Privacy & Information Security Law Blog

As reported on our Hunton Retail Law Resource blog, on January 7, 2020, the Federal Trade Commission announced a settlement with Mortgage Solutions FCS, Inc., d/b/a Mount Diablo Lending, and its sole principal, Ramon Walker, to resolve allegations that the lender violated the FTC Act, the Fair Credit Reporting Act (“FCRA”) and the Gramm-Leach-Bliley (“GLB”) Act, by improperly disseminating consumers’ personal information on Yelp in response to consumers’ negative reviews posted to that site.

In its complaint, the FTC alleges that Walker posted on Yelp responses that included customers’ nonpublic and personal financial information—their credit histories, debt-to-income ratios, taxes, health, sources of income, family relationships and other personal information, and in some instances, their names—in violation of the mortgage broker’s notice and disclosure obligations under Regulation P of the GLB Act, and which further constitute an impermissible use of a consumer report under the FCRA. Under the terms of the settlement, Walker and Mount Diablo will pay a $120,000 civil penalty, and must not misrepresent their privacy and data security practices, misuse credit reports or improperly disclose personal information to third parties. They also are required to implement a comprehensive data security program and obtain biannual third-party assessments of this program. The defendants must designate a senior corporate manager responsible for overseeing compliance with the FTC’s order.