The Federal Trade Commission provided information to Congress on Wednesday on the status of its work regarding data brokers - firms that collect and aggregate consumers information and then resell it.
FTC's Bureau of Consumer Protection Director Jessica Rich told lawmakers about the FTCs efforts related ot the privacy practices of the data broker industry. Her testimony was before the Senate Committee on Commerce, Science and Transportation.
"Because data brokers generally never interact directly with consumers, consumers are typically unaware of their existence, much less the variety of ways they collect, analyze, and sell consumer data," the testimony states.
The testimony notes that FTCs work in the data broker industry is not a recent development, pointing to work done by the Commission in the 1990s looking at the privacy practices of data companies not covered under the Fair Credit Reporting Act (FCRA).
In addition, the testimony points to recommendations made by the Commission in its 2012 report on privacy issues about improving the transparency of data brokers practices and giving consumers greater control over how their information is used. The recommendations made in the report included giving consumers reasonable access to the data maintained about them by data brokers. The report also noted that the FTC has long supported legislation both to improve consumers access rights to data and to improve the transparency of industry practices.
The testimony goes on to address the FTCs ongoing initiatives regarding data brokers using a three-pronged strategy made up of enforcement actions, research and reports, and education for consumers and businesses.
In describing the FTCs enforcement efforts in the data broker industry, the testimony notes that the agency has brought nearly 100 cases and obtained more than $30 million in civil penalties for violations of the FCRA.
Among the cases highlighted are the FTC's 2012 consent decree with online data broker Spokeo, its case against app developer Filiquarian and an August consent decree with Certegy Check Services, which resulted in a $3.5 million FCRA fine.