April 29, 2020

The Diablo Is in the Customer's Private Details

Andrea S. Cottrell

A recent complaint filed by the Federal Trade Commission serves as a perfect illustration of why one should not fire off a response to something on social media when angry. The diablo (Spanish for devil) in this article's title is a mortgage broker, Mortgage Solutions FCS, Inc., dba Mount Diablo Lending, that took offense to unflattering Yelp reviews. The details are the personal tidbits about the broker's customers that the broker plastered all over Yelp. As one might expect, the FTC took issue with the broker's privacy violation-filled tirade and brought an enforcement action.

According to the FTC's complaint, Ramon Walker, as owner and sole officer of the broker, had access to a bevy of personal financial information and consumer credit reports. Unfortunately for the consumers who trusted him with their information, Walker used that information against them in a very public way.

The FTC alleged that Walker posted personal information about his customers in response to Yelp reviews he did not like. Walker's Yelp responses oftentimes included consumers' first and last names. One response stated: "I know you feel entitled to the funds from your mother's house as you clearly stated to me but unfortunately that is not the way the law works and there is nothing my company can do about it." Another one overshared: "The high debt to income ratio was caused by this borrower cosigning on multiple mortgages for his children."

The FTC's complaint against the broker and Walker alleged violations of Section 5 of the FTC Act, the Fair Credit Reporting Act, Regulation P, and the Safeguards Rule, all of which protect consumers and their information. FTC Bureau of Consumer Protection Director Andrew Smith stated in the press release announcing the settlement with the defendants, "Companies that use credit reports and scores have a legal obligation to keep that information confidential. They should not disclose that information to third parties without a legitimate reason to do so, and they certainly should not post that information on the Internet to embarrass or punish consumers, as happened here."

Smith probably felt like a parent explaining to a child that even if her brother says something she doesn't like, she is not allowed to hit him in the head with a toy. Alas, both the toy-wielding child and the defendants surely knew better.

In the end, the defendants paid $120,000 to settle the allegations and must implement a comprehensive data security program.

These defendants' actions highlight the need to check yourself when posting online. Before you fire off a response to an online complaint or review, ask someone else to read it first. Better yet, have social media policies and procedures in place to ensure this never happens to your business.

Hudson Cook, LLP, provides articles, webinars and other content on its website from time to time provided both by attorneys with Hudson Cook, LLP, and by other outside authors, for information purposes only. Hudson Cook, LLP, does not warrant the accuracy or completeness of the content, and has no duty to correct or update information contained on its website. The views and opinions contained in the content provided on the Hudson Cook, LLP, website do not constitute the views and opinion of the firm. Such content does not constitute legal advice from such authors or from Hudson Cook, LLP. For legal advice on a matter, one should seek the advice of counsel.