A Federal Trade Commission settlement with a California mortgage broker who posted personal information about consumers on Yelp after they posted negative reviews of his services is a cautionary tale to businesses, which should never publicly disclose clients’ personal information.
According to a Department of Justice complaint filed on behalf of the FTC, mortgage broker Ramon Walker, owner of Mount Diablo Lending, responded to negative Yelp reviews by posting information about customers’ health, taxes, credit history, sources of income and family relationships. In some cases, he posted their first and last names.
In one response, Walker wrote, “The high debt-to-income ratio was caused by this borrower cosigning on multiple mortgages for his children. The borrower was also self-employed and took high deductions from his business.”
The DOJ argued that Walker and his company violated the Fair Credit Reporting Act, the FTC Act and the Gramm-Leach-Bliley Act by not implementing an information security program until September 2017 and not testing the program once it was implemented.
Under the settlement, Walker and his company agreed to pay a $120,000 penalty for the FCRA violations. The proposed order requires the defendants to implement a comprehensive data security program to protect clients’ personal information, and it requires the company to conduct third-party assessments of the information security program every two years. It also must designate a senior corporate manager to oversee the program, certifying compliance with the order each year.