Hayley Ringle reports:
My hour-long interview last week with LifeLock CEO and chairman Todd Davis covered a lot of ground in the Phoenix Business Journal’s inaugural “Inside the Reporter’s Notebook” event.
But there were some extra questions I didn’t get a chance to ask, including some about a pending FTC investigation I just learned about.
Davis, who co-founded the Tempe-based identity theft protection company in 2005, answered the following questions via email today and Friday.
Q: Recent whistle-blower claims from former employees against LifeLock have said the company is not complying with the 2010 Federal Trade Commission order that the company used false claims to promote its identity theft protection services.
Read more on Phoenix Business Journal. The portion of the 10-K Ringle refers to says, in part:
On December 26, 2012, ID Analytics, along with eight other companies, received an information request from the FTC in conjunction with the FTC’s policy study of the operation of the data broker industry. ID Analytics was advised that this request is not an investigation of its business practices but will be the basis of consideration by the FTC whether to recommend to the Congress a legislative extension of FCRA-based consumer safeguards to the use of consumer personal information in the non-FCRA context. Although ID Analytics believes that it is not engaged in data broker activities in any manner, ID Analytics has indicated to the FTC that it will cooperate with the FTC’s study efforts by responding fully to the FTC’s information requests, and has done so to date. On December 17, 2013, we met with FTC Staff, at their request, to discuss the ID Analytics positions with regard to the FTC’s data broker study. At the meeting, we discussed a wide ranging number of matters, including industry conditions, the changing landscape relating to identity theft and fraud, technological developments to address identity theft and fraud, as well as recent security breaches.
With the growing public concern regarding privacy and the collection, distribution, and use of consumer personal information, we believe we are in an environment in which there is an increased regulatory scrutiny concerning data collection and use practices and the provision and marketing of services, like ours, that seek to protect that information. We expect that kind of scrutiny to continue as the marketplace for services like ours continues to develop. In addition, we believe there has been a recent increase in whistleblower claims made to regulatory agencies, including whistleblower claims made by former employees, which we believe will likely continue, in part because of the provisions enacted by the Dodd-Frank Wall Street Reform and Consumer Protection Act, or the Dodd-Frank Act, that may entitle persons who report alleged wrongdoing to the SEC to cash rewards. Often, the allegations underlying such claims to regulatory agencies result in federal and state inquiries and investigations. On January 17, 2014, we met with FTC Staff, at our request, to discuss issues regarding allegations that have been asserted in a whistleblower claim against us relating to our compliance with the FTC Order. Following this meeting, we expect to receive either a formal or informal investigatory request from the FTC for documents and information regarding our policies, procedures, and practices for our services and business activities. Given the heightened public awareness of data breaches and well as attention to identity theft protection services like ours, it is also possible that the FTC, at any time, may commence an unrelated inquiry or investigation of our business practices and our compliance with the FTC Order. We endeavor to comply with all applicable laws and believe we are in compliance with the requirements of the FTC Order. We believe the increased regulatory scrutiny will continue in our industry for the foreseeable future and could lead to additional meetings or inquiries or investigations by the agencies that regulate our business, including the FTC.