Get breaking news alerts via email

Click here to manage your alerts
4 years after fact, Feds slap Provo firm’s hand
Security » Regulators say it’s not too late to cite debt collector for release of data.
First Published Jun 14 2012 06:34 pm • Last Updated Jun 14 2012 06:35 pm

No harm and only a minor foul, a Provo company is crying, after federal regulators came down on it for a security breach of customer information — four years after it happened.

EPN Inc., a debt-collection company that operates under the name Checknet, has entered into an agreement with the Federal Trade Commission that requires it to follow certain procedures to protect its data for the next 20 years.

Join the Discussion
Post a Comment

Last week, the commission released a complaint and the agreement it had reached with EPN over the accidental release of information that contained personal data from 3,800 consumers, such as name, address, Social Security numbers, employer and the number of their health insurance policy.

But that security faux pas took place in 2008, after a co-owner of the 40-year-plus operation had installed a peer-to-peer (P2P) program on her computer that shoveled a file out into the P2P network.

Jessica Devenish, president and CEO of EPN, said Thursday that none of the shared data resulted in an identity theft or other problems for consumers. In fact, she said, the FTC didn’t even know until 2010 that P2P software could pose a security hazard.

"The incident that led to the FTC complaint was a one-time, isolated event that involved a limited number of records pertaining to one particular client," Devenish said. "No identity theft, no material harm and no fraud has occurred as a result of the incident. Four years later … no evidence of harm remains."

Jessica Lyon, an FTC attorney, said the case was part of an FTC emphasis on citing companies that allow data breaches of consumer information. In 2010, it notified about 100 companies about data security problems, she said.

"It’s an issue we want to call attention to and to make sure businesses are thinking about the types of information they are holding and really giving some serious thought to where risks to that information might crop up," said Lyon.

The same day the FTC released its complaint about EPN, it also cited a Georgia car dealer for allowing P2P software to be installed on its computer system, which allowed outside access to information on 95,000 consumers.

In its complaint against EPN, the FTC said the company had failed to adopt an information security plan, nor did it adequately train employees about security and did not have in place methods to prevent or detect unauthorized access to personal information.

story continues below
story continues below

As part of its agreement with the FTC, the company agreed to follow security standards and will do regular audits to ensure safe data storage.

"Although no harm was done, it was still an error," said Devenish, who added that the incident had "strengthened our resolve to look into the nooks and crannies of our operation, find weakness and make corrections."

Copyright 2014 The Salt Lake Tribune. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Top Reader Comments Read All Comments Post a Comment
Click here to read all comments   Click here to post a comment

About Reader Comments

Reader comments on sltrib.com are the opinions of the writer, not The Salt Lake Tribune. We will delete comments containing obscenities, personal attacks and inappropriate or offensive remarks. Flagrant or repeat violators will be banned. If you see an objectionable comment, please alert us by clicking the arrow on the upper right side of the comment and selecting "Flag comment as inappropriate". If you've recently registered with Disqus or aren't seeing your comments immediately, you may need to verify your email address. To do so, visit disqus.com/account.
See more about comments here.
Staying Connected
Contests and Promotions
  • Search Obituaries
  • Place an Obituary

  • Search Cars
  • Search Homes
  • Search Jobs
  • Search Marketplace
  • Search Legal Notices

  • Other Services
  • Advertise With Us
  • Subscribe to the Newspaper
  • Access your e-Edition
  • Frequently Asked Questions
  • Contact a newsroom staff member
  • Access the Trib Archives
  • Privacy Policy
  • Missing your paper? Need to place your paper on vacation hold? For this and any other subscription related needs, click here or call 801.204.6100.