A Web analytics company recently settled FTC charges that it deceptively collected consumers’ personal information.
The FTC charged that Compete failed to prevent the collection of sensitive consumer data such as credit card numbers, passwords, and Social Security numbers. Furthermore, the FTC claimed that Compete transmitted the information in clear text to its servers and failed to take adequate security precautions. The FTC alleged that Compete violated Section 5 of the FTC Act, which prohibits unfair and deceptive trade acts.
The proposed settlement, which the FTC announced earlier this week, requires Compete to receive express consent before collecting consumers’ data, and it bars the company from misrepresenting its privacy and data security practices. Compete has agreed to anonymize or delete the consumer data that it already has gathered. The settlement also requires Compete to adopt a comprehensive information security program with third-party audits every two years for 20 years. The FTC did not state whether Compete has agreed to pay a fine. The proposed settlement is subject to public comment through November 19, and the FTC plans to provide more information about the agreement in the Federal Register shortly.