Privacy & Cybersecurity Law Blog

On February 5, 2015, the Federal Trade Commission sent a letter to the Consumer Financial Protection Bureau (“CFPB”) summarizing the agency’s efforts in the debt collection arena in 2014. The letter is intended to assist the CFPB with preparing its annual report to Congress on the enforcement of the Fair Debt Collection Practices Act, which must be submitted pursuant to the Dodd-Frank Wall Street Reform and Consumer Protection Act. The FTC’s debt collection program involves three initiatives: (1) law enforcement, (2) education and public outreach, and (3) research and policy.

The letter highlights that one of the FTC’s main focuses in 2014 was the security of consumer data in the buying and selling of debts. In the letter, the FTC summarizes its enforcement efforts involving consumer data integrity in the debt collection industry. In 2014, the FTC brought two separate cases against debt sellers that allegedly posted the sensitive personal information of over 70,000 consumers on a public website in connection with soliciting portfolios of past-due payday loan, credit card and other purported debt. Both cases have resulted in the issuance of preliminary injunctions requiring the defendants to remove the consumers’ information from the public website, adopt appropriate data security safeguards, and notify the affected consumers.