The Federal Trade Commission recently issued the findings of its long-awaited Data Brokers Report, which compiled information gathered from nine data brokers commissioned for the study in December 2012. The purpose of the Report, which examined data brokers catering to the product marketing, risk mitigation, and people search industries, is to advocate for greater transparency from data brokers themselves with the help of proposed legislation to regulate their actions.
The Report is the latest document introduced to support a growing trend towards transparency regarding data collection practices. The FTC has been advocating for improvements in this area since the 1990s, when it introduced the short-lived, self-regulated Individual References Services Group, and may finally have grounds for legislative action within the findings of the study. States are already taking notice: the California Senate has just passed a bill, SB 1348, which would require data brokers to provide a consumer opt-out function and allow consumer access to information. With regulation imminent and scrutiny focused on data brokers, it may be time to reevaluate the brokers you do business to ensure future compliance.
In December 2012, the FTC contacted nine data brokers: five selling marketing products, or business and advertisement-related information; four selling risk mitigation products, or products used by lenders and payment collectors to very a customer’s identity; and three providing people search websites, or sites on which individuals may search for another’s publicly available information on a single database. The FTC wanted to know how much consumer data each data broker collects; what sources are used to collect the information; whether consumers have the ability to correct misinformation; whether consumers have the ability to opt out of collection; and what purpose the collected information is ultimately used for.
The findings primarily focused on industry characteristics, benefits and risks of each product, and availability of consumer choice. A clear point, and what is conceivably the greatest argument for transparency supported by legislation, was the complexity of the data broker industry. Data brokers receive the information they collect not just from an individual’s online presence, but just as often, from each other. This poses an increased risk to consumers that misinformation will spread rapidly, and makes it almost impossible for a consumer to correct misinformation at the source since the source is ultimately lost in the web of data buying and selling.
Data brokers are tasked with handling consumer information which, if wrong or used improperly, can harm consumers. For example, if a risk mitigation data broker collects misinformation about the credit history of a consumer, that consumer may be wrongfully denied the ability to conduct a transaction. Without sufficient transparency, the consumer will never have the opportunity to correct this mistake, and will continue to be harmed as the trading of misinformation continues.
Recommendations and Impact
Through this Report, the FTC is making every effort to lend a sense of urgency to its call for legislation and regulation of the data broker industry.
The proposed legislation is broken up into three categories based on the data broker class. For marketing products, the FTC recommends legislation that will allow consumers access to their data, increasing awareness of the information collected, providing a mechanism for changing misinformation, and providing the ability to opt out of information sharing. To address the threshold issue that most consumers have no information about what data brokers are or where they exist online, the FTC suggests a centralized online database consisting of the largest data brokers in the industry. The FTC also suggests that those who use data broker services display this fact prominently on consumer-facing pages, which may impact the caliber and quantity of visitors to a site. Additionally, this will put more pressure on the data broker customer, previously an invisible entity, to vet the data broker used and ensure it complies with applicable legislation and best practices.
Legislation targeted to risk mitigation products is similarly focused on transparency. The FTC requests that companies employing risk mitigation products that may adversely affect a consumer’s ability to complete a transaction, such as using the product to confirm identity, clearly identify the data broker used for this purpose. On the data broker side, data brokers should give consumers access to information stored by the data broker so they may correct misinformation themselves. The FTC noted the possibility that this access could be usurped by those with ulterior motives, but provides no specific guidance on how to prevent the unauthorized access of consumer information.
Finally, data brokers who represent people search products may be subject to similar legislation requiring that consumers be allowed to access their information and opt out of information sharing if desired. Data brokers would be further instructed to disclose any limitations of the opt-out feature, such as the possibility that a name closely related to the consumer’s name may still appear in searches. Additionally, the FTC requests that any legislation require data brokers to disclose source information so that a consumer may correct misinformation at the point of origin. The FTC did not, however, address this in the context of the issue that most data brokers trade information with each other, and that the true source of misinformation may be impossible to determine.
Though legislation regulating data brokers has not yet passed, the trend towards transparency and the persistency of the FTC lends the conclusion that some form of regulation is likely. To the extent that information on data brokers is currently available, one would be wise to keep in mind the considerations and possible legislative guidelines outlined above when choosing which data broker services to employ.