The Federal Trade Commission today furthered its inquiry into data brokers, or companies that develop and trade data about consumers, sending letters to several major firms today asking them to explain how they obtain consumer data and how they are accountable to the consumers whose profiles they peddle.
The FTC will aggregate the responses it receives to detail the practices and make recommendations on how the industry could improve its privacy practices. The report is expected in 2013.
The data brokering industry isn’t new, but its practices continue to evolve, said Tiffany George, a member of the FTC’s Bureau of Consumer Protection.
Data brokers obtain information from public records, often adding information they obtain from online sources, such as ad networks and social networks. Information users share publicly on social network can be obtained using an API or a search engine.
“We’re not sure all the different sources that any company uses, ” George said.
Despite the sensitive nature of the information data brokers collect and sell about individual consumers, the industry is “pretty much unregulated,” she said.
The FTC can bring enforcement acts against companies that exhibit unfair or deceptive practices. Regulations also limit how information is used to generate consumer credit reports under the Fair Credit Reporting Act. However, most data brokers avoid providing data that would be used for that purpose. Earlier this year, the FTC brought action against Spokeo for selling data for the purposes of credit reporting without adhering to the FCRA.
The FTC sent letters to Acxiom, Corelogic, Datalogix, eBureau, ID Analytics, Intelius, Peekyou, Rapleaf and Recorded Future. Several of the companies had previously received inquiries from a House Privacy Caucus. The FTC letters, unlike those, legally compel a response.