FTC Sears Settlement

The Federal Trade Commission has conducted an investigation of certain acts and
practices of Sears Holdings Management Corporation (“proposed respondent”). Proposed
respondent, having been represented by counsel, is willing to enter into an agreement containing
a consent order resolving the allegations contained in the attached draft complaint. Therefore,
IT IS HEREBY AGREED by and between Sears Holdings Management Corporation,
by its duly authorized officer, and counsel for the Federal Trade Commission that:

1. Proposed respondent Sears Holdings Management Corporation is a Delaware corporation
with its principal office or place of business at 3333 Beverly Road, Hoffman Estates, IL 60179.

2. Proposed respondent admits all the jurisdictional facts set forth in the draft complaint.

3. Proposed respondent waives:
A. Any further procedural steps;
B. The requirement that the Commission’s decision contain a statement of findings
of fact and conclusions of law; and
C. All rights to seek judicial review or otherwise to challenge or contest the validity
of the order entered pursuant to this agreement.

4. This agreement shall not become part of the public record of the proceeding unless and
until it is accepted by the Commission. If this agreement is accepted by the Commission, it,
together with the draft complaint, will be placed on the public record for a period of thirty (30)
days and information about it publicly released. The Commission thereafter may either
withdraw its acceptance of this agreement and so notify proposed respondent, in which event it
will take such action as it may consider appropriate, or issue and serve its complaint (in such
form as the circumstances may require) and decision in disposition of the proceeding.

5. This agreement is for settlement purposes only and does not constitute an admission by
proposed respondent that the law has been violated as alleged in the draft complaint, or that the
facts as alleged in the draft complaint, other than the jurisdictional facts, are true.

6. This agreement contemplates that, if it is accepted by the Commission, and if such
acceptance is not subsequently withdrawn by the Commission pursuant to the provisions of
Section 2.34 of the Commission’s Rules, the Commission may, without further notice to
proposed respondent, (1) issue its complaint corresponding in form and substance with the
attached draft complaint and its decision containing the following order in disposition of the
proceeding, and (2) make information about it public. When so entered, the order shall have the
same force and effect and may be altered, modified, or set aside in the same manner and within
the same time provided by statute for other orders. The order shall become final upon service.
Delivery of the complaint and the decision and order to proposed respondent’s address as stated
in this agreement by any means specified in Section 4.4(a) of the Commission’s Rules shall
constitute service. Proposed respondent waives any right it may have to any other means of
service. The complaint may be used in construing the terms of the order, and no agreement,
understanding, representation, or interpretation not contained in the order or the agreement may
be used to vary or contradict the terms of the order.

7. Proposed respondent has read the draft complaint and consent order. It understands that
it may be liable for civil penalties in the amount provided by law and other appropriate relief for
each violation of the order after it becomes final.

For purposes of this order, the following definitions shall apply:
1. Unless otherwise specified, “respondent” shall mean Sears Holdings Management
Corporation, its successors and assigns, and its officers, agents, representatives, and employees.
2. “Commerce” shall mean as defined in Section 4 of the Federal Trade Commission Act,
15 U.S.C. § 44.
3. “Computer” shall mean any desktop or laptop computer, handheld device, telephone, or
other electronic product or device that has a platform on which to download, install, or run any
software program, code, script, or other content and to play any digital audio, visual, or
audiovisual content.
4. “Tracking Application” shall mean any software program or application disseminated by
or on behalf of respondent, its subsidiaries or affiliated companies, that is capable of being
installed on consumers’ computers and used by or on behalf of respondent to monitor, record, or
transmit information about activities occurring on computers on which it is installed, or about
data that is stored on, created on, transmitted from, or transmitted to the computers on which it is
5. “Affected Consumers” shall mean persons who, prior to the date of issuance of this order,
downloaded and installed a Tracking Application on a computer in connection with the My SHC
Community program or “on-line community.”
6. “Collected Information” shall mean any information or data transmitted from a computer
by a Tracking Application, installed prior to the date of issuance of this order, to any computer
server owned by, operated by, or operated for the benefit of, Sears Holdings Management
Corporation, its subsidiaries, or affiliated companies.
8. “Clearly and prominently” shall mean:
A. In textual communications (e.g., printed publications or words displayed on the
screen of a computer), the required disclosures are of a type, size, and location
sufficiently noticeable for an ordinary consumer to read and comprehend them, in
print that contrasts with the background on which they appear;
B. In communications disseminated orally or through audible means (e.g., radio or
streaming audio), the required disclosures are delivered in a volume and cadence
sufficient for an ordinary consumer to hear and comprehend them;
C. In communications disseminated through video means (e.g., television or
streaming video), the required disclosures are in writing in a form consistent with
subparagraph (A) of this definition and shall appear on the screen for a duration
sufficient for an ordinary consumer to read and comprehend them, and in the
same language as the predominant language that is used in the communication;
D. In communications made through interactive media, such as the Internet, online
services, and software, the required disclosures are unavoidable and presented in
a form consistent with subparagraph (A) of this definition, in addition to any
audio or video presentation of them; and
E. In all instances, the required disclosures are presented in an understandable
language and syntax, and with nothing contrary to, inconsistent with, or in
mitigation of the disclosures used in any communication of them.

IT IS ORDERED that respondent, directly or through any corporation, subsidiary,
division, or other device, in connection with the advertising, promotion, offering for sale, sale, or
dissemination of any Tracking Application, in or affecting commerce, shall, prior to the
consumer downloading or installing it:
A. Clearly and prominently, and prior to the display of, and on a separate screen
from, any final “end user license agreement,” “privacy policy,” “terms of use”
page, or similar document, disclose: (1) all the types of data that the Tracking
Application will monitor, record, or transmit, including but not limited to whether
the data may include information from the consumer’s interactions with a specific
set of websites or from a broader range of Internet interaction, whether the data
may include transactions or information exchanged between the consumer and
third parties in secure sessions, interactions with shopping baskets, application
forms, or online accounts, and whether the information may include personal
financial or health information; (2) how the data may be used; and (3) whether the
data may be used by a third party; and

B. Obtain express consent from the consumer to the download or installation of the
Tracking Application and the collection of data by having the consumer indicate
assent to those processes by clicking on a button or link that is not pre-selected as
the default option and that is clearly labeled or otherwise clearly represented to
convey that it will initiate those processes, or by taking a substantially similar

IT IS FURTHER ORDERED that respondent, directly or through any corporation,
subsidiary, division, or other device, shall:
A. Within thirty (30) days after the date of service of this order, notify Affected
Consumers that they have installed respondent’s Tracking Application on their
computers, that the Tracking Application collects and transmits to respondent and
others the data described in the My SHC Community “Privacy Statement & User
License Agreement,” and notify them how to uninstall the Tracking Application.
Notification shall be by the following means:
1. For two (2) years after the date of service of this order, posting of a clear
and prominent notice on the website; and
2. For three (3) years after the date of service of this order, informing
Affected Consumers who complain or inquire about any Tracking
Application; and
B. Provide prompt, toll-free, telephonic and electronic mail support to help Affected
Consumers uninstall any Tracking Application.

IT IS FURTHER ORDERED that respondent, directly or through any corporation,
subsidiary, division, or other device, shall:
A. Within three (3) days after the date of service of this order, cease collecting any
data transmitted by any Tracking Application installed before the date of service
of this Order; and
B. Within five (5) days after the date of service of this order, destroy any Collected

IT IS FURTHER ORDERED that respondent, Sears Holdings Management Corporation,
and its successors and assigns, shall maintain, and upon request make available to the Federal
Trade Commission for inspection and copying, a print or electronic copy of each document
relating to compliance with the terms and provisions of this order, including but not limited to:
A. For a period of four (4) years, any documents, whether prepared by or on behalf
of respondent, that:
1. Comprise or relate to complaints or inquiries, whether received directly,
indirectly, or through any third party, concerning a Tracking Application,
and any responses to those complaints or inquiries;
2. Are reasonably necessary to demonstrate full compliance with each
provision of this order, including but not limited to, all documents
obtained, created, generated, or which in any way relate to the
requirements, provisions, terms of this order, and all reports submitted to
the Commission pursuant to this order; and
3. Contradict, qualify, or call into question respondent’s compliance with
this order; and
B. For a period of four (4) years after the last public dissemination thereof, all
advertisements, terms of use, end-user license agreements, frequently asked
questions, privacy policies, and similar documents relating to respondent’s
dissemination of any Tracking Application.

IT IS FURTHER ORDERED that respondent, Sears Holdings Management Corporation,
and its successors and assigns, shall deliver a copy of this order to all current and future
principals, officers, directors, managers, employees, agents, and representatives having
responsibilities with respect to the subject matter of this order. Respondent, Sears Holdings
Management Corporation, and its successors and assigns, shall deliver this order to current
personnel within thirty (30) days after the date of service of the order, and to future personnel
within thirty (30) days after the person assumes such position or responsibilities.

IT IS FURTHER ORDERED that respondent, Sears Holdings Management Corporation,
and its successors and assigns, shall notify the Commission at least thirty (30) days prior to any
change in the entity that may affect compliance obligations arising under this order, including
but not limited to, a dissolution, assignment, sale, merger, or other action that would result in the
emergence of a successor entity; the creation or dissolution of a subsidiary, parent, or affiliate
that engages in any acts or practices subject to this order; the proposed filing of a bankruptcy
petition; or a change in the entity name or address. Provided, however, that with respect to any
proposed change in the entity about which respondent, Sears Holdings Management
Corporation, and its successors and assigns, learns less than thirty (30) days prior to the date
such action is to take place, respondent, Sears Holdings Management Corporation, and its
successors and assigns, shall notify the Commission as soon as is practicable after obtaining such
knowledge. All notices required by this Part shall be sent by certified mail to the Associate
Director, Division of Enforcement, Bureau of Consumer Protection, Federal Trade Commission,
600 Pennsylvania Ave., N.W., Washington, D.C. 20580.

IT IS FURTHER ORDERED that respondent, Sears Holdings Management Corporation,
and its successors and assigns, shall, within sixty (60) days after service of this order, and at such
other times as the Federal Trade Commission may require, file with the Commission a report, in
writing, setting forth the manner and form in which respondent has complied with this order.

This order will terminate twenty (20) years from the date of its issuance, or twenty (20)
years from the most recent date that the United States or the Federal Trade Commission files a
complaint (with or without an accompanying consent decree) in federal court alleging any
violation of the order, whichever comes later; provided, however, that the filing of such a
complaint will not affect the duration of:
A. Any Part of this order that terminates in less than twenty (20) years;
B. This order’s application to any respondent that is not named as a defendant in
such a complaint; and
C. This order if such complaint is filed after the order has terminated pursuant to this
Provided, further, that if such complaint is dismissed or a federal court rules that the respondent
did not violate any provision of the order, and the dismissal or ruling is either not appealed or
upheld on appeal, then the order will terminate according to this Part as though the complaint
had never been filed, except that this order will not terminate between the date such complaint is
filed and the later of the deadline for appealing such dismissal or ruling and the date such
dismissal or ruling is upheld on appeal.


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 60,000 retail IT leaders who subscribe to our free weekly email. Sign up today!

Most Recent Comments

Why Did Gonzales Hackers Like European Cards So Much Better?

I am still unclear about the core point here-- why higher value of European cards. Supply and demand, yes, makes sense. But the fact that the cards were chip and pin (EMV) should make them less valuable because that demonstrably reduces the ability to use them fraudulently. Did the author mean that the chip and pin cards could be used in a country where EMV is not implemented--the US--and this mis-match make it easier to us them since the issuing banks may not have as robust anti-fraud controls as non-EMV banks because they assumed EMV would do the fraud prevention for them Read more...
Two possible reasons that I can think of and have seen in the past - 1) Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code. 2) Also, in offline chip countries the card determines whether or not a transaction is approved, not the issuer. In my experience, European issuers haven't developed the same checks on authorization requests as US issuers. So, these cards might be more valuable because they are more likely to get approved. Read more...
A smart card slot in terminals doesn't mean there is a reader or that the reader is activated. Then, activated reader or not, the U.S. processors don't have apps certified or ready to load into those terminals to accept and process smart card transactions just yet. Don't get your card(t) before the terminal (horse). Read more...
The marketplace does speak. More fraud capacity translates to higher value for the stolen data. Because nearly 100% of all US transactions are authorized online in real time, we have less fraud regardless of whether the card is Magstripe only or chip and PIn. Hence, $10 prices for US cards vs $25 for the European counterparts. Read more...
@David True. The European cards have both an EMV chip AND a mag stripe. Europeans may generally use the chip for their transactions, but the insecure stripe remains vulnerable to skimming, whether it be from a false front on an ATM or a dishonest waiter with a handheld skimmer. If their stripe is skimmed, the track data can still be cloned and used fraudulently in the United States. If European banks only detect fraud from 9-5 GMT, that might explain why American criminals prefer them over American bank issued cards, who have fraud detection in place 24x7. Read more...

Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.