Keeping Tabs on Big Data to Protect Consumer Privacy

Angela Preston

Big Data

The scrutiny of big data continues. On August 15, the FTC announced a $3.5M settlement with Cetergy Check Services, Inc.  The FTC’s complaint alleged, among other things, that Cetergy did not follow proper dispute procedures and failed to follow reasonable procedures to assure maximum possible accuracy of the information it provided to its merchant clients, as required by the FCRA.

Cetergy sells information to companies so that retailers and other businesses can make decisions about a consumer’s ability to get credit and pay for goods and services by check. The FTC claimed that Cetergy:

  • failed to assure that the information it provided to retailers was accurate
  • failed to follow proper dispute procedures
  • failed to create a streamlined process for consumers to obtain free annual reports that they are entitled to; and
  • failed to establish and implement reasonable written policies and procedures regarding the accuracy and integrity of information it furnishes to other CRAs.

This is the first Commission action alleging violations of the Furnisher Rule, which went into effect on July 1, 2010.

Not to be outdone, on September 6, 2013, the Consumer Financial Protection Bureau (CFPB) officially put “furnishers” on notice. The CFPB released a bulletin stressing that, under the law, companies that supply information to consumer reporting companies, called furnishers, are responsible for investigating consumer disputes forwarded by the consumer reporting companies. The CFPB reminded furnishers that they are also responsible for reviewing all relevant information provided with the disputes, including documents submitted by consumers. The CFPB bulletin warned that it would be taking appropriate supervisory and enforcement actions to address violations including restitution to harmed consumers.

Big Data and the Big Picture

The Cetergy case, and now the CFPB’s warning to furnishers, appear to be part of a broader initiative to target the practices of data brokers in the business of compiling, maintaining, and selling sensitive consumer information.  The collection and use of information, if not monitored, may put consumers at a disadvantage—particularly if the furnisher and/or the CRA do not follow the law. An op-ed piece in the Washington Post on August 16, 2013 by FTC Commissioner Julie Brill articulates concerns about the way personal information and consumer data are collected and used for commercial purposes.

“All day long, as we surf the Web, tap at apps or power up our smartphones, we send digital information out into cyberspace. As we live our wired lives, we constantly add to the veins from which data miners pull pure gold. It took the NSA revelations to make concrete what this exchange means: that firms, governments or individuals, without our knowledge or consent, can amass large amounts of private information about people to use for purposes we don’t expect or understand.”

Brill is concerned that the information being gathered by ‘big data” might be used against innocent consumers. Using information for hiring decisions is clearly regulated by the FCRA (Fair Credit Reporting Act). So employment background screening companies cannot use the information from data brokers without following the law—obtaining consent from the consumer in advance, and making the necessary disclosures and providing required notices.  But Brill is worried about unregulated purposes. For example, she points out that information may be used to prevent certain consumers from making purchases based on spending habits, joining on-line services or social networks, or other areas that fall outside of the protection of the FCRA. The FCRA regulates how information can be used and under which circumstances use is permitted, but Brill points out that not all companies are following the law.  In the Cetergy case, the FTC has made it clear that is is willing to step in on behalf of consumers when regulated companies are not following the law.

Brill and her boss, the new head of the FTC Edith Ramirez, have been publicly urging businesses to “come out of the shadows and into the sunlight.” Brill’s speeches urge companies to get behind her Reclaim Your Name Initiative, to bring data brokers and firms together with regulators to empower consumers to make decisions about how and when their information can be compiled and used. That combined effort makes a lot of sense, since we all have so much to gain and can all benefit from the wealth of information and the benefits of using the technology and convenience of the web. By working with the FTC and the CFPB, data brokers and consumer reporting agencies can put their money where their mouth is, and establish reasonable ground rules to protect consumers while still maintaining all of the benefits of sharing information and data.

Angela Preston
Follow Me

Angela Preston

Vice President of Compliance & General Counsel at EmployeeScreenIQ
Angela Preston has more than 20 years as a licensed attorney and over 10 years in the background screening area. She serves on the Board of Directors of the National Association of Professional Background Screeners (NAPBS), is a member of the NAPBS Background Screening Credentialing Council (BSCC), and is actively involved in the Society for Human Resource Management (SHRM) and ASIS International. Angela is also a member of the Ohio State and Columbus Bar Associations. Angela has direct oversight and management of compliance programs, and will provide guidance in complex legal matters including state and federal legislation, EEO law, client education, adjudication, pre/adverse action process, NAPBS Accreditation and client and vendor contract management.
Angela Preston
Follow Me