests.

    With respect to ADT, which agreed to pay a $2 million civil penalty, the FTC made allegations similar to those it made in brokering a $5.3 million settlement with DirecTV in 2005 -- that is, the company failed to exercise sufficient control over authorized third-party dealers selling its services through (among other means) telemarketing to numbers on the NDNCR, which in ADT’s case, were Alarm King and Direct Security services, who respectively agreed to pay $20,000 and $25,000 civil penalties. In addition, ADT’s consent decree required it, like DirecTV, to adopt a compliance program with detailed monitoring, record-keeping, and reporting requirements.

    The complaint and consent decree for Ameriquest are somewhat opaque in alleging that it placed calls to numbers listed on the NDNCR and to consumers who had made company-specific do-not-call requests to Ameriquest, which agreed to pay a $1 million civil penalty. However, the FTC’s press release provides slightly more detail, basically that Ameriquest improperly relied on third-party lead-generators for TSR compliance, as has been the case with other telemarketers with whom the FTC has settled alleged telemarketing violations.

    For Guardian Communications and U.S. Voice Broadcasting, which agreed to a judgment in the amount of nearly $7.9 million with all but $150,000 suspended due to inability to pay, the violations arose out of prerecorded messages, all of which the FTC treated as abandoned calls, while further alleging that Guardian failed to provide proper caller ID information and placed calls on behalf of entities that were required to pay NDNCR fees but had not done so.

    The Global Mortgage complaint contains bare allegations that it placed calls to numbers on the NDNCR, without paying NDNCR fees, that it abandoned calls, and that it failed to transmit caller IDs. As noted, there is no consent decree for Global (and, moreover, the complaint recites that it filed Chapter 7 bankruptcy last year), so there are fewer details about this enforcement action than there are about those above.

    There are a number of compliance lessons that can be taken from the complaints and consent decrees. Each is well worth reviewing for an understanding of what, precisely, the settling company was accused of doing, and how that differed from what the FTC expects with respect to telemarketing compliance.

  • So How Many Health Care Privacy Laws Do We Need?

    Posted by Tom Jeffry

    Last week, under pressure from privacy rights activists, Vermont Senator Patrick Leahy introduced an amendment to the Wired for Health Care Quality Act [S.1693].  Until then, this bill was nurtured along by proponents of health information networks and was poised to be “hotlined” for unanimous consent without debate in Congress.  

    The proposed amendment uses language familiar to those of you who have read HIPAA.  Terms such as “protected health information” and “notice of privacy practices” appear in both the HIPAA regulations and the proposed amendment. However, the definitions are dramatically different.  For example, the proposed amendment to S. 1693 includes genetic and biometric information in the definition of protected health information and expands it to information collected or used by health researchers, schools and universities, and employers.  The scope of HIPAA was limited to those traditionally engaged in the delivery of health care such as providers and payers.

    When HIPAA was being considered by Congress, the debate over the appropriate level of privacy protections threatened to derail the legislation.  The solution then was to punt the process of establishing privacy and security standards for health care to the administrative rulemaking process of the Department of Health and Human Services.  Deja vu . . . with the introduction of this amendment we are back to privacy concerns threatening legislation that has bi-partisan support to advance health care technology and potentially improve the quality and efficiency of the delivery of health care.  

    Of course, there is no requirement that the federal laws and regulations of our nation be consistent, avoid duplication, or otherwise articulate a uniform policy or approach.  As a lawyer, I suppose I should be grateful for that.  Nevertheless, rather than appending the bill intended to develop health information networks with privacy provisions that duplicate and/

Copyright 2007 http://www.home-credit-bank.com