Upromise settles with FTC over data collection charges

Share this content:
Upromise agreed to settle with the Federal Trade Commission (FTC) over charges that the Sallie Mae-owned rewards program collected consumers' personal information “without adequately disclosing the extent of the information it is collecting,” the federal agency said on Jan. 5.

Upromise collected consumers' personal information via its TurboSaver Toolbar, a browser add-on for Upromise members that augments search results with savings offers from participating retailers, according to the FTC. The organization alleged that, when the toolbar's “Personalized Offers” feature was enabled, Upromise collected data related to consumers' browsing behavior, such as names of sites visited, links clicked, search queries, user names and passwords.

“In some cases, the information collected included credit card and financial account numbers, user names and passwords used to access secured websites, security codes and expiration dates, and any Social Security numbers consumers entered into the webpages,” the FTC said in a statement.

The FTC noted that the information was transmitted without encryption, violating the toolbar's privacy statement which states that “all information collected in connection with the Personalized Offers” feature is transmitted using encryption.

"Upromise's failure to disclose the extent of information collected by the toolbar, and its claims that it encrypted consumer data and took reasonable measures to protect data from unauthorized access, were deceptive and violated federal law. The FTC also charged that Upromise's failure to take reasonable and appropriate measures to protect consumers' data was an unfair practice," the FTC said in its complaint.

Upromise emailed the following statement to Direct Marketing News: “Two years ago, we learned that an issue with a vendor's software created the potential for inadvertent data access that could have affected approximately one percent of our members.   Our members' privacy is extremely important to us, and we took immediate action to resolve the issue.  There was no evidence of any misuse of data.  We have fully cooperated with the FTC and have addressed their concerns.”

Per the settlement agreement, Upromise is required to “clearly disclose its data collection practices,” receive consumer consent before installing or reactivating the toolbar and inform consumers how to uninstall the toolbar. Upromise must also destroy data collected through the “Personalized Offers” feature and notify consumers who had enabled the feature about the type of information collected and how to disable it.

Echoing the FTC's recent settlements with Google and Facebook over privacy violations,

Upromisemust create a comprehensive security program to be audited by an independent agency every two years for the next 20 years.

Sign up to our newsletters

Company of the Week

Since 1985, Melissa has helped thousands of companies clean, correct and complete contact data to better target and communicate with their customers. We offer a full spectrum of data quality solutions, including global address, phone, email, and name validation, identify verification - available for batch or real-time processes, in the Cloud or on-premise. Our service bureau provides dedupe, email/phone append and geographic/demographic append services for better targeting and insight. For direct mailers, Melissa offers easy-to-use address management/postal software, list hygiene services and 100s of specialty mailing lists - all with competitive pricing and excellent customer service.

Find out more here »

Career Center

Check out hundreds of exciting professional opportunities available on DMN's Career Center.  
Explore careers in digital marketing, sales, eCommerce, marketing communications, IT, data strategies, and much more. And don't forget to update your resume so employers can contact you privately about job opportunities.

>>Click Here

Relive the 2017 Marketing Hall of Femme

Click the image above