Texas Attorney General Greg Abbott reached an agreement with two Austin companies that resolves the state’s May 2007 enforcement action against EZMONEY L.P. and EZPAWN L.P. The affiliated companies were charged with violating state laws governing the disposal of customer records containing sensitive personal information. Under Texas law, vendors must take specific precautions before discarding documents that include customers’ bank accounts, driver’s license and Social Security numbers.
The agreed final judgment requires that EZMONEY and EZPAWN overhaul their information security program and pay $600,000 to the State of Texas, which will help fund future identity theft investigations.
Investigators with the Office of the Attorney General discovered that several San Antonio EZPAWN stores improperly discarded business records. Documents containing sensitive customer information were found in easily accessible trash receptacles behind EZPAWN stores. According to investigators, the records included promissory notes and bank statements that contained names, addresses, Social Security and driver’s license numbers, and checking account information.
Investigators also found evidence of improper document dumping at a dozen other EZPAWN locations around the state, including locations in Houston, San Antonio, Austin, Lubbock and the Rio Grande Valley. In all, investigators found evidence that 483 individual customers’ records were improperly discarded.
The AG’s office also has charged Houston-based Petroleum Wholesale L.P., which operates Sunmart Travel Centers & Convenience Stores in 10 states, for exposing its customers to identity theft. According to the state’s enforcement action, Petroleum Wholesale improperly discarded customer records containing sensitive personal information, including Social Security numbers, bank account numbers, and credit or debit card information.
Investigators with the OAG discovered that the company improperly discarded hundreds of customer records in a publicly-accessible trash container outside its former headquarters. The defendant is charged with violating the 2005 Identity Theft Enforcement and Protection Act, which requires the safeguarding and proper destruction of clients’ sensitive personal information. State law establishes penalties of up to $50,000 per violation of the Act.
The OAG also charged the company with violating Chapter 35 of the Business and Commerce Code, which requires businesses to develop retention and disposal procedures for their clients’ personal information. The law provides for civil penalties of up to $500 for each abandoned record.
Source: Texas Attorney General’s Office, www.oag.state.tx.us/
Was this article valuable?
Here are more articles you may enjoy.