Legislators Not Satisfied with Responses from Data Brokers

Legislators Not Satisfied with Responses from Data Brokers

Published On November 15, 2012 | By Jon Frankel | Data Security, General, Privacy
TwitterLinkedInFacebookRedditCopy LinkEmailPrint

On July 24, 2012, Reps. Edward J. Markey and Joe Barton sent letters to nine major data brokerage companies, including Acxiom, Epsilon (Alliance Data Systems), Equifax, Experian, Harte-Hanks, Intelius, FICO, Merkle and Meredith Corp., asking how they collect, assemble and sell consumer information to third parties.  The lawmakers expressed concern that the “large scale aggregation of the personal information of hundreds of millions of American citizens raises a number of serious privacy concerns.”  According to the lawmakers, the business of data brokerage includes the “collecting, assembling, maintaining, and selling to third-parties of consumers’ personal information” and by combining consumer data from various offline and online sources, data brokers have developed “hidden dossiers on almost every U. S. consumer.”

The data brokers responded on August 15, 2012, but the lawmakers did not release their responses until November. It is apparent the legislators are not satisfied – “[T]he data brokers’ responses offer only a glimpse of the practices of an industry that has operated in the shadows for years,” the lawmakers said in a joint statement.  The lawmakers added: “Many questions about how these data brokers operate have been left unanswered, particularly how they analyze personal information to categorize and rate consumers. This and other practices could affect the lives of nearly all Americans, including children and teens. We want to work with the data broker industry so that it is more open about how it collects, uses, and sells Americans’ information. Until then, we will continue our efforts to learn more about this industry and will push for whatever steps are necessary to make sure Americans know how this industry operates and are granted control over their own information.”

In their responses, all but Acxiom rejected being called “data brokers.”  For example, Equifax stated that it was not a data broker but rather a consumer credit reporting agency that is heavily regulated by various federal and state regulators, including the Federal Trade Commission and State Attorneys General, pursuant to a variety of laws , which include the Fair Credit Reporting Act and the Gramm Leach Bliley Act.  Similarly, Merkel stated that it “is not in the business of collecting data directly from consumers and offering it for sale to the public” and does not “mine consumers’ individual information or develop detailed dossiers of consumers.” Intelius stated that it was not a data broker but rather a retail e-commerce business that provides consumers with access to data compilations of public record and other generally available data sources. Epilson did not specifically address whether it was a data broker but rather stated it was part of the direct marketing industry that helps producers of goods and services connect with consumers most likely to purchase such items. The responses from the other companies are available here.

The bi-partisan interest in data brokerage industry practices, the White House’s focus on consumer privacy as evidenced by its Privacy White Paper, and the Federal Trade Commission’s specific interest in this area discussed in its Privacy Report (see previous ZwillGen blog postings here and here), all demonstrate that further inquiries of the data brokerage industry are likely to follow.

About The Author

Jon Frankel has been advising clients on privacy, data security, e-commerce, intellectual property and litigation matters for more than 15 years. Jon provides practical advice to mitigate privacy and data security risks and helps clients navigate a myriad of complex data collection, use and sharing cases. Jon advises on health and children’s privacy; email, SMS and telemarketing; mobile applications; user generated content; contests, promotions, and sweepstakes, online gaming; and requests from law enforcement. Prior to joining ZwillGen, Jon was a partner in the Washington, D.C. office of Bingham McCutchen, LLP, where he co-chaired the Privacy and Security Group.