Last week the Federal Trade Commission and JB Nutter agreed to a consent to resolve charges that the company violated federal law by failing to provide reasonable security for consumers’ sensitive information said a statement from the FTC.
The Commission’s complaint alleges that beginning in 2004, Nutter engaged in a number of practices that taken together failed to provide reasonable and appropriate security for sensitive consumer information, in violation of the FTC’s Safeguards Rule. In addition, the complaint alleges that the company violated the FTC’s Privacy Rule by failing to provide privacy notices and, later, providing notices that were inaccurate.
To settle the charges, JB Nutter has agreed to a proposed order that would require it to establish and maintain a comprehensive data security program covering consumers’ personal information, and to hire an independent auditor to assess its security procedures every two years for 10 years, and to certify that these procedures comply with the proposed order. The proposed order also bars JBN from violating the agency’s Safeguards and Privacy Rules.
Update: According to a statement JB Nutter sent to RMD, the FTC review began after a minor flaw was discovered in the industry-standard software purchased by Nutter. “These issues were technical in nature and did not involve any incident where personal financial information was improperly obtained,” said James B. Nutter, Jr., President of James B. Nutter & Company.
Nutter added, “We are proud of our exemplary history of maintaining the highest ethical business standards for our customers. It is on behalf of our valued customers that we avoided subprime loans and junk fees, and have committed ourselves to being at the forefront of data security compliance for years to come.”