By Brian Ryoo

The Federal Trade Commission (“FTC”) reached separate settlements with two companies it had accused of exposing sensitive personal information through peer-to-peer (“P2P”) file-sharing software installed on their corporate networks.  The complaints filed against the companies alleged that the companies failed to have in place adequate information security policies and procedures, risk assessment protocols, employee training, or other internal compliance measures.

  • According to the complaint filed against EPN, Inc., which provides debt collection services, EPN’s failure to implement reasonable network security measures allowed its Chief Operating Officer to install P2P file-sharing software on the corporate computer system.  According to the Commission, as a result, any computer connected to the P2P network could access to sensitive information, including Social Security Numbers, health insurance numbers, and the medical diagnosis codes of 3,800 hospital patients.
  • The FTC’s complaint against Franklin’s Budget Car Sales, a car dealership that also provides financing services, alleged that file-sharing software installed on the company’s network had exposed sensitive information―including names, addresses, Social Security Numbers, dates of birth, and driver’s license numbers―belonging to 95,000 customers. 

The Franklin complaint is the FTC’s first action involving an automobile dealer charged with violations of the Gramm-Leach-Bliley Act.   Both actions involved violations of Section 5 of the FTC Act.  The settlement agreements bar misrepresentation about the company’s privacy and information security practices, require the businesses to maintain comprehensive information security programs, and require the companies to undergo periodic data security audits by independent auditors.  

These settlements come on the heels of the FTC’s 2010 report on the dangers of P2P file-sharing.  In that report, the Commission found that a “wide range of sensitive consumer data was available on P2P networks.” 

Tags: File-Sharing, GLBA, Information Security, P2P, Peer-To-Peer, Section 5
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Libbie Canter Libbie Canter

Libbie Canter represents a wide variety of multinational companies on managing privacy, cyber security, and artificial intelligence risks, including helping clients with their most complex privacy challenges and the development of governance frameworks and processes to comply with U.S. and global privacy laws.

Libbie Canter represents a wide variety of multinational companies on managing privacy, cyber security, and artificial intelligence risks, including helping clients with their most complex privacy challenges and the development of governance frameworks and processes to comply with U.S. and global privacy laws. She routinely supports clients on their efforts to launch new products and services involving emerging technologies, and she has assisted dozens of clients with their efforts to prepare for and comply with federal and state laws, including the California Consumer Privacy Act, the Colorado AI Act, and other state laws. As part of her practice, she also regularly represents clients in strategic transactions involving personal data, cybersecurity, and artificial intelligence risk and represents clients in enforcement and litigation postures.

Libbie represents clients across industries, but she also has deep expertise in advising clients in highly-regulated sectors, including financial services and digital health companies. She counsels these companies — and their technology and advertising partners — on how to address legacy regulatory issues and the cutting edge issues that have emerged with industry innovations and data collaborations. 

Chambers USA 2024 ranks Libbie in Band 3 Nationwide for both Privacy & Data Security: Privacy and Privacy & Data Security: Healthcare. Chambers USA notes, Libbie is “incredibly sharp and really thorough. She can do the nitty-gritty, in-the-weeds legal work incredibly well but she also can think of a bigger-picture business context and help to think through practical solutions.”

Read more about Libbie CanterEmail
Show more Show less