Fidelity Federal Bank and Trust (West Palm Beach, Fla.) has been ordered to pay a $50 million settlement for buying more than half a million names and addresses from the Florida Department of Highway Safety and Motor Vehicles. The Electronic Privacy Information Center (EPIC), which filed an amicus brief in favor of the plaintiffs in the case, announced the decision in late August.
EPIC said the $4 billion-asset bank bought 565,600 names and addresses for use in direct marketing, claiming that the purchase violated the Drivers Privacy Protection Act. The federal law was enacted in 1994 to prevent the distribution of drivers' personal information.
From 2000 to 2003, Fidelity purchased the data containing the personal information of drivers living in Palm Beach, as well as Martin and Broward counties, for only $5,656, or a penny per driver record, according to papers filed in Kehoe v. Fidelity Federal Bank and Trust. The bank sought the information for car loan solicitations, according to the class-action lawsuit.
"This is a pretty hefty settlement that Fidelity Federal is going to have to pay for a law that hasn't gotten much publicity," says Charlotte Bahin, partner in the Washington, D.C., office of law firm Lord Bissell & Brook. Banks should take note of the settlement, Bahin stresses, as it is an indication of how seriously consumer privacy is being taken. Although the Drivers Privacy Protection Act is a federal law, banks need to see how their home states intend to enforce it, Bahin adds.
In addition to the monetary settlement, according to a Securities and Exchange Commission form 8K filed by Fidelity Federal, the bank has agreed to other terms, including certifying that it did not keep or maintain any data obtained from the state of Florida, agreeing that it will not disclose or sell any such data, and agreeing to a privacy audit. "For a $5,600 purchase, this is a pretty big risk," Bahin says. The filing also noted that all terms were contingent upon National City Corp.'s (Cleveland) pending acquisition of Fidelity Federal for $1 billion.
In 2004, the U.S. District Court for the Southern District of Florida ruled that James Kehoe had to demonstrate actual damages before obtaining monetary compensation under the Drivers Privacy Protection Act. Kehoe appealed, and that ruling was overturned.
The case represents a step in trying to address the collective threat that the data trade poses to privacy, according to EPIC. "While Kehoe involves just a single bank using data for marketing, thousands of other businesses are trading in your personal information, resulting in a society that is losing autonomy and control over personal data," the organization stated on its Web site.
Marc Rotenberg, the executive director of EPIC, said during an interview in late August that the organization joined the suit to push for damage awards, which are critical to ensuring privacy laws are effective. "The message here is that ensuring privacy protection for consumers is vital and will be enforced," Rotenberg says.
Fidelity Federal representatives could not provide immediate comment on the settlement. The Florida law firm representing the bank did not return calls seeking comment.
Courtesy of TechWeb, a CMP Media property. Includes additional reporting by BS&T's Nancy Feig.