Reference no: EM133070503
Rick Anderson is the Chief Compliance Officer for "EquiMax" (EM), a major nationwide credit reporting bureau in the United States. In the past few years, certain decisions relative to EM's compliance obligations have caused some concern with the Board of Directors. Rick has come to your law firm asking for help in assessing all potential risk associated with EM's recent actions.
EM's core business is compiling vast amounts of consumer financial data, including loan balances, payment history and defaults. This information is particularly useful for businesses, because the data goes back several years, sometimes up to 15 years. However, since EM maintains so much information, it often has difficulty maintaining accurate data. Some of the inaccurate data would be deleted, but the rest would stay on file. Nonetheless, EM remained very profitable since the financial information it collected proved to be reasonably accurate in predicting an individual's future behavior.
Two years ago, Rick was approached by EM's Strategic Product Development Team (SPDT) about compiling new types of data which could potentially create a new income stream for EM. Specifically, the SPDT wanted to begin collecting information related to an individual's personal characteristics and market that information to prospective employers. Rick felt this was a good idea because employers were willing to pay big money to identify individuals who had no prior history of drug use, fraud or any other activity that may potentially harm the business's reputation. The business could use that information to identify likely candidates and then reach out to those employees to inquire about their interest in working for the company. In addition, Rick felt that compliance obligations would be more lax because EM would likely not be considered within scope of the FCRA because the information was not financial in nature. After working out some kinks, the product was launched a year ago and has enjoyed a great amount of success.As part of his duties as Chief Compliance Officer, Rick implemented a robust annual privacy notice mailing process for EM. The process currently sends a privacy notice to all individuals that EM maintains nonpublic personal information on, currently 30 million individuals. The privacy notice provides a description of EM's information collection and sharing practices, but does not mention the individual's ability to restrict disclosure of nonpublic personal information to other entities. A large number of EM's shareholders criticized Rick's costly decision to implement such a process because many believed that EM had no legal obligation to provide an annual privacy policy to those individuals who EM maintained information on. Some of the shareholders have even threatened to file a shareholder derivative suit for Rick's actions.
When EM's profits took a turn for the worse 6 months ago, Rick decided to hack into a competitor's database to gain a competitive advantage. Rick ended up stealing 5 files containing various intellectual property documents, each valued at $1,000. Rick felt that there was little risk in doing this pursuant to the Computer Fraud and Abuse Act because EM still had to reverse engineer the source code stolen from the competitor.
Your supervising attorney asks you to prepare a memo discussing all potential privacy-related issues in Rick's case. You are to advise your supervising attorney on the likely outcome of each issue, citing appropriate authorities.