Federal Government

Data Brokers Know Far More About Consumers Than Consumers About Them, Says FTC

Anna Gallegos adds a bit of context to the FTC's report on data brokers.

By  
on

Do you know where your data is? According to the Federal Trade Commission, the answer is “no.”

The agency wants Congress to intervene against data brokers – companies that collect personal information and resell it, mainly for marketing purposes. The FTC released a report on Tuesday of the top nine data brokers in the US and how most Americans don’t know that their personal information is being collected.

According to the Chronicle of Data Protection,

the FTC states that consumers may benefit from increased transparency into the operations of data brokers. It notes that data brokers collect and store billions of data elements covering nearly every U.S. consumer, in many cases without consumers’ knowledge. The FTC recommends that Congress consider enacting legislation to make data broker practices more visible to consumers and to give consumers greater control over the handling of their information by data brokers.

The data collected by firms like Acxiom, Datalogix and Corelogic range from the innocent (what sports you follow) to the personal (health and financial information) and everything in between (what kind of car you drive and general shopping habits).

“Of the nine data brokers, one data broker’s database has information on 1.4 billion consumer transactions and over 700 billion aggregated data element,” according to the report.

Sponsored

While the FTC outlines the need for legislation allowing people access to see what data is being collected on them, the ability to correct wrong information or entirely opt out, their proposal is nothing new.

Democratic Senators John Rockefeller and Ed Markey introduced a bill in February that nearly mirrors what the FTC is asking for. The bill, which is waiting in the Senate Commerce, Science and Transportation committee, is meant to reign in an industry that operates “behind a veil of secrecy,” writes privacy lawyer Meena Harris for Inside Privacy.

The Act would require data brokers to establish procedures to ensure the accuracy of data collected. Additionally, the Act would require that consumers be a means to review and correct personally identifiable information, unless the information includes only name or address. Data brokers would also be required to maintain websites with instructions on how consumers may review their information. Further, for data brokers that maintain data used for marketing purposes, the Act would require an opt out for individuals who do not want their information to be used for such purposes.

While not directly against data brokers, there have been civil suits and states pushing against data mining. In 2013, both California and Massachusetts ruled that something as simple as collecting ZIP Codes as part of credit card transactions violated the states’ consumer privacy laws.

Marketers and data collectors have been less than thrilled about efforts to limit their industry, but at least one broker, Acxiom, made an attempt to be more open about their activities. AboutTheData.com allows people to see what data Acxiom collected on them even though the site is rather vague about where the information came from and is riddled with inaccuracies if you have a common name, live with multiple people or frequently move.

Sponsored

Because of the variety of information collected, intellectual property attorney Deborah Peckham offers a healthy dose of skepticism about data regulations:

But there is a qualitative difference between the risk to user data caused by a hacker looking for credit card details, and the exposure to consumers caused by capturing consumer movements around the web and/or collecting anonymized data for analytics purposes.

That is, sometimes I think consumers and commentators confuse the need to keep sensitive information (like credit card data) protected, with the somewhat innocuous practice of using non-personally identifiable information for broader (and largely benign) analytics’ and marketing purposes. Personal data, including my name, my credit card number, my contact details and my medical history —all of that needs to be inaccessible to hackers, in my control and not shared unless I say so.

The FTC’s latest report is just part of their effort to improve overall consumer data security. The commission has been tightening standards for mobile apps and punishing hacked companies for weak security standards, so it was inevitable that the FTC continued the same message against data brokers;

Topics

, , , , ,