Menu
FTC hits up 9 data brokers for info on how they collect and use private data

FTC hits up 9 data brokers for info on how they collect and use private data

Information will be used to study data broker privacy practices

The Federal Trade Commission has ordered nine data brokerage companies to report how they collect and use data about consumers.

The agency said it will use the information from 1) Acxiom, 2) Corelogic, 3) Datalogix, 4) eBureau, 5) ID Analytics, 6) Intelius, 7) Peekyou, 8) Rapleaf and 9) Recorded Future to study data broker privacy practices.

Data brokers typically collect personal information about consumers from a variety of public and non-public sources and resell the information to other companies but consumers are confused about or in most case not even aware of what happens with their own information.

NEWS: The weirdest, wackiest and coolest sci/tech stories of 2012

MORE: The year in madly cool robots

Specifically the FTC said it was looking for information such as:

  • the nature and sources of the consumer information the data brokers collect
  • how they use, maintain, and disseminate the information
  • the extent to which the data brokers allow consumers to access and correct their information or to opt out of having their personal information sold.

In many ways, these data flows can benefit consumers and the economy, the FTC said. For example, having this information about consumers helps companies prevent fraud. Data brokers also provide data to let customers better market their products and services, the FTC stated.

But all has not been well in data broker-land this year. In June, the FTC had data broker Spokeo pay $800,000 to settle FTC charges it sold personal information it gathered from social media and other Internet-based sites to employers and job recruiters without taking steps to protect consumers required under the Fair Credit Reporting Act.

According to the FTC, Spokeo collected personal information about consumers from hundreds of online and offline data sources, including social networks. It merges the data to create detailed personal profiles of consumers. The profiles contain such information as name, address, age range and email address. They also might include hobbies, ethnicity, religion, participation on social networking sites, and photos.

The FTC alleged that Spokeo operated as a consumer reporting agency and violated the FCRA by failing to make sure that the information it sold would be used only for legally allowable reasons; failing to ensure the information was accurate; and failing to tell users of its consumer reports about their obligation under the FCRA, including the requirement to notify consumers if the user took an adverse action against the consumer based on information contained in the consumer report. The FTC also alleged that Spokeo deceptively posted endorsements of its service on news and technology websites and blogs, portraying the endorsements as independent when in reality they were created by Spokeo's own employees.

The FTC said that from 2008 until 2010, Spokeo marketed the profiles on a subscription basis to human resources professionals, job recruiters and others as an employment screening tool. The company encouraged recruiters to "Explore Beyond the Resume." It ran online advertisements with tag lines to attract employers, and created a special portion of the Spokeo website for recruiters. It created and posted endorsements of its services, representing those endorsements as those of consumers or other businesses.

In response to the FTC action, Spokeo issued a statement that in part read: "It has never been our intention to act as a consumer reporting agency. We have made changes to our site and our internal business practices in order to ensure we don't infringe upon the FCRA's important consumer protections, and to ensure an honest and transparent service that will continue to be easy for our customers to use. We are a technology company organizing people-related data in innovative ways. We do not create our own content, we do not possess or have access to private financial information, and we do not offer consumer reports. Our agreement with the FTC will allow for a continued open dialogue regarding our business practices. We are eager to help shape the future of online information sharing. As we continue to provide new innovations within the people search industry, we are committed to making clarity and transparency top priorities for our customers."

Aside from the Spokeo action, the FTC earlier this year sent letters to six unidentified mobile applications makers warning them that their background screening apps may be violating federal statutes. Specifically the FTC said if the app makers have reason to believe their background reporting apps are being used for employment screening, housing, credit or other similar purposes, they must comply with the Fair Credit Reporting Act which is supposed to protect consumer privacy and ensure that the information supplied by consumer reporting agencies is accurate.

According to the FTC, some of the apps include criminal record histories, which bear on an individual's character and general reputation and are precisely the type of information that is typically used in employment and tenant screening.

Under the FCRA, operations that assemble or evaluate information to provide to third parties qualify as consumer reporting agencies, or CRAs. Mobile apps that supply such information may qualify as CRAs under the act. CRAs must take reasonable steps to ensure the user of each report has a "permissible purpose" to use the report; take reasonable steps to ensure the maximum possible accuracy of the information conveyed in its reports; and provide users of its reports with information about their FCRA obligations. In the case of consumer reports provided for employment purposes, for example, CRAs must provide employers with information regarding their obligation to provide notice to employees and applicants of any adverse action taken on the basis of a consumer report.

According to the warning letters, the FTC has made no determination whether the companies are violating the FCRA, but encourages them to review their apps and their policies and procedures to be sure they comply with the FCRA. Future actions against those firms weren't ruled out if violations are found.

Also this year the FTC called on the data broker industry to improve the transparency of its practices and set forth what the agency called "a voluntary framework of best practices for businesses based on the concepts of privacy by design, consumer control, and increased transparency for the collection and use of consumer data." The FTC said that while data brokers collect, maintain, and sell a wealth of information about consumers, they often do not interact directly with consumers. Rather, they get information from public records and purchase information from other companies. As a result, consumers are often unaware of the existence of data brokers as well as the purposes for which they collect and use consumers' data.

Follow Michael Cooney on Twitter @nwwlayer8 and on Facebook.

Read more about data center in Network World's Data Center section.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags intelindustry verticalscorelRecorded FutureSpokeoFederal Trade CommissionRapLeafCoreLogicID Analyticsdata broker privacy practicesInteliusAcxiomPeekyouDatalogixdata brokerseBureau

Show Comments
[]