Upromise settles with FTC over data collection charges

Share this article:
Upromise agreed to settle with the Federal Trade Commission (FTC) over charges that the Sallie Mae-owned rewards program collected consumers' personal information “without adequately disclosing the extent of the information it is collecting,” the federal agency said on Jan. 5.

Upromise collected consumers' personal information via its TurboSaver Toolbar, a browser add-on for Upromise members that augments search results with savings offers from participating retailers, according to the FTC. The organization alleged that, when the toolbar's “Personalized Offers” feature was enabled, Upromise collected data related to consumers' browsing behavior, such as names of sites visited, links clicked, search queries, user names and passwords.

“In some cases, the information collected included credit card and financial account numbers, user names and passwords used to access secured websites, security codes and expiration dates, and any Social Security numbers consumers entered into the webpages,” the FTC said in a statement.

The FTC noted that the information was transmitted without encryption, violating the toolbar's privacy statement which states that “all information collected in connection with the Personalized Offers” feature is transmitted using encryption.

"Upromise's failure to disclose the extent of information collected by the toolbar, and its claims that it encrypted consumer data and took reasonable measures to protect data from unauthorized access, were deceptive and violated federal law. The FTC also charged that Upromise's failure to take reasonable and appropriate measures to protect consumers' data was an unfair practice," the FTC said in its complaint.

Upromise emailed the following statement to Direct Marketing News: “Two years ago, we learned that an issue with a vendor's software created the potential for inadvertent data access that could have affected approximately one percent of our members.   Our members' privacy is extremely important to us, and we took immediate action to resolve the issue.  There was no evidence of any misuse of data.  We have fully cooperated with the FTC and have addressed their concerns.”

Per the settlement agreement, Upromise is required to “clearly disclose its data collection practices,” receive consumer consent before installing or reactivating the toolbar and inform consumers how to uninstall the toolbar. Upromise must also destroy data collected through the “Personalized Offers” feature and notify consumers who had enabled the feature about the type of information collected and how to disable it.

Echoing the FTC's recent settlements with Google and Facebook over privacy violations,

Upromisemust create a comprehensive security program to be audited by an independent agency every two years for the next 20 years.

Share this article:
close

Next Article in Digital Marketing

Follow us on Twitter @dmnews

Latest Jobs:

Featured Listings

More in Digital Marketing

News Byte: CX Scores to Take Their Place Beside Price Listings

News Byte: CX Scores to Take Their Place ...

E-commerce aggregator PriceGrabber will begin offsetting price info with service expectations.

Data Byte: Interactive Ad Revenues Exceeding TV for the First Time

Data Byte: Interactive Ad Revenues Exceeding TV for ...

At nearly $43 billion, interactive advertising revenues exceeded broadcast for the first time in 2013.

Marketers: Data Rich and Knowledge Poor

Marketers: Data Rich and Knowledge Poor

While advertisers have become incredibly data-savvy, the most difficult challenge remains causally linking that data to outcomes that really matter.