Upromise settles with FTC over data collection charges

Share this article:
Upromise agreed to settle with the Federal Trade Commission (FTC) over charges that the Sallie Mae-owned rewards program collected consumers' personal information “without adequately disclosing the extent of the information it is collecting,” the federal agency said on Jan. 5.

Upromise collected consumers' personal information via its TurboSaver Toolbar, a browser add-on for Upromise members that augments search results with savings offers from participating retailers, according to the FTC. The organization alleged that, when the toolbar's “Personalized Offers” feature was enabled, Upromise collected data related to consumers' browsing behavior, such as names of sites visited, links clicked, search queries, user names and passwords.

“In some cases, the information collected included credit card and financial account numbers, user names and passwords used to access secured websites, security codes and expiration dates, and any Social Security numbers consumers entered into the webpages,” the FTC said in a statement.

The FTC noted that the information was transmitted without encryption, violating the toolbar's privacy statement which states that “all information collected in connection with the Personalized Offers” feature is transmitted using encryption.

"Upromise's failure to disclose the extent of information collected by the toolbar, and its claims that it encrypted consumer data and took reasonable measures to protect data from unauthorized access, were deceptive and violated federal law. The FTC also charged that Upromise's failure to take reasonable and appropriate measures to protect consumers' data was an unfair practice," the FTC said in its complaint.

Upromise emailed the following statement to Direct Marketing News: “Two years ago, we learned that an issue with a vendor's software created the potential for inadvertent data access that could have affected approximately one percent of our members.   Our members' privacy is extremely important to us, and we took immediate action to resolve the issue.  There was no evidence of any misuse of data.  We have fully cooperated with the FTC and have addressed their concerns.”

Per the settlement agreement, Upromise is required to “clearly disclose its data collection practices,” receive consumer consent before installing or reactivating the toolbar and inform consumers how to uninstall the toolbar. Upromise must also destroy data collected through the “Personalized Offers” feature and notify consumers who had enabled the feature about the type of information collected and how to disable it.

Echoing the FTC's recent settlements with Google and Facebook over privacy violations,

Upromisemust create a comprehensive security program to be audited by an independent agency every two years for the next 20 years.

Share this article:
You must be a registered member of Direct Marketing News to post a comment.

Next Article in Digital Marketing

Follow us on Twitter @dmnews

Latest Jobs:

Featured Listings

More in Digital Marketing

How Amazon Ads Might Change the Game

How Amazon Ads Might Change the Game

Will the Great Recommender introduce "pretargeting" to the menu? Is it destined to become the King of Conversion? Or will its ad business simply settle in between Google's and Facebook's?

Less Than Half of Marketers Say the C-Suite "Gets" Digital

Less Than Half of Marketers Say the C-Suite ...

The long road to digital marketing leadership starts with organizational alignment, a study finds.

Candidates Hook Into Twitter

Candidates Hook Into Twitter

A digital agency for politicians puts the power of presidential electioneering into the hands of Congressional campaigns.