Peer to peer file-sharing software may allow you to play games, share music, videos, and documents, but the Federal Trade Commission says you may be sharing more than you think. The FTC reached settlements with a debt collector and an auto dealer for illegally exposing customer private information by installing peer to peer (P2P) software on corporate networks.
Installing this type of software can put information including health and financial records, driver’s license, and social security numbers at risk.
“Files shared to a P2P network are available for viewing or downloading by any computer user with access to the network. Generally, a file that has been shared cannot be permanently removed from the P2P network. In addition, files can be shared among computers long after they have been deleted from the original source computer,” the FTC wrote in a press release.
Companies that settled with the FTC included EPN, Inc., a Provo, Utah-based debt collector that worked for healthcare providers, commercial credit organizations, and retailers. EPN’s chief operating officer allegedly installed P2P software on the company’s network, thereby exposing sensitive information of more than 3,800 hospital patients to any computer connected to the P2P network. The company’s failure to establish adequate security measures, employee training, and enforcement of security policies violated federal law.
The FTC also settled with a Statesboro, Georgia, auto dealer known as Franklin’s Budget Car Sales and Franklin Toyota/Scion, that also installed P2P software on its computers, making 95,000 customers’ financial information, Social Security numbers, dates of birth, and other information available to a P2P network.
The settlements bar the companies from making misrepresentations about the privacy, security, confidentiality, and integrity of personal information collected from consumers, and require each company to establish and maintain security measures to protect consumer information.
-Follow Elise RambaudMarrion, @emarrion_cmn.