Data brokers are in the hot seat in Washington, D.C., facing scrutiny from the FTC as well as an investigation by Sen. Rockefeller.
One of the country’s largest data brokers, Equifax, agreed to pay $393,000 to the FTC to resolve charges that the company, by illegally selling lists of consumers who were late on their mortgage payments, violated the FTC Act and Fair Credit Reporting Act (FCRA).
According to the complaint, Equifax allegedly sold more than 17,000 prescreened consumer names to Direct Lending Service and its affiliates (named as defendants in a separate FTC complaint), which they resold to third parties who used the information to pitch debt relief and loan modification services to consumers who were late on mortgage payments.
The initial sale to Direct Lending was illegal because the company did not have a “permissible purpose” under the FCRA, the agency said. In addition to the payment, Equifax agreed to establish reasonable procedures to limit the furnishing of prescreened lists to those with a permissible purpose.
In a separate settlement with the FTC, Direct Lending agreed to pay a $1.2 million civil penalty and is prohibited from using or selling prescreened lists without a permissible purpose or in connection with solicitations for debt or mortgage assistance relief.
The same day the FTC settlements were announced, Sen. Rockefeller sent letters to nine data brokers – including Acxiom, Experian, Reed-Elsevier, and Spokeo – seeking information on how they compile and sell consumer data.
In his letter, Sen. Rockefeller noted that answers to basic questions about the data broker industry remain elusive, including data about consumers the industry collects, how specific that data is, how the industry obtains that data, who buys the data, and how the data is used.
“As use of the Internet has grown, the data broker industry has already evolved to take advantage of the increasingly specific pieces of information about consumers that are now available,” he wrote. “While companies like yours engage in these practices, consumers are largely unaware of how your company uses their sensitive information for financial gain.”
To answer his questions about the companies’ practices, Sen. Rockefeller requested a list identifying each entity from which the data brokers have collected or received data about consumers, along with a list of the types of data. He also sought information about the methods used to collect data and the types of products or services the letter recipients have offered to third parties based on their data compilations.
Addressing concerns about consumer control, Sen. Rockefeller asked if consumers are provided with notice about the collection and sharing of their data and whether or not consumers can access, correct, or delete the information the companies maintain about them.
Sen. Rockefeller requested a response by Nov. 2.
To read the FTC’s complaints, click here.
To read Sen. Rockefeller’s letter, click here.
Why it matters: Data brokers will likely continue to face scrutiny for the foreseeable future. In addition to the FTC and Rockefeller investigations, there have been several recent media profiles of this industry, particularly in the wake of several high-profile data breaches. Lawmakers sent similar letters earlier this year to nine national companies expressing concern that the companies have “developed hidden dossiers on almost every U.S. consumer.” Furthermore, in its final privacy report issued in March, the FTC called for enhanced regulation of data brokers, including greater transparency and the ability of consumers to access their information, noting that efforts to establish self-regulatory rules concerning consumer privacy have fallen short.