http://www.nytimes.com/2012/07/25/technology/congress-opens-inquiry-into-data-brokers.html
July 24, 2012
Congress to Examine Data Sellers
By NATASHA SINGER
In a move that could lay bare the inner workings of the consumer data industry, eight members of Congress have opened a sweeping investigation into data brokers -- companies that collect, collate, analyze and sell billions of details annually about consumers' offline, online and mobile activities for marketing and other purposes.
Representative Edward J. Markey, Democrat of Massachusetts, and Representative Joe L. Barton, Republican of Texas, co-chairmen of the Bipartisan Congressional Privacy Caucus, along with six other lawmakers, sent letters of inquiry on Tuesday afternoon to nine leading industry players. In the letters, the legislators requested extensive information about how the companies amass, refine, sell and share consumer data.
Data brokers often collect details about people's financial, retail and recreational activities to help clients like airlines, automakers, banks, credit card issuers and retailers retain their best customers and woo new ones.
The letter's recipients included marketing services firms like Acxiom and Epsilon; consumer reporting agencies like Experian and Equifax, which have separate credit reporting and consumer analytics divisions; Fair Isaac, now known as FICO, the credit scoring services company; and Intelius, a company that offers reverse phone look-up and background check services. The letter gave the companies three weeks to respond.
The Congressional inquiry heightens the scrutiny of a largely unregulated industry whose companies sell their services to third parties, rarely interacting directly with consumers.
In 2010, the Federal Trade Commission began its own investigation into the practices of more than a dozen data compilers. One of those companies, Spokeo, recently agreed to settle charges [1] with the government that it had violated federal law by selling consumers' personal data for employment screening. Enforcement actions against several other data brokers are pending, the agency said.
Now Mr. Markey says he wants the Congressional investigation to further expose data broker practices, saying some had the potential to affect people's access to education, health care, employment or economic opportunities.
But Mr. Markey's ultimate goal is to determine whether legislators should enact a law regulating the industry. Unlike consumer reporting agencies, which are required by federal law to show people their own credit reports and allow them to correct errors, information brokers are not currently required to show consumers information collected about them for marketing purposes.
"We have gone from an era of data keepers to this new era where data reapers are able to create very complex profiles of every American," Mr. Markey said in a telephone interview.
He said he was particularly troubled by data broker programs that categorize individual consumers as desirable or undesirable sales prospects, often without their knowledge and consent, a practice that he said raised privacy concerns. "I'm hoping to ratchet up the transparency so we can foster a system of oversight and consumer control over their data."
The privacy caucus's letter was prompted by an article [2] last month in The New York Times about Acxiom, based in Little Rock, Ark. Mr. Markey's office gave The Times a copy of the letter.
Jennifer Barrett Glasgow, the chief privacy officer of Acxiom, said company executives had testified before Congress numerous times to inform legislators about the steps they take to protect consumers. "We are happy to provide whatever information we can to further inform interested parties," she said.
Other industry representatives did not immediately respond to requests for comment.
The privacy caucus does not have subpoena power. But Mr. Markey said other industries, like cellphone carriers, had complied with his requests in the past. He said he expected similar cooperation from data brokers.
The letter asked each company to provide a list of all of its sources of data; a list of the specific kinds of consumer information, including ethnic, race or religious data, it collects; descriptions of the data collection methods used, like tracking of social network or mobile phone activity; explanations about each product and service the company has marketed to third parties since January 2009, and the type of data used in such products and services; details about whether any of the products or services are federally regulated; explanations about the security measures used to protect consumer data; as well as descriptions of the opt-out, data access, correction and deletion options the company offers consumers.
The direct marketing industry already offers consumers choices about managing marketing pitches sent through the mail. [3] Digital marketers have a program for people who wish to opt out of receiving online ads tailored to their behavior. [4]
But Mr. Markey said consumers also needed greater access to data collected about them so they could make more informed choices.
"You have to make sure that the values of the physical world accompany the transition to the virtual, digital world," he said.
[1] http://www.nytimes.com/2012/06/13/technology/ftc-levies-first-fine-over-internet-data.html
[2] http://www.nytimes.com/2012/06/17/technology/acxiom-the-quiet-giant-of-consumer-database-marketing.html
[3] https://www.dmachoice.org/dma/static/about_dma.jsp
[4] http://www.aboutads.info/choices/