Ten data broker companies have been warned that their practices could violate the Fair Credit Reporting Act (FCRA) after a test-shopping operation by the Federal Trade Commission revealed the companies are willing to sell consumer information without following FCRA requirements.
The 10 companies receiving the warning letters from the FTC include:
• ConsumerBase and one additional unnamed company for appearing to offer “pre-screened” lists of consumers for use in making firm offers of credit.
• Brokers Data and US Data Corp. for appearing to offer consumer information for use in making insurance decisions.
• Crimcheck.com, 4Nannies, U.S. Information Search, People Search Now, Case Breakers and USA People Search for appearing to offer consumer information for employment purposes.
The FTC issued the letters this week in conjunction with an international privacy practice transparency sweep conducted by the Global Privacy Enforcement Network (GPEN). The network connects privacy enforcement authorities to promote and support cooperation in cross-border enforcement of laws protecting privacy.
Several GPEN members from countries around the world are taking steps this week to ensure that companies meet their obligations related to the privacy of consumers’ personal information.
The test-shopping operation involved FTC staff members posing as individuals or representatives of companies seeking information about consumers to make decisions related to their creditworthiness, eligibility for insurance or suitability for employment.
Data broker companies that collect, distribute or sell this information are considered consumer reporting agencies under the FCRA, meaning they must reasonably verify the identities of their customers and make sure that these customers have a legitimate purpose for receiving the information. This requirement ensures that the privacy of sensitive consumer report information is protected.
Of the 45 companies contacted by FTC staff in the test-shopper operation, ten appear to violate the FCRA by offering to provide the information without complying with the law’s requirements.
The letters are not an official notice by the FTC that any of the named companies is subject to the requirements of the FCRA, nor do the letters lay out any formal complaints against the companies.
Instead, they serve to remind the companies to evaluate their practices to determine whether they are consumer reporting agencies, and if so, how to comply with that law.