On March 9, 2010, the Federal Trade Commission (FTC) announced a settlement in its case against an identity theft protection services firm that we’ll refer to as “Defendants.” The $35 million judgment was suspended to $12 million, payable to the FTC and 35 state Attorneys General. We’ll all be watching as this unfolds, because if the conditions of the judgment are not met, the entire $35 million will be due.

The Defendants’ previous guarantees to prevent identity theft before it happens were at the heart of the FTC complaint and that of the 35 state Attorneys General who joined the suit.  The FTC said that in addition to the misleading claims about the effectiveness of their product, the Defendants did not take proper precautions – as they claimed they would – to protect the personal identifying information (PII) of people who bought their service and entrusted them as a custodian of their identities.

The judgment definitely sent a message to the Defendants, but there is a message present for the public as well. In a press release, Illinois Attorney General Lisa Madigan said, “This agreement effectively prevents [Defendants] from misrepresenting that its services offer absolute prevention against identity theft because there is unfortunately no foolproof way to avoid identity theft. Consumers can take definitive steps to minimize the chances of having their personal information stolen, and this settlement will help them make more informed decisions about whether to enroll in identity theft protection services.”

The takeaway? Look past the grandiose claims of expert marketers, know what can and can’t be done regarding identity theft, and choose an identity theft services company with the same smart-buyer tactics you’d use for any other important purchase.

Tags: FTC, identity theft protection, misleading claims, PII

Categories: Data Security Industry, Data Security Issues.