Those people who approached you to buy information about consumers and said they needed it for things like determining creditworthiness, suitability for employment, or eligibility for insurance? They may really have been FTC staffers checking if companies were complying with the Fair Credit Reporting Act (FCRA).
Businesses that collect, distribute, or sell information for certain specific purposes are “consumer reporting agencies” under the FCRA. CRAs have a legal obligation to reasonably verify the identities of their customers and to make sure they have a legitimate purpose for getting the information. Those requirements help to protect the privacy of the sensitive data in the reports.
So what happened when FTC staffers went "shopping"? Of the 45 businesses the FTC approached, 10 appeared willing to sell information without complying with the requirements of the FCRA.
Six companies (Crimcheck.com, 4Nannies, U.S. Information Search, People Search Now, Case Breakers, and USA People Search) appeared willing to sell consumer information for employment purposes. Two companies (Brokers Data and US Data Corporation) appeared willing to sell info to be used in making insurance decisions. Two others (ConsumerBase and one additional company) appeared willing to sell pre-screened lists of consumers to use for making firm offers of credit.
Those 10 data broker companies were all contacted again by the FTC, but this time in the form of letters warning them that their practices could violate the FCRA.
Of course, the letters aren’t official FTC notices that the companies are covered by the FCRA and don’t lay out formal complaints. Rather, they remind the companies to evaluate their practices to determine if they’re credit reporting agencies. If they are, the letters offer information on how to comply with the law.
The warning letters are part of an ongoing international effort spearheaded by the Global Privacy Law Enforcement Network, an informal group of consumer protection and privacy agencies. Network members are taking steps this week to encourage companies to meet their obligations about the privacy of consumers’ personal information.
If you're in a similar line of work and didn’t get a letter, it still a good time for a compliance check-up. One place to start: the FTC's credit reporting page. You never know who may approach you next time.