Lawmakers Release Information About How Data Brokers Handle Consumers’ Personal Information
Nine major data brokers provide lawmakers with only a partial glimpse of industry controlling information on hundreds of millions of Americans
WASHINGTON, D.C. – A bipartisan group of lawmakers, including Reps. Edward J. Markey (D-Mass.) and Joe Barton (R-Texas), co-Chairmen of the Congressional Bi-Partisan Privacy Caucus, today released responses to letters sent to nine major data brokerage companies querying each about how it collects, assembles and sells consumer information to third parties. The companies –Acxiom, Epsilon (Alliance Data Systems), Equifax, Experian, Harte-Hanks, Intelius, Fair Isaac, Merkle, and Meredith Corp. – responded to lawmaker questions about policies and practices related to privacy, transparency and consumer notification. Data brokers represent a multi-billion dollar industry, aggregating information about hundreds of millions of Americans from both online and offline sources, which they then may sell to third parties for targeted advertising and other purposes. Consumers often have little knowledge of the existence of these companies.
Other signatories on the letters include Reps. Henry A. Waxman (D-Calif.), Steve Chabot (R-Ohio), G.K. Butterfield (D-N.C.), Bobby L. Rush (D-Ill.), and Jan Schakowsky (D-Ill.).
“The data brokers’ responses offer only a glimpse of the practices of an industry that has operated in the shadows for years,” said the lawmakers in a joint statement. “Many questions about how these data brokers operate have been left unanswered, particularly how they analyze personal information to categorize and rate consumers. This and other practices could affect the lives of nearly all Americans, including children and teens. We want to work with the data broker industry so that it is more open about how it collects, uses, and sells Americans’ information. Until then, we will continue our efforts to learn more about this industry and will push for whatever steps are necessary to make sure Americans know how this industry operates and are granted control over their own information.”
A copy of the responses to the lawmakers, as well as the original letters, can be found HERE.
Findings from the responses include:
- All companies except for one – Acxiom – rejected the categorization of their business practices as data brokerage. One company called itself a “data provider”, while another reported that since it only “analyzes” data, they should not be considered a data broker.
- Only one company provided details on the number of consumers who request access to their information – Acxiom reported over the last two years as few as 77 people per year, out of the 190 million consumers it has collected information on, requested access to their personal information. Several other companies do not allow access to consumer data stating that information is not identifiable.
- In addition to collecting data about consumers from sources such as telephone directories, mobile phones, government agencies, financial institutions and directly from consumers themselves, several data brokers reported mining consumer information from social media sites such as Facebook and LinkedIn.
- The companies provided little explanation of the distinction between information they collect and use (e.g, a person is female) versus the information they create by analysis for profiling consumers (e.g. young female interested in weight loss sent coupon for a diet pill).
Epsilon (Alliance Data Systems)
Intelius response Exhibit A Exhibit B
Meredith Corp response