The FTC "test-shopped" for data from the companies and determined that they may be in violation of the FCRA, according to the missives, dated last week.
The firms in the crosshairs are ConsumerBase, Brokers Data, US Data Corporation, Crimcheck.com, 4Nannies, U.S. Information Search, People Search Now, Case Breakers and USA People Search. The tenth company was not named by the FTC.
US Data Corporation is conducting its own internal investigation of sorts in the hopes of discovering why the FTC put them on its list. "We're looking into why; we're not a CRA [Credit Reporting Agency]," said the firm's CEO Eric Kaminsky.
The company sells demographic, age, income, and other data compiled from public records, in addition to providing marketing services.
The undercover FTC data shopper did not place an order with US Data Corporation, according to Mr. Kaminsky, who said he supported the FTC in its efforts. "This kind of thing helps catch people who are bad guys," he said of the FTC operation.The data shopping sting was part of a global privacy initiative of consumer protection collective Global Privacy Law Enforcement Network, according to the FTC. The agency in December asked nine data brokers to detail their data collection and use practices.
"Those people who approached you to buy information about consumers and said they needed it for things like determining creditworthiness, suitability for employment, or eligibility for insurance? They may really have been FTC staffers checking if companies were complying with the Fair Credit Reporting Act (FCRA)," notes a blog post written by Lesley Fair, senior attorney with the FTC's Bureau of Consumer Protection.
The agency approached 45 companies seeking such consumer financial data, and "10 appeared willing to sell information without complying with the requirements of the FCRA," notes the post.
According to the agency, ConsumerBase and another unnamed firm offered lists of consumers who were pre-screened for credit card offers. Brokers Data and US Data Corporation allegedly sell consumer data for use by insurance providers. The remaining six companies named sell consumer information for employment purposes, said the FTC.
The letters say only that the companies may be in violation of the FCRA, not that they are in violation. "At this time, we have not evaluated your company's practices to determine whether they trigger the obligations of the FCRA," said the letters.
If found in violation, the firms could be subject to FTC action in addition to laws enforced by other federal, state or local agencies. The FTC could seek penalties of up to $3,500 per violation.