Privacy & Information Security Law Blog

On July 5, 2017, the FTC announced that Blue Global Media, LLC (“Blue Global”) agreed to settle charges that it misled consumers into filling out loan applications and then sold those applications, including sensitive personal information contained therein, to other entities without verifying how consumers’ information would be used or whether it would remain secure. According to the FTC’s complaint, Blue Global claimed it would connect loan applicants to lenders from its network of over 100 lenders in an effort to offer applicants the best terms. In reality, Blue Global “sold very few of the loan applications to lenders; did not match applications based on loan rates or terms; and sold the loan applications to the first buyer willing to pay for them.” The FTC alleged that, contrary to Blue Global’s representations, the company provided consumers’ sensitive information—including SSN and bank account number—to buyers without consumers’ knowledge or consent. The FTC further alleged that, upon receiving complaints from consumers that their personal information was being misused, Blue Global failed to investigate or take action to prevent harm to consumers.

The terms of the settlement prohibit Blue Global from misrepresenting (1) its ability to assist consumers in obtaining loans with favorable rates and terms; (2) that it will protect and secure consumers’ personal information and (3) the types of businesses with which Blue Global shares consumers’ personal information. The settlement further requires Blue Global to “investigate and verify the identity of businesses to which they disclose consumers’ sensitive information” and to obtain consumers’ informed consent for these disclosures. The settlement also includes a judgment for more than $104 million, suspended due to Blue Global’s inability to pay.