WASHINGTON, D.C. — The Federal Trade Commission recently gave final approval to a settlement with a mortgage industry data analytics firm that will require the company to bolster its data security protections and oversight of its vendors to ensure third-party providers are also complying with those safeguards.
In a complaint first announced in December 2020, the FTC alleged that Texas-based Ascension Data & Analytics, LLC violated the Gramm-Leach Bliley Act’s Safeguards Rule, which requires financial institutions to develop, implement, and maintain a comprehensive information security program and ensure third-party vendors are capable of implementing and maintaining appropriate safeguards for customer information. The FTC alleged that Ascension failed to do this.
The FTC alleged that a vendor Ascension hired to perform text recognition scanning on mortgage documents stored the contents of the documents—which included names, dates of birth, Social Security numbers and other personal information—on a cloud-based server in plain text, without any protections to block unauthorized access, such as requiring a password. As a result, the server with the mortgage information was accessed dozens of times.
After receiving one comment on the settlement, which also was announced in December 2020, the Commission voted 2-1-1 to finalize the settlement and to send a response to the commenter.
Chair Lina M. Khan did not participate. Commissioner Rebecca Kelly Slaughter voted no and issued a dissenting statement.
Thanks for visiting! MyChesCo brings reliable information and resources to Chester County, Pennsylvania. Please consider supporting us in our efforts. Your generous donation will help us continue this work and keep it free of charge. Show your support today by clicking here and becoming a patron.