Your online personal data could ruin your finances, as companies seeking to turn big profits on your information run afoul of fair credit reporting practices.
Most people understand credit reports and how important they are in getting a good interest rate, qualifying for a mortgage and getting a job, but aren’t as familiar with the Fair Credit Reporting Act, which governs collecting consumer information for credit purposes. Now, as big data continues to collect the many digital crumbs people leave all over the Internet, there is a growing awareness on how this data trail can impact people’s financial lives.
The FCRA was enacted in 1970 to promote accuracy, fairness and the privacy of personal information, particularly surrounding sensitive data that decides consumers’ financial solvency. But some online data collection practices are threatening and complicating FCRA. Earlier this week, the Federal Trade Commission fined online search company Spokeo $800,000 for violations of this federal legislation, news that should serve as wake up call to consumers everywhere.
Is Spokeo Spooky?
Spokeo, a company that calls itself “not your grandmother’s phone book,” is a data broker that compiles dossiers on consumers.
Spokeo aggregates publicly available information from phone books, social networks, marketing surveys, real estate listings, and other public sources. This third-party data, which can include pictures of your home, financial matters and hobbies, is then indexed through methods similar to those used by Google or Bing to create a listing.
The company doesn’t directly ask the consumers for the information — it doesn’t have to, because it is out there, ripe for the picking on the Internet, mostly provided in the form of public records or by people themselves on social networks and sharing sites. A company like Pasadena, Calif.-based Spokeo simply finds the many crumbs people leave behind and assembles them in one place.
What’s the Harm in That?
Spokeo’s activity sounds innocuous, but the FTC alleged from 2008 to 2010 the company sold these profiles on millions of consumers to human resources departments and companies that conduct background screening and recruiting, without making sure the information would be used for legally permissible reasons.
According to the FTC, Spokeo encouraged companies to use its service to “Explore Beyond the Resume,” and ran online ads targeting employers. The federal agency said these marketing attempts indicated Spokeo was acting as a consumer reporting agency and violated two specific parts of FCRA: not making sure the information in the reports was correct, and failing to notify consumers if an employer decided against hiring based on what it found in the Spokeo report.
“This is the first commission case to address the sale of Internet and social media data in the employment screening context,” the FTC said in the statement.
“We have made changes to our site and our internal business practices in order to ensure we don’t infringe upon the FCRA’s important consumer protections,” Spokeo said on its website, stressing the company never intended to act as a consumer reporting agency.
Beyond Big Brother
While the “Big Brother” aspect of having a company follow online activity and compile a report out of it can be creepy, it is more troubling the raw data wasn’t verified for accuracy, an allegation the FTC leveled against Spokeo. If this trend continues, it could usher an age when the algorithm and search functions decide which information on say, Suzy Smith in Little Rock, Arkansas is related to job-candidate Suzy Smith, bundle it up and send it on.
Also, the agency noted Spokeo’s failure to comply with FCRA and notify candidates who were rejected based on their report, which further compounds the accuracy problem. FCRA added the notification provision so that consumers could learn what information on their credit reports was causing concern and rejection so they could focus on rectifying the problem. Or, in the cases where the information wasn’t correct, by taking the necessary steps to clear it up. This is another missed opportunity to ensure the integrity of all the bits of data.
The convergence of rising cases of identity theft and online data hacking can have profound implications on what data is applicable, reliable and current. In the rush to sample all the information the digital buffet offers up, it appears neither the data company — in this case Spokeo — or the employers and recruiters were particularly interested in knowing where all those tasty data tidbits came from, who cooked them up, and how long they’ve been sitting out there.
Who Wants to Know?
Most people realize advertisers want information about consumers — what they like, their location, their income levels, etc. — but increasingly other businesses are seeing value in personal information and, as the Spokeo case highlights, go way beyond pushing products.
Employers are increasingly interested in whatever online information they can get, especially for prospective hires. Many now routinely ask for candidates to hand password information over, a trend that is prompting lawmakers to draft laws to ban the practice.
Educational institutions — from colleges to grade schools — are looking at employees’ digital footprints and well as online information from students. The nation’s colleges are using the wealth of information when determining admissions, and recently a 12-year-old student in Minnesota filed suit against her school for demanding her Facebook password to search her saved information.
Known for their tenacity, debt collectors are testing the waters to see how far they can wander in online information and social media to find people and secure outstanding payments, and while judges are ruling on those guidelines, digital data is fueling other courtroom drama.
Divorce and family lawyers are turning to the treasure trove of digital evidence that is easy to get, often time stamped and viewed as almost incontrovertible by society. For example, nearly 92 percent of attorneys reported an increase in “smartphone” evidence like calls sent and received and text messages from mobile devices. And, family courts acknowledge social media is playing a bigger role in custody and child protection cases.
What Can You Do?
Knowing the Internet is compiling all sorts of personal data makes people nervous, but news that the nonprofit Center for Democracy and Technology, who filed the original complaint, and federal agencies like the FTC are working to protect consumers from abuses is heartening. Still, while the FTC’s fine may have Spokeo retreating, there are surely other public companies out there who are and will continue to spark similar complaints.
Individuals can try to limit their exposure to particular sites, first by addressing the amount of information they are broadcasting. By restricting privacy settings on social media, like Twitter and Facebook, opting out of location services, and just being mindful and cautious about their growing digital footprint, they can limit exposure.
These companies are the tip of the privacy iceberg, though, and their reach is extending beyond employment to other arenas. Moreover, there isn’t a lot known about who else might be collecting similar data, but not using it in a similar fashion subject to FCRA, operating under the public radar — like credit card companies, health insurance agencies and even grocery stores.
The demand for this kind of information is growing, it is often willingly supplied by the people it could be used against, and only requires some search capabilities and a logarithm to harvest. As the trend continues, these factors will challenge consumer advocates in their search solutions — so, meantime, buyer beware — do you know what is on your credit report?