A Federal Trade Commission official asked data brokers on Thursday to shine light on their own activities by giving consumers access to the data collected about them and a chance to fix incorrect information.
Data brokers mine cell phone records, addresses, social security numbers, and other personal information for clients that use their services, often as an alternative to credit reports.
Commissioner Julie Brill voiced concern about the mass of information data brokers pull together about consumers and how it could be used by employers, insurance companies, and others in ways that could harm consumers by affecting whether they get a bank loan or obtain affordable rates for insurance. She said data brokers, who collect information about consumers from a wide range of sources, need to provide consumers with more information about what they do.
“I have long been concerned about data that are used in place of traditional credit reports to make predictions that become a part of the basis for making determinations regarding a consumer’s credit, his or her ability to secure housing, gainful employment or various types of insurance,” Brill said at a Data Privacy Day event sponsored by the National Cyber Security Alliance. “I am calling on data brokers to take the transparency principle and put it into practice; develop a user friendly one-stop shop where consumers can gain access to information that data brokers have amassed about them; and, in appropriate circumstances, give them the ability to correct that information.”
And perhaps as a warning, Brill added: “Data brokers need to get cracking now to put something like this into place.”
Data brokers have come under increased scrutiny in recent years following a high-profile security breach in 2005 involving ChoicePoint. Sensitive records on thousands of consumers were lost, and the incident led to a settlement with the FTC in 2006. Several companies, such as Acxiom and Intelius, gather personal information from a variety of sources about consumers, but many people are unaware of their activities, Brill noted.
Brill’s call appears unlikely to get a warm reception from the industry. Representatives from the data broker industry questioned the feasibility of Brill’s proposal and said many of the biggest brokers already are required to provide such safeguards to consumers under the Fair Credit Reporting Act. At the same time, it would require data brokers to set up a system that would force consumers to provide even more personal data about themselves in order to verify that they are who they say they are, according to Direct Market Association Executive Vice President Linda Woolley. Her group represents some of the biggest data brokers including Acxiom and InfoGroup.
“It’s completely unworkable,” Woolley told National Journal. She added that most of the major data brokers will allow consumers to opt out of having sensitive data collected about them.
The FTC, and even many companies that handle sensitive consumer data, support federal legislation that would set national standards requiring companies and organizations to take appropriate steps to secure sensitive data about consumers. They also want the law to outline when firms must notify consumers about a data breach. At the beginning of this Congress, data-breach legislation appeared to be one of the few privacy-related measures that lawmakers could pass.
Industry representatives, however, said they do not expect Congress to pass data-breach legislation this year. “It makes a lot of sense to have a national standard around data-breach notification,” said Facebook Chief Privacy Officer for Policy Erin Egan. “It doesn’t seem like it’s likely to happen.”
Despite this, Rep. Mary Bono Mack, R-Calif., chairwoman of the House Energy and Commerce Subcommittee on Commerce, Manufacturing, and Trade, told reporters earlier this week that data-breach legislation is still a top priority for her panel this year. She said she was working to try to address concerns raised by Democrats about her data-breach bill but wasn't sure when the full committee may act on her legislation.
Meanwhile, Ari Schwartz, senior Internet policy adviser at the Department of Commerce, said it will likely be a few more weeks before the department releases its long-awaited final report outlining ways to protect consumer privacy online. “We’re looking at the right way to roll it out,” he said.
Brill said the FTC is aiming to release a separate report before the end of the first quarter.