Judging from the ten warning letters mailed to data brokers this week and the six we detailed last month, it is clear that the Federal Trade Commission (FTC) is taking violations of the Fair Credit Reporting Act (FCRA) very seriously. These warning letters come on the heels of the FTC’s decision in December of last year to begin focusing on the privacy practices of the data brokerage industry generally. As shown by the Equifax case, which we previously discussed on this blog, warning letters can lead to large monetary penalties and, thus, should heeded by everyone in the data brokerage business, even if a letter has not been specifically directed towards it.
FCRA Generally and Details of the FTC’s Most Recent Inquiry
The FCRA was created to protect consumers’ privacy and to ensure that those who collect, distribute and sell consumer information – called consumer reporting agencies (CRAs) – properly verify the identities of the parties requesting such information and confirm that such parties have a lawful purpose for receiving consumer information.
The latest set of warning letters resulted after FTC Staff contacted 45 data brokers, posing as individuals and/or companies seeking consumer information. Of the 45 data brokers, it was determined that ten brokers were willing to sell information to the FTC agents without properly following the authentication procedures set forth in the FCRA.
According to the FTC’s website, the ten companies receiving warning letters from the FTC include:
- Two companies that appeared to offer “pre-screened” lists of consumers for use in making firm offers of credit: ConsumerBase and one additional company;
- Two companies that appeared to offer consumer information for use in making insurance decisions: Brokers Data and US Data Corporation; and
- Six companies that appeared to offer consumer information for employment purposes:Crimcheck.com, 4Nannies, U.S. Information Search, People Search Now, Case Breakers and USA People Search.
Takeaway and Best Practices for Data Brokers
While the FTC makes clear that it has not reached a conclusion regarding whether or not the ten companies in question have actually violated the FCRA, the warning letters serve as not-too-subtle reminders for the companies to re-evaluate their verification procedures in accordance with the requirements set forth by the FCRA. Considering the FTC’s recent scrutiny of the data brokerage industry, it would be wise for every company that collects, shares or uses consumer information to evaluate its business practices to avoid encountering an FTC investigation and associated fines and other costs.
If you are interested in learning more about this topic or need to review your data collection, usage and/or distribution practices based on the recent issuance of FTC warning letters, please e-mail us at firstname.lastname@example.org, or call us at (212) 246-0900.
The material contained herein is provided for informational purposes only and is not legal advice, nor is it a substitute for obtaining legal advice from an attorney. Each situation is unique, and you should not act or rely on any information contained herein without seeking the advice of an experienced attorney.