Estimated read time: 2-3 minutes
This archived news story is available only for your personal, non-commercial use. Information in the story may be outdated or superseded by additional information. Reading or replaying the story in its archived form does not constitute a republication of the story.
PROVO — EPN Inc., a debt collector doing business as Checknet Inc., has settled charges brought by the F ederal Trade Commission that it exposed sensitive information on its computers and networks to security risks by failing to implement reasonable security measures.
In a complaint filed by the FTC, Checknet allegedly failed to assess potential risks to consumer information it stored, did not adequately train employees and did not use reasonable measures to enforce compliance with its internal security policies.
Among the alleged violations was that Checknet failed to scan its own networks to identify any operational P2P file-sharing applications.
According to the FTC, the failure to implement reasonable and appropriate data security measures was an unfair practice that violated federal law. As a result, EPN's chief operating officer was able to install P2P file- sharing software on the EPN computer system, causing sensitive information — including Social Security numbers, health insurance numbers and medical diagnosis codes of 3,800 hospital patients — to be made available to any computer connected to the P2P network.
Checknet clients have included health care providers, commercial credit organizations and retailers.
The settlement order bars misrepresentations about the privacy, security, confidentiality and integrity of any personal information. It requires Checknet to establish and maintain a comprehensive information security program.
Checknet must also undergo data security audits by independent auditors every other year for a period of 20 years.
P2P technology can be used in a variety of ways, including playing games, making online telephone calls, and — through P2P file-sharing software — sharing music, video and documents. It can also pose data security risks.
A study conducted in 2010 by the Federal Trade Commission of P2P-related breaches alleges a wide range of sensitive consumer data — health-related information, financial records and driver's license and Social Security numbers — available on P2P networks.
Files shared to a P2P network are available for viewing or downloading by any computer user with access to the network. Generally, a file that has been shared cannot be permanently removed from the P2P network. Files can also be shared among computers long after they have been deleted from the original source computer.
Bill Lewis is the principal of William E. Lewis Jr. & Associates and host of "The Credit Report with Bill Lewis" — a daily forum for business and financial news, politics, economic trends and issues on AM 740 WSBR in south Florida.
