Data brokers lack transparency and Congress should consider laws giving consumers more control over personal information, the Federal Trade Commission said after studying companies including Acxiom Corp. and CoreLogic Inc.
Data brokers collect and share “vast amounts” of information, typically behind the scenes without consumer knowledge, the U.S. agency said in a report yesterday. Some store data indefinitely, creating potential security risks, the FTC said.
“Data brokers often know as much -– or even more -– about us than our family and friends,” FTC Chairwoman Edith Ramirez said in a news release. “It’s time to bring transparency and accountability to bear on this industry.”
Senate Commerce Committee Chairman Jay Rockefeller introduced legislation in February to prohibit data brokers from collecting consumer information in deceptive ways, and to allow consumers to see and correct their information. There hasn’t been a vote on the measure.
“Congress can no longer put off action on this important issue,” Rockefeller, a West Virginia Democrat, said in an e-mailed statement. “We owe it to consumers to provide them with greater control over how data brokers are obtaining and using their personal data.”
Brokers amass information about consumers from public records and other companies and create profiles that are sold to other companies. Sometimes those profiles can help consumers find products and services they prefer, according to the report.
Such narratives “could result in our being treated differently based on characteristics such as our race, income, or sexual orientation,” FTC Commissioner Julie Brill said in a separate statement.
“Perhaps we are described as ’Financially Challenged’ or instead as ’Bible Lifestyle.’ Perhaps we are also placed in a category of ’Diabetes Interest’ or ’Smoker in Household,’” Brill said. “The profiles have the ability to not only rob us of our good name, but also to lead to lost economic opportunities, higher costs, and other significant harm.”
U.S. Representative Joe Barton, a Texas Republican, and Representative Bobby Rush, a Chicago Democrat, last month introduced a bill that would require data brokers to do more to verify the accuracy of information they gather, and would authorize the FTC to conduct or order independent audits following security breaches.
Acxiom shares concerns about sensitive data and works to protect it, Jennifer Barrett Glasgow, chief privacy officer for the company based in Little Rock, Arkansas, said in an e-mailed statement.
Alyson Austin, a spokeswoman for Irvine, California-based CoreLogic, didn’t immediately provide a comment.
The agency in 2012 told nine companies to provide information about their practices. Besides Acxiom and CoreLogic, the other companies receiving FTC orders in 2012 were Datalogix Inc., eBureau LLC, ID Analytics Inc., Intelius Inc., Peekyou LLC, Rapleaf Inc. and Recorded Future Inc.
Data broker Spokeo Inc. agreed to pay $800,000 in 2012 to settle claims by the FTC that the company violated the Fair Credit Reporting Act by failing to ensure that information it sold was accurate. The company marketed profiles to companies and recruiters as an employment-screening tool, the agency said. The profiles included photos and information about religion, ethnicity and participation on social networking sites.
In April, the FTC accused InfoTrack Information Services Inc. of failing to ensure the accuracy of background screening reports sold to employers. In many cases, the company provided inaccurate information suggesting job applicants potentially were registered as sex offenders, the FTC said.