The Federal Trade Commission has given final approval to a settlement with the mortgage industry data analytics firm that will require the company to strengthen data security protections and oversight of its suppliers to ensure third-party providers comply with these safeguards.
In a complaint first announced in December 2020, the Federal Trade Commission alleged that Texas-based Ascension Data & Analytics violated the Gramm-Leach Bliley Act’s safeguards rule, which requires financial institutions to develop, implement and maintain a comprehensive information security program and ensure third-party vendors are able To implement and maintain appropriate safeguards for customer information. The Federal Trade Commission alleged that Ascension failed to do so.
The Federal Trade Commission (FTC) alleged that an Ascension vendor hired to perform text recognition scanning of mortgage documents stored the contents of the documents — which included names, dates of birth, Social Security numbers, and other personal information — on a cloud-based server in plain text, without any protection To prevent unauthorized access, such as asking for a password. As a result, the server containing the mortgage information was accessed dozens of times.
After receiving one comment on the settlement, which was also announced in December 2020, the Commission voted 2-1-1 to end the settlement and send a response back to the commentator.
Principal Lina M. did not participate. Khan. Commissioner Rebecca Kelly Slaughter voted “no” and issued a statement to the contrary.