Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Tag Archives: data broker

Posted in Consumer Privacy

FTC Settlement Reinforces Lessons for Data Broker Industry

The FTC has brought a number of actions over the years against companies that shared or failed to protect consumer information in violation of privacy policy promises or transferred data in violation of specific laws, such as the Fair Credit Reporting Act. In what may be viewed as charting new territory, the FTC recently brought a second action against a data broker for selling payday loan application information to entities that were not engaged in making any kind of loans to consumers. Both sets of defendants purchased payday loan application information from online payday loan websites where consumers provided personal information, including financial institution account information, on the applications. The defendants purchased the application information from the websites and sold the information to third parties who did not make payday loans to consumers, but rather made unauthorized charges to consumers’ accounts. The Commission alleged that the selling of such sensitive information was unfair.

Posted in Consumer Privacy

FTC Complaint Offers Lessons for Data Broker Industry

Two weeks ago, the FTC filed a district court complaint in Arizona against an operation that included three corporations and one individual. While touted as a case against data brokers (“FTC Charges Data Broker with Facilitating the Theft of Millions of Dollars from Consumers’ Accounts”), the single count unfair trade practices action really involves fraudulent and egregious conduct that took advantage of a particularly vulnerable population, but it nevertheless provides a few lessons for the data broker industry generally.

Posted in Consumer Privacy

The Hidden Mini-Dissents in the Data Broker Report of Federal Trade Commissioner Wright

On May 27, the Federal Trade Commission issued a report on the data broker industry that found data brokers operate with a ”fundamental lack of transparency.” The commission unanimously recommended that Congress consider enacting legislation to make data broker practices more visible to consumers and to give consumers greater control over the immense amounts of personal information about them that are collected and shared by data brokers. Not well-recognized at the time were a number of concerns, mini-dissents if you will, expressed by Federal Trade Commissioner Josh Wright. I recently asked Commissioner Wright some questions about his “dissent by footnotes.”

Posted in Consumer Privacy

FTC Releases Data Broker Report

Today, the Federal Trade Commission released Data Brokers: A Call for Transparency and Accountability. The report is an in-depth look at issues posed by the collection and dissemination of consumer information by the data broker industry and its findings will likely be used by both sides in the debate over data broker legislation and guide future FTC regulatory and enforcement activities in this space.

Posted in Consumer Privacy, Employment Privacy

FTC Fines Data Broker $800,000 for Marketing Consumer Profiles to Employers Without Complying with FCRA

In its first enforcement action under the Fair Credit Reporting Act (“FCRA”) about the sale of data compiled from publicly available online sources in the context of employment screening, the Federal Trade Commission (“FTC”) announced yesterday that it had entered into a $800,000 settlement with an online data broker, Spokeo, for allegedly marketing consumer profiles to employers and recruiters without complying with the requirements of FCRA. In addition, the FTC settled charges that Spokeo violated Section 5 of the FTC Act by posting surreptitious endorsements of its services under the names of others.

Posted in Consumer Privacy

Details on FTC Recommendation of Legislation to Address Practices of Information Brokers

In the report issued by the FTC yesterday, the FTC calls on Congress to consider enacting targeted legislation to provide greater transparency for, and control over, the practices of information brokers and to allow consumers to access their data maintained by information brokers. The FTC notes that Congress could model any such legislation on a bill that the House passed during the 111th Congress, as well as similar bills introduced in the 112th Congress. These bills included some data accuracy and access provisions that were targeted specifically to information brokers. The bills are detailed in this blog entry.

Posted in Consumer Privacy

FTC Releases Final Privacy Report

Today the Federal Trade Commission (FTC) issued its long-awaited privacy report, “Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for Businesses and Policymakers,” which is intended to articulate “best practices” for companies that collect and use consumer data, and to assist Congress as it considers new privacy legislation.

Posted in Cybersecurity & Data Breaches

House Passes Comprehensive Data Security Legislation

On December 8, the House of Representatives by voice vote passed H.R. 2221, entitled the “Data Accountability and Trust Act,” which would require all organizations engaged in interstate commerce that manage or contract another to manage electronic data containing personal information to comply with a comprehensive set of standards designed to protect that information from unnecessary disclosure and to prevent identity theft and other fraud. Th eBill now heads to the Senate where passage this year is unlikely, but where consideration next year is expected.

Posted in Cybersecurity & Data Breaches

Senate Committee Approves Data Security Bills Creating Federal Data Security Program, Breach Notification Requirements: Criminal and Civil Penalties Give Proposed Law Real Teeth

On November 5, the Senate Judiciary Committee passed two bills that collectively would preempt a large swath of the patchwork quilt of state data security and breach notification laws that largely comprise the U.S. regulatory landscape today. While imminent passage is not expected, the prospects for a federal law are gaining momentum. Especially noteworthy are the criminal and civil penalties being proposed for companies that fail to properly deal with a data security breach.

Posted in Cybersecurity & Data Breaches

Recently Introduced Federal Legislation May Expand Regulation of Data Brokers

The Personal Data Privacy and Security Act (“PDPSA”), recently reintroduced by Sen. Patrick Leahy (D-VT) and referred to the Senate Judiciary Committee proposes comprehensive federal regulation of data broker services.  While enactment of the PDPSA remains uncertain, the draft legislation may presage future legislative and regulatory trends. Comprehensive Federal Regulation of “Data Brokers” Title II […]