January 22, 2009
The Federal Trade Commission has charged a mortgage broker with discarding consumers' tax returns, credit reports, and other sensitive personal and financial information in an unsecured dumpster, in violation of federal law.
According to the FTC, in December 2006, approximately 40 boxes containing consumer records were found in a publicly-accessible dumpster. The records included tax returns, mortgage applications, bank statements, photocopies of credit cards and drivers' licenses, and at least 230 credit reports.
The agency says that Gregory Navone of Las Vegas, who has owned numerous companies that handle sensitive consumer information, kept the documents in an insecure manner in his garage before improperly disposing of them.
As charged in the FTC's complaint, the defendant has failed to implement and monitor policies and procedures requiring secure disposal of credit reports; ensure that employees or third parties assigned to transport such documents for disposal are qualified to do so and have received appropriate guidance or training; alert employees or third parties to such documents' sensitive nature or instruct them to take precautions; and oversee the transport of such documents for disposal, or otherwise confirm that the documents are disposed of in a way that ensures that they cannot practicably be read or reconstructed.
The complaint also alleges that the defendant provided customers of two mortgage brokerage companies that he owned — First Interstate Mortgage Corporation and Nevada One Corporation — with a written statement claiming that the companies maintained "physical, electronic, and procedural safeguards that comply with federal standards to store and secure information about you from unauthorized access, alteration and destruction."
Navone is charged with violating the Fair Credit Reporting Act and the rule regarding Disposal of Consumer Report Information and Records by failing to take reasonable measures to protect consumer information derived from consumer reports against unauthorized access in connection with its disposal. He is also charged with violating the FTC Act by falsely representing that FIM and Nevada One implemented reasonable and appropriate measures to protect sensitive consumer information from unauthorized access, and that the companies contractually required service providers to safeguard customers' information and use it only to provide services for FIM and Nevada One.