Who Oversees Data Brokers Selling Personal Info? No One
By David Lazarus. Updated October 31, 2016.
You probably already know that you have precious little privacy, and that shadowy data brokers have built the buying and selling of people's personal information into a multibillion-dollar industry.
But did you know this: Nobody knows how many so-called list owners and list brokers are operating nationwide. The best guess is tens of thousands.
Or this: These businesses operate largely unregulated, overseen day to day by no official authority.
And if they get things wrong -- that is, if there's ever need to correct files as a result of a death, divorce or similarly life-changing event -- there's pretty much nothing you can do to hold these firms accountable.
Federal regulators find this just as frustrating as consumers.
"We think there is a real problem with the lack of transparency in the data-broker industry," said Maneesha Mithal, associate director of the Federal Trade Commission's division of privacy and identity protection.
Privacy was in the news Thursday as the Federal Communications Commission approved sweeping rules aimed at ensuring that broadband providers don't abuse customers' browsing history, mobile location data and other sensitive info. Service providers must get customers' permission before using or sharing such information.
"It's the consumers' information," FCC Chairman Tom Wheeler said. "How it is used should be the consumers' choice. Not the choice of some corporate algorithm."
That sort of thinking, however, doesn't extend to data brokers.
Questions about the regulatory landscape for info merchants arose after I wrote about an Encino woman whose husband was receiving pitches from health insurers 14 years after his death.
I asked the various insurers where they got the impression the guy was still alive, and they said they'd purchased his name and address from list brokers.
But when I asked which list brokers they used, all I got was crickets. In most cases, consumers have no way of knowing where such data was obtained or who should be contacted to fix errors.
"It's virtually impossible for consumers to have a window on this marketplace," said Mithal.
The FTC has proposed legislation that would address some of these problems. But it's gotten nowhere.
Meanwhile, the number of data brokers continues to grow, with each firm exploiting the convergence of public records and digital technology.
"Consumers don't realize how much information they give out," said Suzanne Doyle-Ingram, president of Strategic List Services, a list broker with offices in the United States and Canada. "It starts with your phone service. As soon as you sign up, that information becomes available."
After that, she said, every survey you fill out, every magazine you subscribe to, adds more pieces to the puzzle. Before long, a data broker knows your name, address, age, hobbies, interests and other details of your life that can be parsed into a variety of mailing lists, depending on a marketer's needs.
"Anybody can come up with a list of pretty much anything," Doyle-Ingram said. "If you're a client who wants a list of dentists in Connecticut, it's not hard to come up with a list of dentists in Connecticut."
The fact that the number of list owners and brokers is unknown should send a chill down the spines of consumers. Industry sources and federal authorities estimate that there are between 50,000 and 70,000 such businesses nationwide.
So your chances of finding the one that provided bad data about you or a loved one are basically nil.
One of the country's largest list brokers, Nebraska's Infogroup, told me the company is more than willing to update its records any time a consumer makes contact. All the consumer has to do is ask a business which list broker it used.
"If Infogroup is the source, they will be provided with our contact information, and they then can contact us via our website," a representative said by email.
But what if the business won't reveal the identity of its list broker?
The Infogroup representative didn't answer.
"You're always going to run into situations like that," said Greg Rubin, a partner with the list broker Prospects Influential. "Clients don't always want to say which brokers they use."
He and other data purveyors advised me to speak with the Direct Marketing Assn., an industry group. Senny Boone, the association's general counsel, acknowledged that "there are companies out there that may not be aware of their responsibilities."
She said any association member is obliged to trace erroneous data to its source and make sure a correction is made.
One small problem: The Direct Marketing Assn. has about 2,000 members. That's only a small percentage of the tens of thousands of list owners and brokers out there.
Another thing: While Boone said the direct-marketing industry is proud of its "robust self-regulatory regime," what we're talking about here is the honor system. That's not exactly the most confidence-boosting safeguard for consumer privacy.
The FTC laid out its concerns about data brokers in a 110-page report released a couple of years ago. Among the agency's recommendations was creation of a website that would allow consumers to see what info data brokers know about them and opt out of having it shared in the future. It also would allow people to correct bad info.
That and other sensible ideas put forward by the agency have been ignored by lawmakers, leaving consumers to fend for themselves.
My simple proposal is passage of a federal or state law that requires any business contacting consumers to disclose, upon request, the source of that contact information. People thus would have the ability to fix errors in list brokers' databases.
But I'm not holding my breath.
Carmen Price, 74, lives in Los Angeles' West Adams neighborhood. Her husband died in 2014.
"I still get all kinds mail and solicitations for him," she told me.
Price said she writes "Deceased" on the letters and sends them back. Then more letters arrive.
"They never pay attention," Price said. "I don't think they care."