In its first enforcement action under the Fair Credit Reporting Act (“FCRA”) about the sale of data compiled from publicly available online sources in the context of employment screening, the Federal Trade Commission (“FTC”) announced yesterday that it had entered into a $800,000 settlement with an online data broker, Spokeo, for allegedly marketing consumer profiles to employers and recruiters without complying with the requirements of FCRA. In addition, the FTC settled charges that Spokeo violated Section 5 of the FTC Act by posting surreptitious endorsements of its services under the names of others.
The FTC Red Flags Rules were not specific to the securities industry and there was some confusion as to which entities were subject to their requirements. This blog entry describes proposed rulesto applyRed Flag rules to certain broker-dealers, investment companies, investment advisers, futures commission merchants, commodity pool operators, introducing brokers, and other SEC- and CFTC-regulated entities
In the report issued by the FTC yesterday, the FTC calls on Congress to consider enacting targeted legislation to provide greater transparency for, and control over, the practices of information brokers and to allow consumers to access their data maintained by information brokers. The FTC notes that Congress could model any such legislation on a bill that the House passed during the 111th Congress, as well as similar bills introduced in the 112th Congress. These bills included some data accuracy and access provisions that were targeted specifically to information brokers. The bills are detailed in this blog entry.
On January 19, the Supreme Court decided NASA v. Nelson, a case brought by NASA contractors alleging that questions asked by the federal agency in a background check violated their constitutional right to information privacy — i.e., a constitutional privacy interest in the government “avoiding the disclosure of personal matters” recognized in a pair of 1977 cases, Whalen v. Roe and Nixon v. Administrator of General Services. At issue were questions that asked whether the contractors received “any treatment or counseling” regarding illegal drug use within the previous year (as a follow up to a question regarding whether they used, possessed, supplied or manufactured illegal drugs within that year), and questions directed toward references for information bearing on “suitability for government employment or security clearance,” including “adverse information” about an the contractor’s “honesty or trustworthiness,” “violations of the law,” “financial integrity,” “abuse of alcohol and/or drugs,” “mental or emotional stability,” “general behavior or conduct,” or “other matters.”
On October 27, the Commodity Futures Trading Commission (CFTC) issued proposed privacy and data security rules under the Gramm-Leach-Bliley Act (GLBA) and Fair Credit Reporting Act (FCRA), pursuant to the Dodd-Frank Act.
On July 1, 2010, final regulations will go into effect that impose new obligations on entities that furnish information about individuals (“data furnishers”) to consumer reporting agencies (“CRAs”) for use in reports about those individuals. These regulations require data furnishers to institute reasonable policies and procedures that (1) ensure the accuracy and integrity of furnished information and (2) allow individuals to formally dispute the correctness of certain information that is furnished about them to CRAs directly with the data furnisher.
FTC Chairman Leibowitz: “Congress needs to fix the unintended consequences of the legislation establishing the Red Flags Rule – and to fix the problem quickly.”
The Federal Trade Commission (FTC) announced today that it is delaying enforcement of its FACTA Red Flags Rule until June 1, 2010 “[a]t the request of Congress.”
The Personal Data Privacy and Security Act (“PDPSA”), recently reintroduced by Sen. Patrick Leahy (D-VT) and referred to the Senate Judiciary Committee proposes comprehensive federal regulation of data broker services. While enactment of the PDPSA remains uncertain, the draft legislation may presage future legislative and regulatory trends. Comprehensive Federal Regulation of “Data Brokers” Title II [...]