More than 20 percent of data brokers checked by the U.S. Federal Trade Commission allegedly violated a U.S. privacy law when sharing personal data with agency workers posing as companies wanting to purchase information.
This week, the FTC warned 10 data brokers, most with a significant online presence, that they may be violating the Fair Credit Reporting Act.
The FCRA requires consumer reporting agencies to reasonably verify the identities of data customers and to ensure that these customers have a legitimate purpose for receiving the information.
The FTC, in a test-shopping operation, found that the 10 data brokers appear to violate the FCRA by sharing the information without running the required checks on their data customers.
The data brokers may be subject to the FCRA because two of them appeared to offer pre-screened lists of consumers for credit offers, two others appeared to offer consumer information for making insurance decisions, and six appeared to offer employment screening information.
The FTC checked 45 data brokers during its test-shopping operation, the agency said in a press release.
Four of the companies that were sent warning letters didn’t immediately respond to requests for comment.
The FTC issued the letters in conjunction with an international privacy practice transparency sweep conducted by the Global Privacy Enforcement Network (GPEN), which connects privacy enforcement authorities from across the globe. GPEN members are focusing this week on educating companies about their obligations related to the privacy of consumers’ personal information, the FTC said.
Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant’s e-mail address is grant_gross@idg.com.