FTC

FTC files charges against operators of alleged high school diploma mills

The Federal Trade Commission (the “FTC”) filed complaints on February 10, 2016 against two operators of online “high schools” that claim to be legitimate but allegedly are diploma mills, charging anywhere from $135 to $349 for a worthless certificate.

Complaints in both cases filed by the FTC in the U.S. District Court for the District of Arizona charge that the operators bought several website names designed to appear like legitimate online high schools and used deceptive metatags with terms such as “GED” and “GED online” to bring the bogus sites higher in search rankings. Once consumers got to the sites, messages popped up implying that the diplomas offered were equivalent to an actual high school diploma.

According to the FTC’s documents, the “courses” amounted to four untimed and unmonitored multiple-choice tests, requiring that students answer 70% of each test correctly. For some “high schools,” when students failed to meet that standard, they were redirected to the test once more, and this time, the correct answers were highlighted so that the students could change their answers.  Other “high schools” provided students with an online “study guide” that also highlighted the correct answer for students to select when taking the test.

Upon completing the tests, the FTC’s documents charge that consumers were directed to a set of menus to evaluate their “life experiences,” where selecting that he/she knows how to “balance

[a] checkbook” translates as credit for accounting coursework.  If a consumer says they “listen to music occasionally,” he/she may be given credit for a music appreciation course.

The FTC’s complaints in both cases point to numerous consumers who sought to use the diplomas to get jobs, apply for college and even join the military, only to find out that their diplomas were not recognized.

February 23rd, 2016|Fraud, Lawsuit|

Right to be Forgotten movement gains backers in the U.S.

Seeking to expand recognition of the Right to be Forgotten to the United States, a consumer group has filed a petition with the Federal Trade Commission (the “FTC”) requesting that Google be required to remove links upon request.

Last year, the European Court of Justice ordered Google to remove links about the financial history of a Spanish attorney, finding that the links to stories about his debts were “inadequate, irrelevant or no longer relevant, or excessive,” establishing the Right to be Forgotten (“RTBF”). Over the last 12 months, Google has received 274,462 removal requests and evaluated 997,008 URLs for removal from its search results.

In the hopes of bringing the RTBF to the United States, Consumer Watchdog recently filed a petition with the FTC. The group argued that by providing the ability to request removal of links to European consumers in Europe, Google engaged in unfair and deceptive practices in violation of the Federal Trade Commission Act. Not offering Americans the right to request removal – while providing it to millions of users across Europe – is unfair, the group argued to the FTC. And Google’s claims in its privacy policy that “

[p]rotecting the privacy and security” of customer information “is a top priority,” are deceptive because the company limits protections by denying the RTBF, the consumer group added.

Consumer Watchdog listed several examples of U.S. citizens who have been harmed without the RTBF in this country, ranging from a guidance counselor who was fired after photos of her as a lingerie model from 20 years prior surfaced online to a woman whose mug shot appeared online after she was arrested defending herself against an abusive boyfriend. The group also told the FTC that Google already removes certain types of links from search results in this country (such as revenge porn), meaning it has the capability to remove other links as well.

“As clearly demonstrated by its willingness to remove links to certain information when requested in the United States, Google could easily offer the RTBF or the Right To Relevancy request option to Americans,” Consumer Watchdog wrote. “It unfairly and deceptively opts not to do so.”

The RTBF doesn’t implicate First Amendment concerns or constitute censorship, the group said, because the content remains on the Internet. The right “simply allows a person to request that links from their name to data that is inadequate, irrelevant, no longer relevant, or excessive be removed from search results,” according to the petition. “Americans deserve the same ability to make such a privacy-protecting request and have it honored.”

Further, the right isn’t automatic. “Removal won’t always happen, but the balance Google has found between privacy and the public’s right to know demonstrates Google can make the RTBF or Right To Relevancy work in the United States,” Consumer Watchdog concluded.

Meanwhile, the issue of expanding the RTBF has also come up in Europe. In July, a French regulatory authority ordered Google to remove all the links from its search pages including Google.com in the U.S. – not just the European pages. Google refused to comply and filed an appeal of the order. “We believe that no one country should have the authority to control what content someone in a second country can access,” Google’s global privacy counsel Peter Fleischer wrote on the company’s blog.

Read Consumer Watchdog’s petition to the FTC.

FTC launches new resource for identity theft victims

The FTC has launched IdentityTheft.gov, a new resource that makes it easier for identity theft victims to report and recover from the crime. A Spanish version of the site is available at RobodeIdentidad.gov.

The new website provides an interactive checklist that explains the recovery process and helps victims understand the steps that should be taken upon learning that their identity has been stolen. It also provides sample letters and other helpful resources. In addition, the site offers specialized tips for specific forms of identity theft, including medical and tax-related, and contains advice for people who have been notified that their personal information was exposed in a data breach.

Identity theft has been the top consumer complaint reported to the FTC for the past 15 years, and in 2014, the Commission received more than 330,000 complaints from consumers who were victims.

June 12th, 2015|Educational Series|

Privacy laws gain momentum in Congress

President Barack Obama has made data security a priority in recent weeks.

Speaking at the Federal Trade Commission (FTC) in January, the President announced three pieces of legislation: the Student Digital Privacy Act (which would prohibit the sale of sensitive student data for non-education purposes), the codification of the Consumer Privacy Bill of Rights issued by the White House in 2012, and the Personal Data Notification & Protection Act.

Implicating businesses across the country, the Data Notification Act would establish nationwide, uniform data breach notification rules that would preempt the existing collection of 47 different state laws. Criminal penalties for hackers would also be strengthened and companies would be required to notify consumers of a breach within 30 days.

Broader than prior proposals of federal data breach notification bills, the Act defines “sensitive personally identifiable information” to include a range of data, like an individual’s first and last name or initial and last name in combination with two other items like a home address or telephone number, birthdate, or mother’s maiden name, a Social Security number by itself, and a user name or e-mail address in combination with a password or security question answer that would permit access to an online account.

The notice provisions allow companies to inform consumers of a breach by mail, telephone, and e-mail, under certain conditions. When more than 5,000 individuals are affected in a single state, media notice is required; if more than 5,000 total individuals (regardless of residence) are impacted, the company must also notify credit reporting agencies and the federal government.

Although the bill designates the FTC as the primary enforcement agency, with the authority to promulgate rules pursuant to the law, the measure also requires the agency to coordinate with the Consumer Financial Protection Bureau (CFPB) where a data breach relates to “financial information or information associated with the provision of financial products or services.”

Some exemptions are included in the proposed bill. A business that does not access, store, or use covered data for more than 10,000 individuals during a 12-month period is exempt from the individual notice requirements. Safe harbor is also provided for companies that conduct a “risk assessment” that determines the data breach did not result in – and will not result in – harm to affected individuals. The business must notify the FTC of its “risk assessment” results and affirmatively indicate its intent to invoke the safe harbor.

A few days after he presented the proposal, President Obama reiterated his intent to pass data security measures in his State of the Union address, sending a message that he is focused on cybersecurity and privacy in the coming legislative session. Recent high-profile cyberattacks and data breaches (think Sony and Target) have also led to support from lawmakers and consumers, giving the bill momentum, but the question of its passage remains uncertain.

Learn more about Personal Data Notification & Protection Act

February 23rd, 2015|Legislation|

Background screening of independent contractors

The issue of worker misclassification is a hot topic for employers, with state and federal authorities as well as class action suits challenging whether a worker is an employee or an independent contractor. But what about the differences in background screening for independent contractors? Are they subject to the same disclosure and authorization requirements, adverse action notices, and dispute rights that apply to employees?

The answer: it depends.

While the Fair Credit Reporting Act (FCRA) doesn’t directly address independent contractors, the Federal Trade Commission (FTC) has issued two advisory opinions stating that they should be afforded the same rights as employees. The FTC also reiterated this view in its staff report published in July 2011, stating that the FCRA’s broad definition of the term “employment purposes” extends beyond traditional employment relationships. (FTC Staff Report at 32.)

The Allison Letter (a response to an inquiry from a Georgia worker named Herman L. Allison) addressed the issue in the context of a trucking company that hired drivers who owned and operated their own equipment. Characterizing the situation as a “business relationship” and not an “employment relationship,” Allison asked whether the protections of the FCRA still applied.

Taking a broad interpretation of the term “employment,” the FTC said that treating independent contractors differently than employees would hamper the goals of the FCRA. Even a homeowner who conducts a background check on a handyman or other worker hired as an independent contractor should follow the FCRA requirements, the agency wrote.

In a second letter, the FTC considered a query from Harris K. Solomon, an attorney in Florida. A client wished to conduct background checks on individuals selling its insurance products and handling title exams. Again, the agency said the checks would trigger the requirements of the FCRA.

The FTC’s advisory letters – both issued in 1998 – as well as the staff report, are advisory and non-binding on other parties. But they provide insight into how federal authorities would address the rights and protections owed to an independent contractor as the subject of a background check.

However, on the other end of the spectrum, a Wisconsin federal court judge in 2012 held that the disclosure obligations of the FCRA do not apply to independent contractor relationships. The case involved a sales rep who sued EMS Energy Marketing Service after he was terminated. The plaintiff claimed that the company failed to provide him with either the written notice of his rights or a copy of the report as required by the statute. But the court granted summary judgment for the employer, ruling that Lamson was hired as an independent contractor, not an employee, and therefore, the FCRA did not apply. The language of the statute refers only to employees and if a worker is not an employee “it necessarily follows that he or she is not covered by the FCRA,” the court wrote in Lamson v. EMS Energy Marketing Service. The court also distinguished the FTC letters as advisory opinions, adding that the “letters, in and of themselves, are of limited, if any, persuasive power.”

To read the Allison Letter, click here.

To read the Solomon Letter, click here.

December 3rd, 2014|Employment Decisions|

FTC halts high school diploma mill

As the request of the Federal Trade Commission (the “FTC”), on September 16, 2014, the U.S. District Court for the Southern District of Florida imposed a temporary restraining order to halt the business operations of Diversified Educational Resources, LLC (DER), and Motivational Management & Development Services, Ltd. (MMDS), and freeze their assets. The FTC’s lawsuit seeks a permanent injunction to stop the defendants’ deceptive practices and to return ill-gotten gains to consumers, which according to a preliminary review of bank records referenced in the lawsuit were more than $11,117,800 since January 2009.

The complaint alleges that the defendants violated the FTC Act by misrepresenting that the diplomas were valid high school equivalency credentials and that the online schools were accredited. The FTC charges that the defendants actually fabricated an accrediting body to give legitimacy to their diploma mill operation. DER and MMDS allegedly sold the diplomas since 2006 using multiple names, including jeffersonhighschoolonline.com, jeffersonhighschool.us, enterprisehighschool.us, and ehshighschool.org, which purport to describe legitimate and accredited secondary school programs such as “Jefferson High School Online” and “Enterprise High School Online.” The websites claim that consumers can become “high school graduate[s]” and obtain “official” high school diplomas by taking an online exam and paying between $200 and $300. In numerous instances, consumers who attempt to use their Jefferson or Enterprise diplomas to enroll in college, enlist in the military, or apply for jobs are rejected because of their invalid high school credentials.

September 19th, 2014|Employment Decisions, Fraud, Lawsuit|

FTC settles with 14 companies that falsely claimed participation in Safe Harbor privacy framework

On June 25, 2013, the FTC approved final orders that settle charges against 14 companies for falsely claiming to participate in the international privacy framework known as the U.S.-EU Safe Harbor, which allows U.S. companies to gather customer information in Europe and send it to the United States, beyond the EU’s legal jurisdiction, as long as certain criteria are met. Three of the companies were also charged with similar violations related to the U.S.-Swiss Safe Harbor. Under the settlements, the companies are prohibited from misrepresenting the extent to which they participate in any privacy or data security program sponsored by the government or other self-regulated or standard-setting organization. Consumers who want to know whether a U.S. company is a participant in the U.S-EU or U.S.-Swiss Safe Harbor program can check its certification at http://export.gov/safeharbor.

July 9th, 2014|Judgment|

FTC and EEOC jointly publish guides on employment-purpose background checks

The Federal Trade Commission (FTC) and the Equal Employment Opportunity Commission (EEOC) have co-published two brief guides on employment background checks that explain the rights and responsibilities of the people on both sides of the desk. See Background Checks: What Employers Need to Know and Background Checks: What Job Applicants and Employees Should Know. For employers, the guidelines cover only the basics that must be considered for procuring and using employment-purpose background checks and do not attempt to explain in detail the many compliance requirements of the Fair Credit Reporting Act, and analogous state and municipal consumer reporting laws, regulations, codes and statutes.

March 29th, 2014|Employment Decisions|

Identity theft remains on top of FTC’s national complaints list

Identity theft continues to top the FTC’s national ranking of consumer complaints, with American consumers reported as losing over $1.6 billion to overall fraud in 2013, according to its annual report released last month. The FTC received more than two million complaints overall, of which 290,056 or 14%, involved identity theft. Thirty percent of these were tax or wage-related, which continues to be the largest category within identity theft complaints. Debt collection followed identity theft with 204,644 or 10% of total complaints, and banking and lending was number three with 152,707 or 7%.

Florida was noted as the state with the highest per capita rate of reported identity theft and fraud complaints, followed by Georgia and California for identity theft complaints, and Nevada and Georgia for fraud and other complaints.

March 28th, 2014|Educational Series, Fraud|

Scrutiny of predictive scoring products is on the FTC’s agenda in 2014

According to the Federal Trade Commission (‘the “FTC”) and media reports, companies are using predictive scoring for a variety of purposes, ranging from identity verification and fraud prevention to marketing and advertising. The scores, are touted to predict, for example, the likelihood that a person has committed identity fraud or that a certain transaction will result in fraud; the credit risk associated with mortgage loan applications; whether contacting a consumer by mail or phone will lead to successful debt collection; or whether sending a catalog to a certain address will result in an in-store or online purchase.

Consumers are largely unaware of these scores, and have little or no access to the underlying data. As a result, predictive scoring products raise a variety of privacy concerns and questions that the FTC intends to explore. Among the issues, are what consumer protections exist or should be provided, and whether certain scores are considered eligibility determinants that fall under the ambit of the Fair Credit Reporting Act.

December 9th, 2013|Educational Series, Fraud|
Go to Top