FTC, CartManager Settle on Data Release

An Internet company that provides shopping cart software to thousands of
online businesses agreed Thursday to settle Federal Trade Commission (FTC) charges that it rented personal consumer information to marketers despite several promises from merchants to consumers that it wouldn’t.

CartManager International, a Utah-based software company, collected the
personal data of nearly one million people and turned around and rented the
data without their consent to marketers, according to the FTC.

The settlement requires CartManager to give up the $9,101.63 it made by
selling the information and ensure that consumers receive a clear and
conspicuous notice before their personal information is disclosed to other
companies, said the FTC.

The commission will also monitor the company to make sure it remains in
compliance with the regulations.

Repeated calls to the company’s headquarters were not returned.

Many merchants that use CartManager’s shopping cart and checkout services
had made privacy pledges to their customers, some as strong as “PRIVACY
POLICY: It’s simple. We don’t sell, trade or lend any information on our
customers or visitors to anyone”, according to the FTC.

The FTC said the online merchants were not aware of CartManager’s
practices.

“Companies and service providers must make sure that their privacy
policies are in sync,” Lydia Parnes, acting director of the FTC’s Bureau of
Consumer Protection, said in a written statement.

Information requests asking consumers to provide their names, addresses,
phone numbers, e-mail addresses and credit card numbers are standard to most shopping cart services. However, customers usually don’t expect that information to be sold to other vendors.

With the CartManager software, pages are designed to look like the
merchant’s Web Site, but they are actually located on the CartManager site,
said the FTC.

“A service provider cannot secretly collect and rent consumers’ personal
information, contrary to a merchant’s privacy policy,” Parnes said. “At the
same time, merchants have an obligation to know what their service providers
are doing with consumers’ personal information.”

The FTC said that CartManager did not inform consumers or merchants that
it was also collecting the data for the purpose of selling it.

This latest data breach joins a steadily growing list of personal
information scandals that have pushed the issue of protecting data into the
American mainstream.

As previously reported by internetnews.com, a breakdown
in protecting information at ChoicePoint prompted Congress to take special action.

“New technologies, new private-public domestic security partnerships, and
the rapid rise of giant information brokers that collect and sell personal
information about each and every American have all combined to produce
powerful new threats to privacy,” Vermont Democratic Sen. Patrick Leahy said in a statement at the time of the ChoicePoint scandal. “It’s time to turn some
sunshine on these developments so the public can understand how and why
their personal information is being used.”

The settlement also bars the company from using personal data already
collected.

News Around the Web