Like chicken and waffles or ham and pineapple on pizza, some combos don’t sound like they’d go together, but make sense once you find out more. Put the FTC’s settlement with Spokeo on that list. According to the FTC, data broker Spokeo violated the Fair Credit Reporting Act and used deceptive endorsements in violation of Section 5. A closer look at the pleadings explains how those two hot topics found their way into one FTC complaint.
FCRA first. The FTC's action against Spokeo — which resulted in an $800,000 civil penalty — is the agency's first FCRA case to address the sale of data collected from online sources, including social media, in the context of employment screening. Spokeo collects and compiles personal information about consumers from hundreds of data sources, including social networks. It merges the data to create detailed personal profiles of consumers. What’s in the profiles? Information like a person’s name, address, age range, and email address — and, in many cases, details about their hobbies, ethnicity, religion, use of social media, and photos.
The FTC alleges that for a two-year period, Spokeo marketed those profiles to human resources professionals, job recruiters, and others as an employment screening tool. Exhorting recruiters to “Explore Beyond the Resume,” Spokeo’s ads encouraged them to use the company’s services to get information about — among other things — job candidates’ online activities. According to the FTC, to reach an HR audience, Spokeo bought thousands of online advertising keywords related to employment background checks, applicant screening, and recruiting; added a RECRUITERS tab to its website; promoted a spokeo.com/HR URL; and offered special subscription plans for HR customers. Those marketing strategies encouraged HR professionals to use Spokeo to get information that could be used as a factor in deciding which candidates to interview and hire. And that, says the FTC, is where the Fair Credit Reporting Act comes in.
The FTC alleges that Spokeo operated as a consumer reporting agency and violated the FCRA by failing to take steps the law mandates to protect consumers. Specifically, the complaint charges that Spokeo didn’t live up to the FCRA’s requirement that credit reporting agencies make sure that the information they sell is used only for legally permissible purposes. The FTC also charged Spokeo with failing to ensure the information was accurate and failing to tell users about their obligations under the FCRA, including the requirement to notify consumers if the user took an adverse action against that person based on information in the report.
An interesting fact: In 2010, Spokeo changed the Terms of Service on its website to state that it wasn’t a consumer reporting agency and that clients may not use the company’s website or information for FCRA purposes. But according to the FTC, Spokeo failed to revoke access to companies using the data for that purpose, including subscribers who may have signed up via the Spokeo.com/HR page or who had bought subscriptions in response to Spokeo’s marketing efforts to HR professionals.
Although this is the agency’s first law enforcement action of its kind, it’s not the FTC’s first foray into the applicability of the FCRA to social media information provided to prospective employers. On May 9, 2011, the FTC staff sent a public letter to a company reminding it that the FCRA applies with full force when a consumer reporting agency assembles or evaluates consumer report information — including data collected from social networking sites — that is then furnished to third parties that use it as a factor in making employment decisions.
The purpose of this blog and its comments section is to inform readers about Federal Trade Commission activity, and share information to help them avoid, report, and recover from fraud, scams, and bad business practices. Your thoughts, ideas, and concerns are welcome, and we encourage comments. But keep in mind, this is a moderated blog. We review all comments before they are posted, and we won’t post comments that don’t comply with our commenting policy. We expect commenters to treat each other and the blog writers with respect.
- We won’t post off-topic comments, repeated identical comments, or comments that include sales pitches or promotions.
- We won’t post comments that include vulgar messages, personal attacks by name, or offensive terms that target specific people or groups.
- We won’t post threats, defamatory statements, or suggestions or encouragement of illegal activity.
- We won’t post comments that include personal information, like Social Security numbers, account numbers, home addresses, and email addresses. To file a detailed report about a scam, go to ReportFraud.ftc.gov.
We don't edit comments to remove objectionable content, so please ensure that your comment contains none of the above. The comments posted on this blog become part of the public domain. To protect your privacy and the privacy of other people, please do not include personal information. Opinions in comments that appear in this blog belong to the individuals who expressed them. They do not belong to or represent views of the Federal Trade Commission.