WASHINGTON -- Some data protection cases are complex and difficult for the Federal Trade Commission (FTC) to prove.

Then there is the case of Nations Title Agency (NTA) and its parent company, Nations Holding Company (NHC).

The FTC claims that the NHC, a real estate services firm with operations in 44 states, tossed consumer home loan applications in an unsecured dumpster. This was just one among a laundry list of lax security practices the FTC lodged against the company, which promised consumers that it maintained "physical, electronic and procedural safeguards" to protect data.

The Kansas City-based NHC settled with the FTC Wednesday, agreeing to not misrepresent the extent of its data protection safeguards. The company also agreed to establish and maintain a comprehensive information security program subject to third-party audits for the next 20 years.

"Careless handling of consumers' sensitive financial information is an open invitation to identity thieves," said FTC Chairman Deborah Platt Majoris. "Enforcing the laws designed to protect consumers' sensitive financial data is a priority at the FTC."

According to the FTC complaint, NTA, NHC and its president, Christopher M. Likens, engaged in a number of lax security practices that, taken together, failed to provide reasonable and appropriate security to protect consumer data.

In addition to the dumpster incidence, the FTC maintains NHC failed to assess risks to the data it collected and stored, both online and offline. The FTC also claims the company failed to implement "simple, low cost, readily available defenses to common Web site attacks."

Majoris noted the NHC case was the FTC's 13th case involving data security.

Keynoting a cybersecurity summit organized by the Progress and Freedom Foundation, Majoris said, "Although many of our data security cases emphasize high-tech security issues, this case serves as a reminder not only that securing high-tech data is essential, but that we cannot forget the low-tech."

Low tech or high tech, Majoris said the FTC investigations have shown that data security has been "surprisingly lax" in a number of large companies.

"No one need worry the FTC is looking for 'perfect' security, or that we are developing a de facto strict liability standard for when a breach occurs, because the cases we have brought have not been close calls," she said.

This article was first published on InternetNews.com. To read the full article, click here.