Private eyes: Lessons from the rent-to-own webcam cases

The charges outlined in the FTC’s lawsuits against a software business and seven rent-to-own companies are surprising — and OK, some might say a little creepy.  Software on rented computers gave the companies the ability to hit the kill switch if people were behind on their payments.  But according to the complaints, it also let them collect sensitive personal information, grab screen shots, and take webcam photos of people in their homes.

We hope no one else has cameras secretly poised on their customers.  (Although if you do, cut it out right now. Really.)  But the proposed settlements in the rent-to-own cases offer thought-provoking discussion fodder when evaluating your company’s policies and practices.

Check-up from the tech up.  Now’s a good time to reconsider the information you collect from your customers and what you do with it after that.  Absent a legitimate business reason, it’s best not to compile sensitive data in the first place.  Collect only what you need, keep it safe, dispose of it securely when you’re through, and be transparent with your customers about your practices.  Even if you have a good reason for collecting data, consider whether there are less intrusive options that would still serve your business’s interests and pose less of a privacy risk.  Convinced you’re not collecting anything questionable?  A candid conversation with your IT staff might surprise you. 

(Geo) location, location, location.  We’ve all seen the Peter Steiner cartoon with the caption “On the internet, no one know you’re a dog.”  That was 1993 — more than a century in dog years and close to a millennium in tech time.  Now they know your breed, your favorite brand of kibble, and your nearest dog park.  Technology that can track consumers’ online movement is the subject of much debate.  When what’s at stake is geolocation, the controversy is compounded.  That’s why savvy companies get customers’ express consent first.

To be or B2B.  That is the question.  Some companies assume that if they’re in the B2B sector, consumer protection is somebody else’s business.  Not so.  The FTC charged that DesignerWare — the company that sold the software to the rent-to-own companies, installed Detective Mode at the stores' direction, gathered the sensitive data, and forwarded it to the stores — ran afoul of the FTC Act by providing those businesses with the “means and instrumentalities” to violate the law.  What’s more, the complaint names two DesignerWare officers in their individual capacities.  The takeaway tip?  Even if you’re selling to other companies, consumer considerations should be your concern, too.

Desperate times call for sensible measures.  The FTC has filed a spate of cases recently against businesses that have used deceptive or unfair practices to get payment from cash-strapped consumers.  When trying to collect what you're owed, illegal tactics remain out of bounds.  Don’t let financial exigencies recalibrate your compliance compass.   

Just because the technology can doesn’t always mean the business should. In response to the obvious question about why he wanted to scale Mount Everest, a celebrated explorer answered “Because it’s there.”  It’s exciting to see innovators push the technology envelope.  But just because a certain practice is technologically feasible doesn’t necessarily mean it’s best for your business, your clientele, or your bottom line.  Wise companies think these things through.

 

0 Comments

| Comment Policy

Leave A Comment

Don't use this blog to report fraud or deceptive practices. To file a complaint with the Federal Trade Commission, please use the FTC Complaint Assistant.

PRIVACY ACT STATEMENT: It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act and the Federal Information Security Management Act authorize this information collection for purposes of managing online comments. Comments and user names are part of our public records system, and user names are also part of our computer user records system. We may routinely use these records as described in our Privacy Act system notices. For more information on how we handle information that we collect, please read our privacy policy.