|
Real Estate Broker Fined $35,000 for Data Protection Failures
|
|
Rating: 0 user(s) have rated this article
Posted by: jdsperanza,
on 2/6/2010,
in category "random musings"
Views: this article has been read 220 times
Location: Hopkinton, MA
Abstract: As a timely post-script to our most recent article on the latest Massachusetts Regulations mandating business owners to safeguard customer and employee data, here's a reminder that there are plenty of existing laws on the books that can lead to the same kind of troubles if you're not paying attention to this stuff.
Last month the Federal Trade Commission finalized a $35,000 settlement with Gregory Navone, a small real estate broker who threw 40 boxes of customer tax returns, bank statements, consumer reports and other financial records into a dumpster located behind an office building in Las Vegas. Despite what the ads say, this just goes to show you that what happens in Vegas doesn't always stay in Vegas.
In resolving this complaint, Navone agreed to the fine (approximately $875 per box) and committed to adopting a comprehensive "written information security program." For those of you who read our last article on the Massachusetts Data Protection Regulations going into effect on March 1, this should sound really familiar.
There's a lot more to learn from this case, however, than simply noting we shouldn't be as foolish in our dumpster habits as was Navone. The FTC's investigation of Navone extended deep into his business operations, uncovering many additional violations of the law:
- he failed to implement physical and electronic security procedures over sensitive customer data, and
- he failed to take reasonable steps to secure customer records stored in his home's garage.
Once again, readers of our last article should easily recognize the similarities with the latest Massachusetts regulations. Although Navone's problems arose under several federal regulations (the FTC and Federal Credit Reporting Acts), the requirements are very similar. It's also especially interesting that the FTC's claims also encompassed Navone's failure to comply with his own customer policies, which read in part:
We take our responsibility to protect the privacy and confidentiality of customer information very seriously. We maintain physical, electronic, and procedural safeguards that comply with federal standards to store and secure information about you from unauthorized access, alteration and destruction.
If I were in Vegas right now, I'd consider it pretty safe to bet that Massachusetts regulators will take a similar approach with the enforcement of its laws. Navone either consciously ignored his obligations under the law, or believed he was such a small operator that his lack of compliance would never be discovered. Like so many who gamble in Vegas, he lost.
If you're operating a business in Massachusetts, I encourage you to avoid acting like Navone - especially if you can't afford to lose $35,000 or more (plus the cost of hiring an attorney) in making your bet.
Jack Speranza is an attorney, software engineer and entrepreneur. For 15 years he has helped his companies and clients strike the right balance between risk and reward by weaving good business, good technology and good law into new services and operations.
Comment on this article by visiting our blog at Wordpress :: http://mainstreetventures.wordpress.com/2010/02/06/real-estate-broker-fined-35000-for-data-protection-failures/
How would you rate this article?