Thursday, July 26, 2012

Congressional Privacy Caucus Begins Inquiry into Data Brokers


The Bipartisan Congressional Privacy Caucus, chaired by Representatives Ed Markey (D-Mass.) and Joe Barton (R-Texas), announced this week that they are launching an inquiry into data brokers.  Members of the caucus sent letters to nine data brokers – Acxiom, Epsilon (Alliance Data Systems), Equifax, Experian, Harte-Hanks, Intelius, Fair Isaac, Merkle, and Meredith Corp.  – requesting that they provide information about their practices. 
The Caucus’s letters request information including:
  • The names of entities that have provided consumer information to the data broker;
  • The data items collected from or about consumers and the methods by which the data was collected;
  • Products or services offered to third parties that utilize consumer data;
  • The information consumers are given access to, if it is requested, and any policies around sharing or deletion of that data; and
  • Encryption or other safety protocols used to protect data.
The data brokers were asked to respond within three weeks. 
This is not the first time data brokers have attracted the attention of Washington policymakers, and it is not likely to be the last.  The data broker Acxiom was recently the subject of a lengthy article in the New York Times, reporting on Acxiom’s comprehensive consumer database, as well as its “PersonicX” product, which assigns individual consumer households to one of 70 specific consumer segments and 21 life-stage groups, with names such as “flush families” or “savvy singles.” The article was specifically mentioned in the Caucus’s letter to data brokers.  Earlier this year, as blogged about in this space, the FTC called for Congress to pass legislation specifically regulating the data broker industry.  Because consumers are rarely even aware of the existence of data brokers, the FTC did not view self-regulation as a realistic option for the sector. 
While data brokers may be anonymous to consumers, they are familiar to many direct marketers, who rely on them for a variety of services.  It is still too early to predict what effect, if any, the recent attention paid to data brokers will have on the industry, or the impact it may have on the services that direct marketers have come to depend on.  It seems likely, however, that any future regulation will require greater transparency for consumers. 
One possible outcome is that data brokers may in the future be subject to the kinds of reporting requirements applicable to consumer credit reporting agencies.  While practices currently vary throughout the industry, data brokers are not consumer-facing, and it is not generally possible for a consumer to get access to the full range of information that a data broker may have collected about him or her.  Julie Brill, an FTC Commissioner, has explicitly drawn the comparison to the credit reporting industry, telling the New York Times that, following the 1996 amendment of the Fair Credit Reporting Act of 1970, the credit reporting agencies shifted from being client-oriented to being consumer-oriented.  “The data broker industry could do the exact same thing,” Commissioner Brill commented. 
We will continue to monitor developments in this space, including responses to the Privacy Caucus’s letters.  The Caucus does not have subpoena power, but other industries have cooperated with it in the past.  Most recently, wireless carriers voluntarily provided information to Rep. Markey in response to letters requesting information about the records they share with law enforcement. Those responses made headlines earlier this month, when it was reported that in 2011 alone, state, local and federal law enforcement agencies made 1.3 million requests for wireless records, and that requests were increasing each month.