Wondering what the Federal Trading Commission, or FTC, is up to these days? It’s going undercover to ensure data brokers are in compliance with the Fair Credit Reporting Act.
And so far, the government agency isn’t liking what’s it’s discovering. Several years ago, police departments across the country would often ask high school kids who looked older than they were to help them. They wanted them to go into local convenience stores and attempt to buy beer. That didn’t last long once the lawyers began pointing out the liability of doing such things; it was a moment in time that was quickly forgotten. Now, though, it looks as though the Federal Trade Commission, or FTC, is doing something similar.
Bypassing Fair Credit Reporting Law
The investigations have so far shown that at least ten data brokers are potentially bypassing the FCRA – and it’s only just begun the investigation. What ultimately happens remains to be seen, partly because of the less than aggressive letter it recently sent to those found violating the law.
The Fair Credit Reporting Act was signed into law in an effort of better protecting the privacy and other rights of consumers.
The ten data brokers who were clearly not adhering to the Act have already been sent letters. Those letters explain how the FTC came across the information and provided instances of how each was breaking compliance. Data brokering companies that collect, distribute or sell this information are considered consumer reporting agencies under the FCRA. That means they’re held to high standards when it comes to protecting American consumers and their identifiable information, including their financial documents.
The Sting Operation
Here’s how it works – staff members with the Federal Trade Commission were sent into the offices with the goal of securing information on consumers. They said they represented different companies and that the information would be used to “to make decisions related to their creditworthiness, eligibility for insurance or suitability for employment,” the agency explained. Instead of making reasonable efforts to verify the identities of those seeking the information and ensuring their purposes for wanting it was legal, the brokers provided the information with little or no resistance.
Therefore, the brokers had no idea whether or not they’d just released the information to hackers or others with less than legal purposes. The requirement was put into place to ensure sensitive information as well as the privacy of consumers was always protected. This includes their credit histories and scores, the information on the credit accounts, including mortgages and credit cards, as well as social security numbers, addresses and other private information.
So far, there have been forty five companies approached by the FTC in its “test shopper” operation – also known as a privacy practice transparency sweet by the Global Privacy Enforcement Network, or GPEN. Of those, ten have been found out of compliance – that’s almost 25 percent, which is alarming at best and likely criminal too. How many more of these test shopping efforts will occur hasn’t been made public.
Global Privacy Enforcement Network (GPEN)
This agency, which is obviously in many other countries, works with various law enforcement agencies in countries as well as lawmakers and other government agencies so that cross cooperation may be promoted when it comes to privacy laws. The U.S. isn’t the only one ramping up the heat. Several country members are already taking their own precautions so that their respective national laws are being adhered to.
The Ten Out of Compliance
Wondering who received the FTC letter? We have not only the names of the data brokers, but the way they violated the Act as well.
ConsumerBase and one unnamed broker are being accused of prescreening consumers and then using those names to sell to third parties so that “firm” offers of credit can be made, including offers for credit cards and other revolving debt.
Brokers Data and US Data Corporation both appear to have offered consumer information to insurance companies so that offers can be forwarded to those consumers.
Crimcheck.com, 4Nannies, US Information Search, People Search Now and Case Breakers were approached and they too offered up various identifying packets of information for employment purposes – which is especially troubling and suggests some companies are willing to approach those who are out of work and desperate for a job with promises of a new career, only if they’ll shell out so much money in “fees” and “headhunter fees”.
It’s important to note, too, that these are not being touted as official letters, but rather, reminders of what the FCRA calls for. There are no formal charges pending at this time, though that could change if these problems are addressed in the very near future. The goal, reads the FTC’s presser, is to “remind the companies to evaluate their practices to determine whether they are consumer reporting agencies. If they are, then they must determine how to comply with that law.”
While these brokers are being motivated by greed, the real question is if any of these sells resulted in problems for consumers. Also, the question has to be asked: will consumers file lawsuits when this goes mainstream (and it will)? One thing’s for sure – the government won’t be sued. Late last year, the Supreme Court ruled that the government couldn’t be sued for violating the FCRA. It all happened when an attorney, after paying federal court filing fees for a case, looked at his receipt and realized it had personal information that shouldn’t be on a receipt. He sued and Justice Scalia wrote that the government couldn’t be sued over the Act, because the Act itself has remedies and
(w)here…a statute contains its own self-executing remedial scheme, we look only to that statute to determine whether Congress intended to subject the United States to damages liability.
The case was sent back to a lower court, where it is today.
So what are your thoughts? Do you think this investigation is going far enough or has the government tied its own hands when it comes to forcing compliance? Let us know what you think – we want to hear from you.