Upromise found itself in front of the Federal Trade Commission answering very tough questions earlier this month. The inquiry was related to a 2012 order requiring that Upromise include disclosures about data collection practices and conduct third-party assessments about Upromise’s data security safeguards.

The FTC alleged that Upromise failed to comply with the terms of the 2012 order while targeting consumers saving for college with a new toolbar called “RewardU.”  In 2012, the FTC alleged that Upromise’s TurboSaver toolbar collected information about users, including search terms, passwords, and credit card information, without disclosing the full extent of what was being collected.  The current order alleges that Upromise continued to engage in these practices.

Accordingly, the FTC assessed a $500,000 civil penalty, and also requires Upromise to permanently expire any RewardU-related cookies and tell users who downloaded the RewardU toolbar how they can uninstall the toolbar and delete associated cookies, along with obtaining third-party assessments of its security settings.

TAKEAWAY: Advertisers should be aware that many FTC orders include strict compliance and reporting requirements, which in this case extended for 20 years after the date of the original order.  The FTC can assess further penalties or obligations on advertisers for failure to comply with orders years after an original consent order was put in place.