FTC Sends Signal Of Continued Vigilance Against Deceptive Online Ads
The online lead generation space, where offers for "free" iPods abound, is seen as especially problematic, with companies competing to convince consumers to provide them with information that can be passed along to marketers. "It's been a little bit of a race to the bottom with these lead gen programs," said Mary Ellen Callahan, a lawyer with Hogan & Hartson in Washington who represents clients at the FTC. "The FTC is trying to send a clear message--if you're saying that something's free, it better be free, otherwise you need to have clear and prominent disclosures."
In the last four months, the FTC has extracted settlements from three separate companies-- Adteractive, Member Source Media and, now, ValueClick--that allegedly blanketed the Web with ads offering "free" merchandise that was only free to consumers who made a purchase, filled out a loan application, or otherwise participated in a program. Separately, the Florida Attorney General has also been cracking down on deceptive Web ads.
Of the companies targeted by law enforcement, ValueClick so far has agreed to the largest fine--$2.9 million. That figure is itself unusually high for an FTC settlement, and came about only because ValueClick allegedly sent e-mail ads in violation of Can-Spam -- which provides for large penalties--Callahan said.
While the allegations about ads for "free" merchandise have been well-publicized, the ValueClick complaint and settlement also contained another, less-noticed charge--that ValueClick failed to keep customers' private information secure. Specifically, the complaint said ValueClick and its subsidiaries "did not encrypt sensitive information consistent with industry standards."
ValueClick didn't admit to wrongdoing as part of the settlement, but agreed to establish "a comprehensive information security program that is reasonably designed to protect the security, confidentiality, and integrity of personal information collected from or about consumers."
While the complaint doesn't indicate that there had been a data breach, the FTC still alleged that the company's security procedures were unlawful because ValueClick and its subsidiaries represent in their privacy policies that they keep sensitive information secure.
Privacy expert Alan Chapell said that some other online lead generation companies have been known to use lax security measures with credit card information. "There's a whole bunch of very small companies in online lead generation," he said. Some of them aren't aware of proper security procedures, or simply don't think they'll get caught, he added.