On May 7, 2013, the Federal Trade Commission (the “FTC” or “Commission”) issued warning letters to ten companies described as “data brokers,” based on a “test shopping” operation by the FTC that indicated that these companies’ practices potentially violated the Fair Credit Reporting Act (“FCRA”). Under the FCRA, companies who distribute personal information about consumers used for making decisions about the consumers’ creditworthiness, eligibility for insurance, or suitability for employment, are considered to be “consumer reporting agencies” and are subject to obligations under the FCRA.

Of the ten companies that received letters, according to the FTC, two appeared to offer “pre-screened” lists of consumers for making firm offers of credit, two appeared to market information used for making insurance decisions, and the other six appeared to offer consumer information for employment purposes. None of the companies were accused of wrongdoing by the FTC; instead, the letters were a reminder to the companies to evaluate their practices in order to determine whether they meet the definition of a consumer reporting agency. 

The FTC also noted that this action was taken in conjunction with an “international privacy practice transparency sweep” coordinated by the Global Privacy Enforcement Network—a network established to foster cross-border cooperation among privacy authorities.

These letters are only the latest step undertaken to enforce the FCRA against a number of different data companies. In the past two months, the FTC announced a final order settling FCRA charges against marketers of criminal background screening reports and issued warnings to six websites that share information with landlords that they may be subject to the FCRA.