In its complaints against the businesses, the FTC alleged that they illegally exposed sensitive consumer information by allowing P2P file-sharing software to be installed on their corporate computer systems.
The FTC warned that that P2P software can pose significant data security risks by exposing sensitive consumer data, including health-related information, financial records, and driver's license and social security numbers. Files shared to a P2P network are available for viewing or downloading by any computer user with access to the network.
In its complaint against EPN, a healthcare debt collector based in Provo, Utah, the FTC alleged that the company’s chief operating officer installed P2P file-sharing software on its computer system, causing social security numbers, health insurance numbers, and medical diagnosis codes of 3,800 hospital patients to be made available to any computer connected to the P2P network.
In a separate complaint against Franklin’s Budget Car Sales, an auto dealer based in Statesboro, Ga., the FTC alleged that the dealer compromised personal information of 95,000 consumers by allowing P2P software to be installed on its network. The information exposed included names, addresses, social security numbers, dates of birth, and driver’s license numbers.
The FTC reached settlements with the two companies, barring them from misrepresentations about their privacy, security, confidentiality, and integrity of personal information. The two companies also agreed to establish and maintain comprehensive information security programs.