Anaysis of Data Broker Oversight Hearing

Senate Commerce Committee  

While no specific, concrete legislative or regulatory measures were enumerated, Committee leadership did indicate that they favored providing the FTC with enhanced regulatory authority over such data brokers.  In particular, Chairman Rockefeller stated that this hearing was only one part of his ongoing scrutiny of the industry.

Witness List:

• Jessica Rich, Director, FTC Bureau of Consumer Protection
• Pam Dixon, World Privacy Forum 
• Dr. Joseph Turow, Annenberg School of Communication
• Tony Hadley, SVP of Government Affairs, Experian 
• Jerry Cerasale, SVP of Government Affairs, Direct Marketing Association (DMA)    

KEY TAKEAWAYS FOR NCISS MEMBERS

The Definition of Data Broker: 

The issue of how the law should define "data broker" was discussed throughout the hearing. Private investigators and small businesses are particularly concerned that an expansive definition of data broker could mean enhanced governmental scrutiny. The issued was first broached by Tony Hadley in response to a question by Sen. Ron Johnson (R-WI). Mr. Hadley pointed out that a key problem for regulating the industry is that defining a data broker as a person who holds or uses personal data could be unduly expansive. Sen. Blumenthal (D-CT) pushed back on this issue, claiming that the GAO report fully defines data broker. Sen. Deb Fisher (R-NE) returned to the definition issue in an effort to show that the FTC would over-regulate small business if given the power to regulate data brokers. Jessica Rich (FTC) claimed that the Commission is only concerned with regulating "non-consumer facing data brokers." Professor Turow added that he would broadly define a data broker as "someone who connects the dots."     

The Court Ventures ID Theft Case: 

In October, the Justice Department indicted a Vietnamese man for stealing personal data from over half a million Americans through Experian and other data brokers. The man obtained the information from Experian while posing as a private investigator.  Chairman Rockefeller sent a letter asking, among other questions, what types of entities obtained data from Experian. In Wednesday's hearing, Senator McCaskill (D-MO) aggressively questioned Tony Hadley on Experian policies on accepting clients. Sen. McCaskill focused her entire line of questioning on the Court Ventures case, expressing outrage that Experian could be so lax in selling personal data without an adequate "vetting process." 

The Role of the FTC:

Self-Regulation of the Data Broker Industry: 

Tony Hadley and Jerry Cerasole focused largely on the "AdChoices" opt-out system out in place by the industry. Sen Cory Booker (D-NJ) described himself as internet savvy and still did not know of the program. Professor Turow agreed, saying most Americans did not know of the system. Overall, most of the Democrats on the panel were skeptical of industry efforts to protect privacy data without government oversight. 

Consumer Labels and Questionable Industry Practices: 

Many Senators on the panel emphasized the data broker industry abuses described by Pam Dixon. For instance, data brokers sell lists of "underbanked consumers" to companies that may sell scams. Data brokers compile lists of consumers with medical conditions that circumvent health information security laws (HIPAA). Data brokers create "propensity reports" which serve as credit reports and circumvent the Fair Credit Reporting Act (FCRA).

Scrutiny on Experian: 

Chairman Rockefeller sent letters to the 9 largest data broker companies, Experian is one of the largest. Tony Hadley and Jerry Cerasole appeared on behalf of Experian in order to demonstrate cooperation but were subject to hard questioning on their company practices. 

Sincerely,

The Legislative Advocacy Team from

Francie Koehler