According to a Federal Trade Commission (FTC) complaint filed in December 2008, Gregory Navone, a mortgage broker from Las Vegas improperly disposed of about 40 boxes of sensitive consumer records collected by companies he had owned, including tax returns, mortgage applications, bank statements, photocopies of credit cards and drivers’ licenses, and at least 230 credit reports. In addition, two mortgage brokerage companies he previously owned, First Interstate Mortgage Corporation and Nevada One Corporation, failed to provide reasonable and appropriate security for sensitive consumer information, despite promising they would do so. The FTC charged Navone with failing to take reasonable measures to protect credit report information from unauthorized access during its disposal, in violation of the Fair Credit Reporting Act (FCRA) and the FTC’s Disposal Rule. The complaint also charged him with violations of the FTC Act for his companies’ misrepresentations about their data security practices. In addition to imposing a $35,000 penalty, the settlement order bars Navone from misrepresenting measures taken to protect sensitive consumer information and failing to take reasonable measures to protect credit report information during its disposal. The order also requires Navone to employ a comprehensive information security program for sensitive consumer information, and to hire an independent, third-party security professional to review the program every year for 10 years to ensure that it meets or exceeds the order’s requirements. Click here for more information on the FTC vs. Gregory Navone case. For more information, visit www.ftc.gov.
About the author