Just last month, the U.S. Federal Trade Commission (FTC) settled a case with Upromise, which is owned by Sallie Mae, after it failed to encrypt customers' personal information and provide clear details about its data collection practices.With the promise of offering more customized deals, Upromise encouraged its savings account holders to download a “TurboSaver Toolbar” to find merchant rebates from partners. However, with the toolbar download, the company also collected loads of personal information, which was transmitted unencrypted.
Although a Upromise rep told us that only one percent of the company's members were affected and that company execs are unaware of any instances of fraud that occurred, this doesn't negate the fact that they should have known better. We're talking about a company owned by Sallie Mae, which has a very competent, well-respected CSO at its helm.Further, it's not as if customers have been mum about dissatisfaction with some of the company's other lending and account practices. For instance, customer discontent was demonstrated last October when a contingent of Occupy Wall Street protestors in D.C. reportedly converged on the steps of Sallie Mae offices to voice various grievances about student loans. The company kept its doors closed.
This may be because even in light of sundry customer concerns, Sallie Mae's doing just fine during an economy that sees some 13 million people out of work, according to recent joblessness figures. In fact, it has around $140 billion of federal college loans on its books – a nice chunk of change as it sees its now private lending rise. Meanwhile, the largest student lender in the country has spent millions on various lobbying efforts to Congress, including pleas to continue government subsidies to private lenders.Working in the customer's best interest seems a business principle ignored by Upromise's parent company. Given the recent FTC/Upromise settlement, hopefully security and privacy practices won't become another.