From: security curmudgeon (jerichoattrition.org)
Date: Thu Jun 04 2009 - 17:37:44 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.ftc.gov/opa/2009/06/sears.shtm

For Release: 06/04/2009
Sears Settles FTC Charges Regarding Tracking Software
Sears Failed to Disclose Adequately that Software Collected Consumers
Sensitive Personal Information

Sears Holdings Management Corporation owned by Sears, Roebuck and Company
and Kmart Management Corporation has agreed to settle Federal Trade
Commission charges that it failed to disclose adequately the scope of
consumers personal information it collected via a downloadable software
application. According to the FTCs administrative complaint, Sears
represented to consumers that the software would track their online
browsing. The FTC charges that the software would also monitor consumers
online secure sessions including sessions on third parties Web sites and
collect information transmitted in those sessions, such as the contents of
shopping carts, online bank statements, drug prescription records, video
rental records, library borrowing histories, and the sender, recipient,
subject, and size for web-based e-mails. The software would also track
some computer activities that were not related to the Internet. The
proposed settlement calls for Sears to stop collecting data from the
consumers who downloaded the software and to destroy all data it had
previously collected.

According to the FTCs complaint, Sears invited certain consumers visiting
the sears.com and kmart.com Web sites to become members of the My SHC
Community. Sears solicited these consumers to participate in exciting,
engaging, and on-going interactions always on your terms and always by
your choice. Sears paid consumers $10 to participate. As part of this
process, Sears asked consumers to download research software that it said
would confidentially track their online browsing. Only in a lengthy user
license agreement, available to consumers at the end of a multi-step
registration process, did Sears disclose the full extent of the
information the software tracked, according to the complaint. The
complaint charges that Sears failure to adequately disclose the scope of
the tracking softwares data collection was
deceptive and violates the FTC Act.

Under the proposed settlement, in addition to destroying information
previously collected, if Sears advertises or disseminates any tracking
software in the future, it must clearly and prominently disclose the types
of data the software will monitor, record, or transmit. This disclosure
must be made prior to installation and separate from any user license
agreement. Sears must also disclose whether any of the data will be used
by a third party.

The Commission vote to approve the administrative complaint and proposed
settlement agreement was 4-0. The settlement contains standard reporting
and record-keeping provisions to allow the agency to monitor compliance.
The FTC will publish an announcement regarding the agreement in the
Federal Register shortly. The agreement will be subject to public comment
for 30 days, beginning today and continuing through July 6, 2009, after
which the Commission will decide whether to make it final. To file a
public comment, please click on the following hyperlink:
http://www.ftc.gov/os/2009/06/0823099publiccomment.pdf and follow the
instructions at that site.

NOTE: The Commission issues or files a complaint when it has reason to
believe that the law has been or is being violated, and it appears to the
Commission that a proceeding is in the public interest. The complaint is
not a finding or ruling that the named parties have violated the law.

NOTE: A consent agreement is for settlement purposes only and does not
constitute an admission of a law violation. When the Commission issues a
consent order on a final basis, it carries the force of law with respect
to future actions. Each violation of such an order may result in a civil
penalty of $16,000.

Copies of the complaint, the proposed settlement agreement, and an
analysis of the agreement to aid in public comment are available from both
the FTCs Web site at http://www.ftc.gov, and the FTCs Consumer Response
Center, Room 130, 600 Pennsylvania Avenue, N.W., Washington, DC 20580. The
Federal Trade Commission works for consumers to prevent fraudulent,
deceptive, and unfair business practices and to provide information to
help spot, stop, and avoid them. To file a complaint in English or
Spanish, visit the FTCs online Complaint Assistant or call 1-877-FTC-HELP
(1-877-382-4357). The FTC enters complaints into Consumer Sentinel, a
secure, online database available to more than 1,500 civil and criminal
law enforcement agencies in the U.S. and abroad. The FTCs Web site
provides free information on a variety of consumer topics.

Media Contact:
     Betsy Lordan
     Office of Public Affairs
     202-326-3707
Staff Contact:
     Rick Quaresima
     Bureau of Consumer Protection
     202-326-3130

(FTC File No. 0823099)
(Sears.wpd)
_______________________________________________
Dataloss Mailing List (datalossdatalossdb.org)

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]