|
|
Privacy Statement
Landlord2Landlord® L.L.C. has and will continue to to live up to the rules and guidelines
as set forth by the FTC (Federal Trade Commission), and the IRSG. L2L's Resident
data is not for public viewing but is available to Businesses and Individuals who
are in the business of Renting and or Leasing Property to the public.
L2L® also offers it clients credit data from the major credit reporting agencies
and other sources. However just as other companies do not offer consumer credit
reports over the Internet, L2L® does not... What L2L® does to protect consumers
from information piracy is to fax requested reports to its subscribers who have
requested such data from L2L's Internet Web Site. L2L's Subscribers are screened
prior to being issued Subscriber Numbers. Congress has limited the use of consumer
reports to protect consumers' privacy. All users must have a permissible purpose
under the FCRA to obtain a consumer report. L2L® performs subscriber information
checks prior to issuing subscriber I.D's to insure the protection of its consumer
information. Furthermore L2L® does not and will not engage in the practice of selling
consumer information to the Direct Marketing Industry.
The following information is related to Reference Service Companies and what the
FTC is doing to develop regulations on the industry.
Computerized database services that sell personal identifying information about
consumers are often referred to as “individual reference services,” “lookup services,”
or “locators”. In the fall of 1996 these services drew considerable public and media
attention. At issue was the information these computerized database services gather
about consumers without their knowledge or consent. And the ease with which such
information can be accessed. In October of 1996, three United States Senators reacted
to these concerns by requesting that the Federal Trade Commission (FTC) conduct
a study of these computerized database services. For further clarification
Click Here to go to the Federal Trade Commission's Website.
In March of 1997, the Commission announced it would conduct a study of individual
reference services used primarily to identify, locate, or verify the identity of
an individual.(3) Services used primarily for direct marketing, for obtaining medical
and student records, or for purposes subject to the Fair Credit Reporting Act (“FCRA”)
fall outside the scope of the study.(4) Subsequent to the Commission’s announcement,
members of the individual reference services industry informed the Commission that
they planned to create a self-regulatory framework to address concerns related to
their industry. The Commission has since gathered information about the lookup services
by soliciting public comments and conducting a public workshop,(5) and Commission
staff has engaged in an ongoing dialog with industry members as they worked to craft
an effective self-regulatory framework. This report describes (1) the individual
reference service industry before implementation of the self-regulatory guidelines,
including the types and sources of information available through these services,
and how these services are used; (2) the benefits and risks associated with the
availability of this information; and (3) the viability of existing and potential
controls, including the industry’s proposed self-regulatory framework. It concludes
with the Commission’s recommendations in response to concerns associated with the
individual reference services industry.
The Industry
A. The Overview
Personal identifying information -- information that can be used to identify, locate,
or verify the identity of an individual(6) -- has been publicly available for some
time. Historically, the government, creditors, insurers, and employers have requested
or required from individuals information like name, aliases, address, telephone
number, date of birth, and Social Security number; individuals in turn have provided
such data in return for certain benefits and services. Moreover, law enforcement
agents, private investigators, lawyers, and news reporters have accessed this information
for decades in their efforts to track down targets, subjects, heirs, witnesses,
etc.
What has happened to make the availability of personal identifying information suddenly
spark such far-reaching interest and concern? In recent years, advances in computer
technology have made it possible for more detailed identifying information to be
aggregated and accessed more easily and cheaply than ever before.(7) In other words,
much more richly-detailed data is readily accessible to many more people. Not that
long ago, for example, a private investigator hired to track down the location of
a noncustodial parent who owed child support would have had to drive around town,
from courthouses to county records offices and from the public library to the local
department of motor vehicles. Standing in one line to access the records and waiting
in another to make copies, he likely would have to fill out forms to send away for
still more records from agencies not accessible by car or for records in storage.
Ultimately, the investigator would have to sit down and analyze the stacks of paper
before him, in the hope of distilling, without the benefit of any information from
most out-of-state agencies, his target’s current address. This scenario would play
out much differently today. Now, by keying in a few search terms at his laptop,
in the comfort of his office, an investigator who subscribes to a look- up service
can probably track down virtually everything he needs to know to have his target
personally served with legal documents. The difference between the costly and time-consuming
search once required and the easy and inexpensive retrieval of information now possible
can be viewed as a difference in kind, not just degree.(8)
This transformation is due in part to several technological developments. First,
data is increasingly available in electronic form.(9) Second, it is now easier to
combine data from multiple sources and create comprehensive information products.(10)
Third, computer processing speeds have increased.(11) Fourth, the cost of data storage
has dropped dramatically.(12) Finally, personal computers are becoming more affordable,(13)
and Internet use is growing more prevalent.(14)
In part due to these developments, the market for personal information, already
a multi- billion dollar industry, is growing larger and more diverse.(15) Longtime
members of the information industry as well as newcomers are responding to the swelling
demand by launching new and increasingly comprehensive personal identifying information
products and marketing them to a broadening spectrum of potential customers.(16)
As a result, providers of information used to locate, verify, and identify individuals
have emerged as a discrete industry.(17)
B. Types and Sources of Information Available
Individual reference service databases contain information about an overwhelming
proportion of the population, including children. For example, one prominent individual
reference service recently promoted one of its databases as containing the names,
current and former addresses, Social Security numbers, and telephone numbers of
160 million individuals.(18) The information is gathered from a wide variety of
sources. It typically originates from the consumers themselves, who provide identifying
information when they, for example, register to vote, apply for a driver’s license,
have a new telephone connected, order a catalogue, or apply for credit.(19) Individual
reference services then gather this information from public records (like real estate
records), publicly available sources (like telephone directories), and from nonpublic
sources (like credit reporting agencies). Alternatively, lookup services may obtain
the information from “information vendors,” entities that gather data from various
sources and either resell it or allow customers to access databases maintained by
the information vendors themselves (known as “gateway access”).(20) The types of
information gleaned from these various sources overlap a great deal. For example,
an individual’s mailing address may be reflected in records obtained from public
records, from other public sources, and from nonpublic sources.
1. Information from Public Records
Public records are a rich source of personal identifying information. Government
entities at all levels require individuals to provide various types of information
and are usually required to make such records available for public inspection.(21)
These records include, but certainly are not limited to, real property records,
marriage and divorce records, birth certificates, driving records, driver’s licenses,
vehicle titles and registrations, civil and criminal court records, parole records,
postal service change-of-address records, voter registration records, bankruptcy
and lien records, incorporation records, workers’ compensation claims, political
contributions records, firearms permits, occupational and recreational licenses,
filings pursuant to the Uniform Commercial Code (UCC), and filings with the Securities
and Exchange Commission (SEC).(22)
Public records may contain extensive and detailed information (e.g., race, gender,
Social Security number, address, and dates of birth, marriage, and divorce).(23)
Land records, for example, typically include property address and description, dates
of sales, sales prices, size of mortgage amounts, and sellers’ and purchasers’ names.(24)
Social Security numbers are available from the records kept by dozens of government
entities, such as motor vehicle bureaus and the SEC. Dates of marriage and divorce
may be gleaned from marriage and divorce certificates, respectively. Dates of birth
may be available from birth certificates and voter registration records.(25) Professional
license records may include name, address, type of license held, and in some cases,
the date of the license-holder’s last medical examination.(26) Driver’s license
records(27) make available in one place an individual’s name, address, height, weight,
gender, eye color, date of birth and, in some cases, Social Security number.(28)
Certain agencies, like the SEC, make records available gratis,(29) but in general
government records must be purchased for a nominal fee.(30) For example, the State
of New York sells driver's license information in the form of abstracts for approximately
five dollars each.(31) These abstracts can include such data as vehicle and ownership
information, driver’s license records, accident reports, conviction certificates,
police reports, complaints, satisfied judgment records, hearing records, and closed
suspension revocation orders.(32)
Although government records are increasingly available in electronic form,(33) many
still must be transcribed. Individual reference services obtain public records information
either directly from the government custodian of records, or indirectly, through
information vendors who transcribe it (if necessary) and resell it.(34)
2. Information from Other Public Sources
Publicly available information is another fertile source for personal identifying
information. Articles and classified ads in newspapers, magazines, and other publications
often provide identifying and background information on individuals.(35) Powerful
search engines, now available both through the Internet and proprietary networks,
enable people to comb through vast amounts of published materials and find all references
to a given individual.(36) White pages directories, whether in paper or electronic
form, are a readily accessible source of identifying information. The Internet and
CD-ROMs now make it possible to find names, phone numbers, and addresses for people
all over the country using one database. Other types of more specialized directories
have become prevalent as organizations like alumni groups and professional organizations
publish their membership directories on the World Wide Web (the “Web”).(37) In fact,
many new Web sites may prove to be abundant storehouses of information. Such Web
sites include not just personal home pages, where individuals publish their own
identifying information as well their hobbies and interests, but also, for example,
adoption pages, where separated children and birth parents post their identifying
information in the hope of being found.(38)
3. Information from nonpublic Sources
A third general category of information that can be found in these databases is
proprietary, or nonpublic, information, which the individual reference services
must purchase. Nonpublic information includes survey data, data reported by consumers
themselves,(39) identifying data contained in “credit headers,” as well as marketing
and other data.
A “credit header” is the portion of a credit report that typically contains an individual’s
name, aliases, birth date, Social Security number, current and prior addresses,
and telephone number. The three national credit agencies -- Trans Union, Equifax
Credit Information Services (hereinafter “Equifax”), and Experian -- maintain and
update this information, which they obtain from creditors, courthouses, and the
consumers themselves.(40) Trans Union and Experian currently sell credit header
information directly to individual reference services or to information vendors
who, in turn, sell it to the services.(41) Information in a credit report other
than the “credit header” may reflect an individual’s financial status, employment
background, credit history, or medical records. The dissemination of this type of
information is strictly regulated by the Fair Credit Reporting Act.(42)
Another possible proprietary or nonpublic source of identifying information for
lookup services is marketing information. According to the Direct Marketing Association
(“DMA”), which represents more than 3,000 United States corporations, information
gathered for marketing purposes, e.g., information gleaned from magazine subscription
lists and warranty cards, should not be an information source for individual reference
services.(43) The Commission, however, has learned of individual reference services
that now offer, or offered until recently, data purportedly originating from marketing
transactions.(44)
There are many other potential sources of nonpublic information. For example, some
lookup services claim to obtain information from sources such as phone records,
public utility records, and air travel records (indicating the airline, flight number,
date, time, and even seat assignment for an individual’s departure and return flight).(45)
Other lookup services may obtain information elsewhere; however, because not all
services reveal their sources for proprietary reasons, it is not possible to provide
an exhaustive list.
C. Characteristics of Information Products
Individual reference services sell identifying information as raw data, in the form
in which they received it, or they combine data from various sources and create
enhanced information products or reports.(46) Accordingly, customers, upon entering
search terms, can access information from one or more databases maintained by an
individual reference service, or obtain gateway access into a database maintained
by another entity.(47) The search may yield a compilation of identifying data used,
for example, to locate an individual, or it may compare data entered by the customer
to data in the database to verify an individual’s identity.(48)
The scope of information offered by individual reference services varies significantly.
Virtually all of these services include in their databases individuals’ names and
aliases, and current and prior addresses. Other services also make available certain
unique identifiers, such as Social Security number, date of birth, and mother’s
maiden name.(49) Additional information may also include: place of birth, names
and ages of family members and neighbors, schools attended, telephone numbers (listed
and unlisted), employment information (past and present), physical characteristics,
licenses held, voter registration information, driver’s license number, automobile
registration, personal identification numbers, association memberships, census information
associated with the addresses, and asset ownership. Searches may also yield information
about children, to the extent their identifying information is available.(50)
The number of databases employed by individual reference services to provide this
information varies significantly as well. On one end of the spectrum, some lookup
services provide access to one database and display, for example, only current and
prior addresses. On the other end, one service offered over the Internet claims
to offer the following product:
This is an amazing, revolutionary search. For one flat fee, this search takes any
individual’s name, or a company name, or any topic or subject, and runs it through
1,000 separate computer databases, which warehouse a collective 100 billion records.
(Not million. Billion) Any and all information is returned that is found of [sic]
the subject; length is unlimited. Many of the databases include Equifax, TRW, DBA,
Trans Union, ABI, Dun & Bradstreet, IDS, CDB, Information America, DDI, TRW
Business, Metromail, national newspaper database, national magazine database, UCCs,
national lien and judgment search, national bankruptcy, national federal tax liens,
national collection accounts, national mortgage search, national real property and
many, many more. This combined search is truly remarkable. On searches conducted
to date, the average report length has been 100 pages.(51)
Many information products fall somewhere between these extremes, yielding, for example,
the results of searches of a series of public records databases relating to a particular
topic, such as professional licenses or liens and judgments.
The cost to conduct a search ranges from roughly $1.50 to over $500.(52)
The cost is a function of which reference service is offering the product (for example,
an offline lookup service may charge $85 for a search that is available over the
Internet for less than $10) as well as the depth, detail, and accuracy of the information
sought.(53) Certain computerized databases offer identifying information to the
public for free over the Internet.(54) The free services typically include access
to one database containing public records maintained by government agencies or to
white-page directories. Government agencies are increasingly making public records
databases available for free over the Internet.(55) White-page directory databases
are essentially computerized versions of white pages telephone directories and contain
names, addresses, telephone numbers, and often E-mail addresses. Some of these lookup
services allow “reverse” searches, enabling the user to enter the phone number or
address and retrieve an individual’s name.
D. Procedures Used to Restrict Access to Information
Offline commercial individual reference services have typically utilized proprietary
networks (not the Internet) to transfer their information products to customers.
Under this arrangement, customers may access the information via modem from a personal
computer only after providing accurate and verified identifying and credit information,(56)
entering into a subscription and payment agreement with the provider, and obtaining
the necessary proprietary software.(57) Most individual reference services operating
through their own proprietary networks do not offer their services to the public
at large; instead they limit access to their services to what they deem to be legitimate
businesses for legitimate purposes.(58) Some lookup services require a sign-up fee
and monthly fees in addition to the per-search costs.(59) These costs may be high,
further restricting the general public’s access. Certain entities that sell information
products in bulk to individual reference services impose similar access restrictions
on their customers.(60)
The procedures used by the individual reference services to evaluate their customers
and their contractual arrangements vary.(61) Some lookup services require new customers
to complete an application in which the customer sets forth general purposes for
accessing the information and agrees to use the information legally.(62) Other services
may require a nexus between the user and the data subject.(63) Some services verify
all the information in the application; others make sure that the applicant is a
known business by conducting on-site visits(64) or by verifying that the phone number
provided in the application matches the one listed in the telephone book under the
business’ name.(65) The level of scrutiny an applicant must undergo may also vary
according to the type of information sought: certain lookup services grant access
to public records, for example, with less stringent verification procedures,(66)
or restrict access altogether to nonpublic sensitive information, such as Social
Security numbers(67) and information about children.(68) In addition, lookup services
may remind customers about permissible uses with messages that appear when the customer
attempts to run particular searches.(69)
A few services control risks of misuse by monitoring how their customers are using
the databases and by maintaining audit trails of who has accessed which information.(70)
Finally, lookup services may terminate or deny service for failure to abide by their
procedures.(71)
As mentioned above, individual reference services have begun operating over the
Internet.(72) Online services differ from offline services (i.e., services that
provide information through a proprietary network, but not over the Internet) in
that they may be more readily accessible to a broader spectrum of customers. The
range of information provided online parallels information provided through proprietary
networks, and may be sold for less money.(73) One online service, for example, is
reported to offer its subscribers an individual’s Social Security number, birth
date, and telephone number for just $1.50.(74)
Providing individual reference services over the Internet may pose unique problems
with verification and access restrictions. In fact, several offline companies, acknowledging
the risks in providing access to customers with whom they do not have an established
business relationship, choose not to provide their nonpublic information services
online.(75) Customers may attempt to access the services from computer terminals
away from their home or office with Internet access accounts that shield their identity.
Monitoring the uses by, and/or maintaining an audit trail of information accessed
by, a user who successfully remains anonymous would probably not be very helpful
in preventing or remedying misuse.
Certain online providers do take precautions to restrict access and prevent misuse.
Some refuse to serve customers who are accessing their Web site anonymously,(76)
and others require customers to enter into a subscription or use agreement,(77)
as is the case with their offline counterparts. The majority of online white-page
directory services limit the information they make available in the first place
by: providing only information that is accessible from telephone companies, suppressing
unlisted directory information, permitting consumers to opt out of having their
information made publicly available, and not allowing reverse searches.(78) However,
the barriers to entry for setting up a service online are remarkably low; by paying
a local Internet service provider as little as $19.95 per month and purchasing information
from a vendor, anyone can publish a Web site with whatever information she chooses.(79)
Thus, it is possible that some companies providing services online may offer information
more widely, with fewer restrictions.
III. Beneficial Uses
Individual reference services cater to a wide array of customers, from law enforcement
agents and corporations to public interest groups and individual consumers. Users
agree that, although the same information may be available from other sources, having
access to computerized databases enables them to obtain the information, and therefore
conduct searches and investigations, much more quickly.(80) Additionally, some point
out that increased accessibility to more information is necessary because people
are becoming more mobile and, accordingly, more difficult to find.(81)
A. Public Sector Uses
Individual reference services provide critical assistance to federal, state, and
local government agencies to carry out their law enforcement and other missions.(82)
Agencies, including the Federal Trade Commission, rely on the databases to detect
perpetrators of fraud, to locate and identify suspects and related businesses, and
to track down witnesses.(83) Agencies emphasize the importance of having access
to all possible identifying information.(84) A subject’s prior addresses may point
to locations where other law enforcement agencies may have warrants or case information.(85)
Knowing the identities of suspects’ neighbors is sometimes necessary for their protection.(86)
UCC filings, and lien and judgment records can link individuals and companies.(87)
Computerized databases play a particularly useful role in the prosecution of financial
crimes. The Financial Crimes Enforcement Network, an arm of the US Department of
the Treasury, (hereinafter “FinCEN”) relies heavily on computerized databases to
prevent and detect money laundering.(88) FinCEN carries out this mission in part
by combining information it receives from banks and other financial institutions
with government and public information.(89)
It then discloses the information to other law enforcement agencies in the form
of intelligence reports.(90) FinCEN also grants law enforcement officials in each
state online access to its financial database.(91) Because so many law enforcement
agencies rely on FinCEN for analytical support, FinCEN is even able to connect agencies
that are investigating the same crime or individual.(92) The National White Collar
Crime Center, a nonprofit organization funded by the US Justice Department, also
subscribes to individual reference services and, like FinCEN, conducts searches
on behalf of member agencies with criminal investigative authority related to economic
crimes.(93) In addition, the US Secret Service subscribes to approximately thirteen
of these databases. The Secret Service uses them to fulfill its mission to investigate
counterfeit currency and financial crimes, by locating targets and detecting fraudulent
practices, as well as its mission to protect public officials, by locating individuals
who pose a threat or who have information regarding potential threats.
B. Private Sector Uses
Individual reference services provide myriad benefits to the private sector as well.(94)
The services play important roles for diverse entities, including insurance companies,
banks, creditors, retailers, lawyers, private investigators, nonprofit agencies,
and journalists. Private sector representatives emphasize that many of their purposes
for using these services, like fraud prevention and the enforcement of court orders,
overlap with those of law enforcement.(95) In light of the increasing case loads
and decreasing budgets of many law enforcement agencies, they note that private
sector contributions in these areas are critical.(96)
The corporate sector appears to employ the lookup services primarily to detect and
investigate potential fraud. The insurance industry, for example, relies on these
services to investigate fraudulent claims.(97) Many people who submit fraudulent
insurance claims use a fake name or Social Security number; insurance companies
can detect these cases by verifying the claimant’s personal identifying information
through a service.(98) Credit grantors in the retail and other industries use information
provided by the lookup services to confirm the identity of credit applicants.(99)
They, too, make sure that all of the identifying information provided by the applicant
matches the information retrieved through the services, in order to detect and limit
potential fraud.(100) Banks have affirmative obligations to report credit card fraud,
insider abuse, and money laundering.(101) To fulfill these obligations, they use
the lookup services to: verify the validity of identifying information, such as
Social Security numbers, provided by new account applicants;(102) implement required
“know your customer” policies;(103) and ensure that potential employees have clean
records.(104) Many businesses also subscribe to lookup services to conduct due diligence
investigations(105) to minimize the risk of financial fraud in business dealings,
and to locate business debtors.(106) Private organizations may also use lookup services
in connection with fundraising efforts.
In relying on lookup services to prevent fraud in connection with credit and job
applications, the corporate sector may be using information provided by lookup services
to make decisions about whether to grant consumers credit or jobs.(107)
The precise information these entities are using to make such decisions remains
unclear.(108) To the extent that entities are making credit, insurance, or employment
decisions about individuals based on information in consumer reports (e.g., credit
history, financial status, and employment background information), their uses would
be subject to certain obligations and restrictions set forth in the Fair Credit
Reporting Act.(109)
The legal profession, either directly or through third parties like private investigators,
relies on individual reference services for many purposes, including locating witnesses;(110)
identifying parties and witnesses with a financial stake in the outcome of cases;(111)
finding assets to satisfy judgments;(112) conducting due diligence investigations
of financial representations;(113) and locating debtors, heirs, and pension fund
beneficiaries.(114) In addition, private investigators use lookup services when
hired by businesses to prevent or detect insurance fraud, bank fraud, and identity
theft.(115) Finally, they use lookup services on behalf of consumers to reunite
families; to locate missing or abducted persons; to carry out prenuptial investigations;
to stop stalkers; or to track down noncustodial parents who owe child support.(116)
Many public-interest oriented organizations rely on individual reference services
for quasi- law enforcement purposes, such as detecting fraud in connection with
campaign financing, finding missing children, curbing domestic violence, and enforcing
child support orders.(117) Government watchdog groups and others rely on individual
reference services to access Federal Election Commission filings to monitor the
records of federal campaign contributions.(118) Agencies such as the Center for
Missing and Exploited Children track down abducted children and runaway teens by
combining data such as name, address, Social Security number, and school enrollment
lists obtained from both private and public databases.(119) Other groups use lookup
services to prevent child and elder exploitation in the first place, by conducting
background checks of potential care providers.(120) Health care organizations use
the lookup services to locate organ and bone marrow donors.(121) The services are
also instrumental in assisting organizations find noncustodial parents who have
neglected to pay court-ordered child support.(122)
The parents can then provide this information to their government child-support
agency or use it to initiate their own court action.(123) These organizations also
emphasize the need to have access to as much identifying information as possible.
For example, one nonprofit agency claims a 90 percent success rate in finding parents
who owe child support when provided with a Social Security number, compared to a
57 percent success rate without it.(124)
Individual reference services play an important role in journalism as well. Journalists
use the services to ensure the accuracy of their stories, for example, by independently
verifying the identity of a news subject.(125) The lookup services also enable reporters
to enhance their stories with background information on news subjects, like disaster
victims and elected officials.(126) Journalists also emphasize the value of having
access to as much identifying information as possible.(127)
C. Consumer Uses
Many of the uses outlined above ultimately benefit consumers. Lookup services that
serve consumers, not just businesses, enable individuals to find information for
any of the uses outlined in this section, without having to hire an intermediary
to do it for them. By using these lookup services (typically offered over the Internet),
consumers can independently locate an old friend or family member, verify land title
in the course of a real estate transaction, or verify the validity of licenses of
medical or other professionals.(128) Furthermore, consumers indirectly benefit from
this industry in that fraud prevention in the corporate sector helps to keep consumer
prices down.(129) Moreover, society as a whole may benefit to the extent that this
industry enables the media to more timely and accurately report the news.
IV. Risks
While the individual reference services industry bestows undeniable benefits on
society, the wide availability of personal information also poses risks to consumers’
psychological, financial, and physical well-being. Consumers may be adversely affected
by a perceived privacy invasion, the misuse of accurate information, or the reliance
on inaccurate information. A meaningful risk assessment begins with an acknowledgment
that because consumers are not the customers of these companies,(130) the companies
have little marketplace pressure to respond to consumer interests. Furthermore,
because consumers do not have a direct relationship with look- up services, they
may remain unaware of possible exposure to risks.(131) Finally, consumers have few
means to protect themselves.(132)
A. Impact on Consumers’ Privacy Interests
Survey research over the past 20 years demonstrates that increasing numbers of Americans
are concerned about how personal information is being used in the Computer Age.(133)
A recent poll indicates that a sizable majority of Americans -- 88 percent -- are
concerned particularly about the sale of their Social Security numbers and other
personal identifiers.(134)
With increasing attention to privacy by the press, consumers are only now beginning
to learn about the individual reference services industry.(135)The outrage many
consumers expressed last year in response to learning about the availability of
their Social Security numbers through LEXIS-NEXIS’ P-Trak service suggests that
they would be even more concerned to learn about the wide availability of sensitive
information through other services.(136) Once consumers disclose their information
to private entities, or once it is transferred from a public records custodian,
where data subjects at least have the possibility of seeing and correcting their
own records, consumers essentially lose their ability to access information maintained
about them.(137) As data subjects have no relationship with companies offering individual
reference services, they have few means to determine which organizations store and
communicate information about them to others.(138) Furthermore, given this lack
of privacy, consumers as data subjects do not necessarily derive a direct benefit
from the service.(139) Even if consumers were able to determine who was storing
and selling information about them, only in rare instances could they access records
containing data about them, correct any errors, find out who has accessed their
records, or have their records removed from private databases.(140)
Consumers’ concerns about the privacy of their personal information are closely
related to the sensitivity, both real and perceived, of that information. The perceived
sensitivity of information varies with each individual and with the context in which
the information is requested or made available.(141) Many people, for example, are
completely comfortable listing their home address in the white pages, while others
may take precautions not to disclose this information unless absolutely necessary.(142)
Furthermore, while individuals may not be concerned with certain pieces of information
when standing alone, they may perceive those same pieces of information as sensitive
when integrated together,(143) or when used to uncover more potentially sensitive
information (such as using name and birth date to obtain Social Security number).(144)
Individuals also may change their idea of what is sensitive as they discover that
others are accessing their information for business or other purposes inconsistent
with the purpose for which it was originally furnished.(145) For example, an individual
may be comfortable providing income information when applying for a loan or a parent
may willingly disclose a child’s age to register the child in school, but would
not want this information made publicly available.(146) Furthermore, many consumers
feel comfortable with others being able to discover their phone number or address
using their name as a search term, but do not feel comfortable when their phone
number or address is used to find out their name through a “reverse search.(147)
Moreover, comfort with the availability of information in the physical world may
not transfer to comfort with the availability of the same information over the Internet.(148)
Finally, the same piece of information (e.g., age) may raise different privacy concerns
at different points in a person’s life.(149)
Certain unique identifiers, like Social Security number, are more uniformly perceived
as sensitive. This perception is reflected in recent survey findings as well as
by the public’s response to learning that their Social Security numbers were available
through LEXIS-NEXIS’ P-Trak service.(150)
This sensitivity is understandable given that many entities use Social Security
numbers to identify an individual before either granting access to more information,
like a bank account balance, or conferring a benefit, like opening a credit card
account.(151) Date of birth(152) and mother’s maiden name may be considered sensitive
for this same reason.(153)
Surveys conducted regarding consumers’ opinions about public records information
further illustrate that sensitivity is generally a function of both content and
context. Although consumers readily provide their information to government agencies
for discrete purposes (or when compelled to do so), they do not support the government
making all public records readily available. For example, one survey has found that
92 percent of American adults believe it is at least somewhat important that state
agencies not be able to sell or release personal data about them without their knowledge
or consent.(154) Similarly, another study concluded that 75 percent of American
computer users object to the wide availability of public records via the Internet.(155)
A third survey asked consumers how they felt about businesses accessing certain
public records to prevent insurance fraud.(156) The survey found that 60 percent
of Americans support the use of criminal records to combat insurance fraud and 51
percent support the use of motor vehicle records for that purpose.(157) This support
wanes, however, for the use of worker’s compensation records (40 percent), health
claims data (36 percent), medical records (31 percent), or pharmaceutical data (25
percent) to combat insurance fraud.(158)
B. Risks Associated With Inaccurate Data
It is not difficult to imagine how inaccurate information products could bring real
harm to consumers. A doctor whose professional license records are mistakenly excluded
from a professional licenses database may have a tough time recruiting new patients.
An entrepreneur whose records are crossed with those of a convicted white collar
criminal with the same name may not find many willing business partners. Similarly,
an operator of a day-care center whose identifying information, because of a typographical
error, indicates that a previous address is that of a local strip bar may not stay
in business very long.(159) The record reflects that, in an effort to prevent fraud,
certain entities use information obtained through the lookup services to decide
whether to grant an individual a job or credit.(160) If the information offered
by the applicant does not match the information obtained through the lookup services,
the applicant may be denied credit or employment. Inaccurate information in the
lookup services could cause an honest individual to be denied credit or employment
wrongfully. Finally, inaccurate information obtained through a lookup service could
result in an individual not being found and therefore not receiving an earned benefit
(e.g., pension benefits) or suffering harm (e.g., not learning of prior exposure
to toxic chemicals).
Given the ease with which information can be gathered, aggregated, and shared, errors
could be widely replicated(161) and the harm long-lasting. As described by one industry
representative, the information obtained through individual reference services is
unverified data, entered initially by human beings and accordingly subject to human
error.(162) While some companies warn their customers of this upfront,(163) others
tout the accuracy of their information products. One large supplier of public records
information assures its customers that the information it sells is at least 99 percent
accurate.(164) An information industry association states that because these databases
aggregate information from several sources, the information products tend to be
more accurate.(165) Several industry representatives point out that the information
must be accurate because the market demands accuracy.(166)
Even at their source, however, records may contain typographical errors, misspellings,
or omissions.(167) Furthermore, once records are transferred to secondary information
providers, they may not reflect the most current information (depending on the method
of data collection or backlog in updating the records at their source).(168)
They may contain errors caused during the creation of public records indices(169)
or during the transcription or transmission of the original records. Moreover, due
to overlap in identifying information, the results of a search of records compiled
from several sources could reflect a mismatch, displaying accurate information about
someone, but not necessarily the targeted individual.(170)
Data subjects generally do not have the ability to access the data maintained about
them by individual reference services to correct errors.(171) Consumers may in some
cases succeed in obtaining a copy of their records only by hiring a professional
to buy the relevant information products from lookup services to which the professional
subscribes.(172) Alternatively, consumers could buy information products containing
their own identifying information directly from look- up services which have less
stringent access requirements. Yet, even if consumers determined that information
products contained inaccuracies about them, there currently is no mechanism for
correcting errors. Moreover, correcting the error in one database may not solve
the problem, as misinformation tends to resurface in the same database,(173) or
show up later in others.
Although neither workshop participants nor commentaries identified concrete evidence
of harm linked directly to inaccurate records offered by lookup services, this can
be explained by factors other than the absence of such harm. Most consumers have
no way of knowing that adverse decisions affecting them are made based on inaccuracies
obtained through the lookup services. First, most consumers are unaware of the existence
of lookup services. Second, most lookup services do not maintain audit trails of
their customers’ uses, and, therefore, cannot determine whether an entity who has
made a decision affecting a consumer had in fact used a lookup service to access
that consumer’s files. Finally, except when users make decisions to deny credit,
insurance, or employment based on a consumer report (containing, e.g., credit history,
financial status, and employment background information) obtained from the lookup
services, the users have no obligation to notify the data subject that an adverse
decision was based on information obtained through a lookup service.(174)
C. Risks Associated With Unlawful Uses
Increasing access to personal identifying information also poses troubling risks
of unlawful uses. Whether initially obtained by an unscrupulous employee, a scam
artist able to sidestep access restrictions, a computer hacker,(175) or an Internet
surfer, personal identifying information in the wrong hands can have severe repercussions.(176)
One risk is that certain users, although they have an apparently legitimate purpose
for accessing information through the service, may exploit their access and use
the information for illegal purposes, like fraud. Responsible individual reference
services do employ security measures to limit wrongful use, for example by having
their customers require employees to sign nondisclosure agreements. Yet, reported
incidents about employees in other industries who have access to personal identifying
information demonstrate that such measures do not always work. Employees sometimes
sell information they obtain from their employers’ databases, or exploit it themselves.
In one highly publicized incident, a prison inmate (and convicted rapist), who,
along with other inmates, was retained by an information vendor as a data processor,
had legitimate access to a database containing personal information, and then used
the information to compose and send a personalized, threatening letter to an Ohio
grandmother.(177) Additionally, a used car salesman was caught using information
in a consumer’s credit report for illicit purposes.(178) Similarly, according to
the Secret Service, perpetrators of fraud are increasingly buying consumer information
from corrupt bank employees.(179)
Wrongful access by hackers is another risk. In response, certain companies have
implemented firewalls.(180) Computers, however, are notoriously insecure.(181) Hackers
can break into even the most impervious databases searching for information.(182)
Three German hackers who successfully penetrated the firewall of an Internet service
provider siphoned its entire list of 11,000 customers, including detailed credit
applications, and threatened to post it on the Internet.(183) A California man downloaded
100,000 credit card numbers by tapping into the Web sites of online retailers.(184)
According to the FBI, reports of wrongful access to information stored in computers
have increased more than six-fold since 1991.(185) Furthermore, at the end of the
third quarter of 1997, the FBI had 392 pending cases of wrongful access, compared
to 99 at the end of 1995.(186) Given the demonstrated insecurity of computers, these
risks may persist regardless of any regulation.
Commentaries and workshop participants are concerned that identity theft and credit
card fraud will increase with the growth of the individual reference services industry.(187)
The harm caused by identity theft is not merely the financial exposure of victims,(188)
banks, and lending institutions. It sometimes takes years of time and frustration
for victims to reestablish their own identities, and their harm is difficult to
quantify.(189)
Identity thieves have historically used low-tech means to accomplish their crimes
such as stealing pre-approved credit applications from mailboxes or obtaining credit
card receipts from trash dumpsters.(190)
A recent case brought by the United States Secret Service, however, demonstrates
how computer-savvy identity thieves may exploit information available over the Internet.
The defendants, a Maryland couple who were arrested last June and who pled guilty
in September, admitted not only to stealing the identities of hundreds of individuals,
but also to routinely using Internet databases (accessed at a local community college)
to select their victims.(191) According to the Delaware detective who investigated
the case, the couple sought affluent individuals who lived in the South, where states
typically use Social Security numbers as drivers’ license identification numbers.(192)
The couple obtained official birth certificates, driver’s licenses, credit cards,
and bank accounts, and ran up debt exceeding $100,000 under their assumed identities.(193)
It is unclear, however, whether they relied on lookup services, or simply gathered
information from published materials generally available on the Internet.(194)
Individual reference services potentially could facilitate identity theft and credit
card fraud in several ways. First, if the perpetrator has already identified the
victim, she could use those services that display Social Security numbers to obtain
the victim’s Social Security number and other necessary identifying information.
As the Court of Appeals for the Fourth Circuit has observed, “[s]uccinctly stated,
the harm that can be inflicted from the disclosure of a Social Security Number to
an unscrupulous individual is alarming and potentially financially ruinous.(195)
Many services that do not display Social Security numbers do allow searches by Social
Security number, so that when a user enters a Social Security number, the service
retrieves the record of the individual associated with that number, including name,
address, and date of birth.(196) Anyone willing to spend some time and money, therefore,
could run searches with strings of nine digits (fabricated Social Security numbers)
until she finds an identity worth impersonating.(197) Once an identity thief has
selected the name and Social Security number of a potential victim, gaining access
to an individual reference service would afford her additional lucrative information,
such as the assets and professional licenses associated with that identity. This
information would enable the identity thief to select identities with potentially
high credit limits.
Industry representatives emphasize that the Federal Reserve Board (hereinafter “FRB”)
found little hard evidence linking identity theft to the lookup services.(198) However,
the FRB concluded that “fraud related to identity theft appears to be a growing
risk for consumers and financial institutions, and the relatively easy access to
personal information may expand the risk.(199) As discussed above, the lack of concrete
evidence may be due to the fact that lookup services often do not keep records of
who has accessed which information products. Therefore, it would be difficult, if
not impossible, to link a case of identity theft to an individual reference service,
unless perpetrators admit to their source for information. It is difficult to know
whether the lack of audit trails is preventing the development of evidence linking
the lookup services to identity theft. On the other hand, evidence does indicate
that databases can be used to reduce the risk of identity theft and credit card
fraud, because access to credit header information and other verification tools
enables database users to detect attempts at wrongful use of Social Security numbers.(200)
Physical harm perpetrated by violent stalkers and domestic abusers is an additional
troubling risk associated with lookup services.(201) Regardless of their efforts
to conceal their whereabouts, potential victims who provide their new address to
credit grantors -- who in turn report it to the credit reporting bureaus, who in
turn sell it to the individual reference services -- can be easily found.(202) According
to one law enforcement organization, accessing government records is the most common
way that rapists locate their victims,(203) and perpetrators of domestic violence
can easily find relatives who have relocated in an effort to escape.(204)
Individual reference services make government records easy to access. This fact
is particularly unnerving, given that many of these services provide location information
about children.(205) The infamous murder of actress Rebecca Schaeffer, whose predator
tracked her down by having a private investigator access her DMV records from a
computerized database, demonstrates the potential harm.(206) Additionally, many
individuals, because of their occupations, are vulnerable to unwanted intrusions
at home. Such individuals include: police officers and other employees in the law
enforcement and justice systems; teachers; doctors and other health professionals;
psychological counselors; social workers; and employees of “unpopular” government
agencies.(207) In fact, access to public records information has enabled criminals
to track down the residences of their arresting officers.(208) Although the availability
of public records information from government custodians already poses risks, the
lookup services greatly facilitate access to the public records, and thereby substantially
increase those risks.
V. Controls
The commentaries and workshop participants recommended various controls that might
address the concerns raised by the existence of the lookup services. These controls
include: (1) limiting the availability of sensitive identifying information; (2)
monitoring how customers use information and maintaining audit trails; (3) allowing
consumers to access information maintained about them and to dispute inaccuracies;
(4) providing consumers with control over how information about them is used; and
(5) educating consumers about the industry, its information practices, and related
privacy issues, and educating business about consumer privacy interests. As discussed
above, certain members of the industry have implemented some of these controls,
and others have not.
A. Limiting the Availability of Sensitive Information
1. Limiting Access to Information Obtained Through Individual Reference Services
Several participants at the June 10, 1997 Workshop and commentaries (responding
to the Commission’s Federal Register notice) urge that individual reference services
take precautions to limit access to personal identifying information and to prevent
its misuse.(209) A core element of fair information practices identified through
government efforts is that parties who create, maintain, or disseminate personal
identifying information must prevent its misuse by others.(210) Completely barring
the availability of all information could eliminate potential benefits, while making
information available to everyone without restriction could maximize the potential
risks. Accordingly, one approach is to limit access to customers who can be trusted
to use it for specified purposes. Given that certain categories of information,(211)
and certain types of users, pose more of a threat to consumers, access limitations
could be a function of both the category of information sought and the type of user.
Who should have access to what types of information? One potential means to limit
access to sensitive information, like Social Security number and birth date, would
be to determine on a case-by-case basis whether a particular user has a legitimate
purpose to obtain such information.(212) One Workshop participant advocated that
such restrictions require that lookup services, before granting access, verify that
the user is who she says she is, and that she is a legitimate entity with a legitimate
purpose.(213)
Other approaches were also posited. Allowing only law enforcement officials to access
information through individual reference services is one alternative approach. However,
such a limitation would eliminate not only private sector benefits not directly
connected to law enforcement, but perhaps even benefits connected to law enforcement
as well. For example, government child support enforcement, and other law enforcement,
agencies are burdened with an extreme backlog of cases and often cannot pursue all
worthy cases. As a result, several private agencies assert that they help public
agencies carry out their law enforcement missions.(214)
Another possibility would be to allow access for only law enforcement-related purposes,
and allow the lookup services to be used by public and private agencies for child
support enforcement, finding missing children, and other similar ends. Private entities
are concerned about this approach, as well. First, it would exclude journalistic
uses(215) and important industry uses, like fraud prevention.(216) Second, one panelist
suggested that her child support enforcement agency and other public interest groups
enjoy free or discounted services.(217) As the services would not be able to make
the same profits if they restricted the access of users who would otherwise pay
the full cost, the participant was concerned that such restrictions could so severely
impair the companies’ profit incentives that they would no longer provide the services,(218)
or no longer provide free or discounted services. Yet another suggested approach
would be to limit access to regulated or licensed entities, such as lawyers and
private investigators, in addition to law enforcement agents.(219) Misuse of information
by these parties would have repercussions, such as license revocation.(220) However,
not all users who have potentially beneficial purposes for accessing information
are regulated entities. This approach would exclude access by private investigators
in several states without licensing requirements, journalists, and much of private
industry.
2. Minimizing Extraneous Sensitive Identifying Information in Public Records
The increasing availability of public records facilitates easy access to sensitive
identifying information which, as described above, could have harmful consequences.
Another possible control, therefore, would be to minimize the sensitive identifying
information that government entities gather and/or make publicly available.(221)
In general, access to public records furthers important societal objectives. For
example, wide dissemination of title information in land registers advances the
public notification purposes of land recording statutes.(222) Court records can
inform the public about questionable prosecutorial policies, low conviction rates,
and fraudulent schemes requiring legislative attention.(223) The availability of
professional license information enables consumers to avoid being harmed by the
services of unqualified professionals.(224) It is possible, however, that the collection
and/or dissemination of sensitive information, like Social Security number, mother’s
maiden name, and date of birth, does not directly advance the purpose underlying
the requirement of a given public record.(225) Limiting the availability of public
records once information has been collected by government agencies may raise some
concerns; e.g., it could erode the public’s right to know,(226) and impose costs
on public records custodians.(227) However, continuing to make available information
that advances a government agency’s intended purpose while minimizing the extraneous,
sensitive information could help reduce potential harm.
3. Heightening Security Measures
Commentaries expressed concern about protecting the information from unauthorized
access.(228) Accordingly, they recommended that services minimize risks by heightening
security controls. Commentaries urged individual reference services to employ technological
protections, such as firewalls and encryption, as well as measures to prevent unauthorized
disclosures by employees.(229)
B. Monitoring Use and Maintaining Audit Trails
Two additional controls related to access restrictions include monitoring use and
maintaining audit trails. Access restrictions based on purpose are meaningful only
if controls are in place to ensure that users who obtain information for a stated
legitimate purpose actually use information consistently with that purpose.(230)
Monitoring the use of information would accomplish this end. Similarly, the maintenance
of audit trails -- records of which users have accessed what information -- may
enable a company to link misuse to a particular user, and thereby identify instances
where users asserted a legitimate purpose but used information wrongfully.(231)
Without audit trails indicating to whom and for what purpose information has been
sold, some maintain that consumers have no recourse upon being harmed by misuse
of their information.(232) Audit trails also may be important at the front end,
as a deterrent: if potential abusers of information knew that the information they
obtain could be traced back to them, they arguably would be less likely to misuse
it.
Although certain lookup services do maintain audit trails, according to industry
members, they are problematic for two reasons: (1) maintaining records of every
search run by every customer would be unreasonably costly and (2) because records
of what information an attorney accessed could be discoverable in a lawsuit, companies
that maintain audit trails might lose attorney clients. Furthermore, audit trails
are not completely effective in tracking misuse of information because a wronged
consumer or law enforcement entity investigating misuse would first have to know
which lookup services were accessed in order to determine which service’s audit
trails to examine.(233) However, if an entity did know which lookup services were
accessed, or if the entity simply inquired with several of the lookup services,
audit trails would increase the likelihood that a wrongdoer would be tracked down.
C. Allowing Consumers to Access Their Own Information and Dispute Inaccuracies
Many argue that, at a minimum, consumers must have reasonable access to information
maintained about them by individual reference services.(234) Without access to their
own records, consumers have no way to know whether information that is disseminated
about them is accurate. Consumer access requirements have also surfaced as an integral
element of fair information practices in several similar contexts.(235)
For example, consumer access has proven to be critical in the context of credit
reporting. Credit reports are subject to federal legislation which requires, among
other things, that consumer reporting agencies (e.g., credit bureaus) provide consumers
with a copy of their credit report and follow reasonable procedures to assure maximum
possible accuracy of information contained in the report.(236) The justification
underlying this requirement is that information contained in the credit report may
be used to make decisions that adversely affect consumers.(237) Thus, consumers
have the right to see what information is in their credit file.
The individual reference services serve their customers -- entities who use information
to take actions impacting data subjects -- and not the data subjects themselves.
While there is an obvious incentive to give their customers accurate information,
the individual reference services have less incentive to address concerns of data
subjects.(238) The adverse effects on data subjects caused by inaccuracies in records
maintained about them, including personal information gleaned from nonpublic sources
or outdated, incomplete, or mismatched public records, can be much more severe than
their impact on customers.(239) An information industry association argues that
it is too burdensome to provide data subjects with access to their records.(240)
However, the cost of providing consumers access could be passed on in the form of
fees. Proponents of consumer access do not oppose the imposition of such fees, so
long as they are reasonable.(241)
Providing consumers with access to records held about them is a first step toward
ensuring that data is accurate. This access is meaningful only with a method in
place that allows consumers to correct inaccuracies. To help ensure that records
maintained about individuals are as accurate as possible, lookup services should
also obtain information only from reputable sources and must implement a system
that enables individuals to dispute and correct inaccuracies.(242) The industry
maintains that lookup services are not able to change or delete information that
is in a public record and therefore they cannot change or delete data they maintain
that originated from public records.(243) This position assumes that public records
information maintained by the lookup services mirrors the original public records,
and overlooks the fact that public records information may not be accurate once
it is transferred from the custodian of public records and merged with other data.
It may not be current. It may reflect transcription or transmission errors. Or,
it may have been erroneously linked with the records of a different individual having
the same or similar name.
D. Providing Consumers with the Ability to Opt Out or Opt In
Some privacy and consumer advocates assert that consumers should have the ability
to make an informed choice as to whether to permit individual reference services
to make their personal identifying information available.(244) This choice (or “consumer
control”) would necessarily take the form of either “opt in,” requiring the lookup
services to affirmatively obtain an individual’s permission before making information
about them available, or “opt out,” permitting the lookup services to disseminate
information about a particular consumer until the consumer instructs them otherwise.
Only a select few individual reference services allow consumers to opt out of one
or more of their databases.(245) Proponents of consumer control note that an opt
out option is meaningless if consumers are unaware that a database exists.(246)
Accordingly, some suggest that either an opt in option should be mandated,(247)
or consumers should have the ability to opt out only once, through a universal system
that affects all services.(248) Not all proponents of consumer control assert that
the control should extend to public records; some support making public records
information available regardless of consumer consent as long as the information
is made available for free, and there is no legitimate economic incentive to exploit
it.(249)
Although giving consumers control over the secondary use of their personal identifying
information is an accepted fair information practice in several contexts,(250) here
this approach is not without significant costs. In addition to individuals simply
concerned about their privacy, those who would most likely choose to have their
records excluded from the lookup services are those whom law enforcement agencies
and other societally beneficial groups most want to find.(251) Users of the lookup
services assert that the more complete the databases, the more useful they are in
allowing such users to achieve their ends,(252) and that giving individuals complete
control over information in this area likely would severely diminish the important
societal benefits these services confer.(253)
One possible means of giving individuals control over their information without
eliminating the industry’s benefits would be to allow individuals to opt out of
some, but not all, uses of their information.
E. Educating Consumers and Business
Many consumer and privacy advocates assert that consumers must be made aware of
the existence of the individual reference services industry and of the available
methods to control the use of their personal information (such as their ability
to opt out of certain databases).(254) The concern that individuals should be informed
about personal information record keeping systems has been repeatedly identified
as an element necessary to protect consumer information privacy interests.(255)
Several Workshop participants and commentaries, including industry representatives,
acknowledged that education about this industry is necessary.(256) One consumer
advocate stressed that consumers need to learn about the risks of misuse of their
personal information and not just the benefits of data collection and availability;(257)
another noted that companies do not have an incentive to educate consumers about
threats to their privacy.(258) Furthermore, privacy advocates argued that the industry
should learn about the role that consumer privacy should play.(259)
VII. ISRG Proposal
In response to the Commission’s announcement of this study, members of the individual
reference services industry, including information suppliers and direct providers
of commercial services (referring to themselves as the “Individual Reference Services
Group” or “ISRG Group”), announced their intention to draft self-regulatory principles.
Since the industry group’s announcement, Commission staff has monitored and encouraged
its progress.(260) Fourteen industry members have agreed to follow these self-regulatory
principles (hereinafter the “ISRG Principles” or “Principles”). The signatories
include companies that directly offer individual reference services, information
vendors, and three national credit agencies.(261) The Principles set forth controls
which address most concerns raised by the industry’s dissemination of nonpublic
information, defined as “information about an individual that is of a private nature
and neither available to the general public nor obtained from a public record.(262)
The Principles do not address the practices of online white-pages directory services,
because the latter are not “commercial services” as contemplated by the Principles.
However, this exclusion does not appear problematic. The majority of Internet white-pages
services have already addressed consumer concerns by not displaying unlisted directory
information, by permitting consumers to opt out, and by not allowing reverse address
and telephone searches.(263) Furthermore, these services make available only directory
information, not more sensitive identifying information such as Social Security
number and date of birth.
A. The ISRG Principles
1. Restrictions on the Availability of nonpublic Information
The Principles impose restrictions on access to information obtained from nonpublic
sources, or “nonpublic information” (e.g., mother’s maiden name and Social Security
number obtained from “credit headers”).(264) To the extent information obtained
from a nonpublic source is publicly available, such as a home address that appears
in a “credit header” but also is listed in the phone book, that information is not
treated as “nonpublic.” The Principles completely bar lookup services from making
available certain nonpublic information, namely information gathered for marketing
purposes.(265) Otherwise, the nature of information provided by an individual reference
service and corresponding controls vary according to the category of customer. There
are three categories of customers: “qualified subscribers,” “professional and commercial
users,” and the general public. In general, customers that have less restricted
access to nonpublic information (“qualified subscribers” and “professional and commercial
users”) are subject to greater controls. Conversely, the general public has more
restricted access to non- public information and is subject to fewer controls. The
particular categories of customers, the information available to them, and the corresponding
controls are described below.
The Principles allow unrestricted distribution of certain nonpublic information
only to “qualified subscribers.” An entity can access services as a “qualified subscriber”
only after: (1) the service conducts a reasonable review of the subscriber and its
intended uses of the information; (2) the service determines that the intended uses
are “appropriate;(266) (3) the entity agrees to limit its use and redissemination
of such information to such “appropriate” uses; and (4) the entity agrees to terms
and conditions consistent with the Principles.(267) Depending on the particular
signatory, “qualified subscribers” might include law enforcement agencies and private
investigators, and “appropriate” uses might include locating criminal suspects or
the searching for missing children.(268)
The distribution of nonpublic information is more restricted for the category of
“professional and commercial users.” This category includes entities falling somewhere
between qualified subscribers, who have a legitimate need for sensitive information,
and the general public. “Professional and commercial users” can access certain nonpublic
information if they use it in the normal course and scope of their business and
profession, and if the use is appropriate for such activities. While they do not
undergo the strict qualification process imposed on subscribers in the first category,
they do not enjoy access to the same nonpublic information. They can access only
truncated Social Security numbers (meaning a portion of the Social Security number
has been replaced by “X”s), and month and year of birth (not full date of birth),
and cannot access mother’s maiden name or information that reflects credit history,
financial history, or medical records. Furthermore, users in this category may access
nonpublic information about children only for purposes of finding missing children.(269)
At the same time, because members of this category are professional users whose
professional use is linked to the need to access information, they can access more
information than can the general public. Before granting access to nonpublic information
to a “professional or commercial user,” the services must: (1) establish that the
user is a professional or commercial entity; (2) require the user to agree to terms
and conditions consistent with the Principles; and (3) require the user to use the
information to advance its business or professional purpose, and to limit any redissemination
of such information to such uses, in accordance with the Principles.(270)
Depending on the company, examples of “professional and commercial users” might
include lawyers seeking to locate potential witnesses, marketers assuring the accuracy
of their potential customer lists, and banks seeking to detect fraud.
The third category, “general distribution,” includes the general public. The Principles
prohibit individual reference services from distributing to the general public certain
nonpublic information such as Social Security number, mother’s maiden name, birth
date, credit history, financial history, medical records, or similar information,
or any information about children. They also prohibit making available both unlisted
telephone numbers obtained from sources other than public records and unlisted addresses
obtained from the telephone company. However, services may make available unlisted
addresses if they are obtained from sources other than the telephone company, such
as the gas company. Furthermore, lookup services may not allow the general public
to run searches using Social Security number as a search term.(271)
To protect the security of sensitive information, lookup services are required to
maintain facilities and systems to protect information from unauthorized access.
In addition to physical and electronic security, lookup services must require employees
and contractors to sign confidentiality agreements and to be subject to supervision.
The Principles require services to conduct system reviews at appropriate intervals
to ensure that employees are complying with policies.(272)
2. Monitoring Use and Maintaining Audit Trails
The Principles require the lookup services to take reasonable steps to protect against
the misuse of nonpublic information.(273) Each service must make available upon
request an explanation of the uses of its nonpublic information it deems appropriate
for “qualified subscribers,” as well as an explanation of the types of “qualified
subscribers” that can access such information.(274) The services must take reasonable
steps to remedy abuses of the information by “qualified subscribers” and “professional
and commercial users,(275) and must employ reasonable measures to ensure that the
information is used appropriately.(276) Furthermore, individual reference services
must maintain, for three years after termination of each subscriber’s relationship
with the individual reference service, a record of the identity of each subscriber
in these two categories, the types of uses employed by the subscriber, and the terms
and conditions agreed to by the subscriber.(277) The lookup services are not required
to maintain records of what information their users accessed.
3. Consumers’ Access to Personal Information and Methods to Ensure Information Accuracy
Upon an individual’s request, the Principles require a lookup service to provide
copies of nonpublic information in its products and services that specifically identifies
the individual.(278) The Principles do not compel the companies to provide individuals
with copies of the public information that identifies them (e.g., real estate records,
court records, licenses, and other publicly available information). Rather, the
Principles provide that each signatory shall inform individuals about the nature
of public record and publicly available information that it makes available and
the general sources of such information:(279) i.e., not specific sources, but rather
the entire universe of public records sources from which they create their databases.(280)
As a result, under the Principles, individuals have no way of seeing files about
them that reflect compiled public records information.
The Principles incorporate several measures to ensure that information products
are accurate. First, identifying information may be acquired only from known, reputable
sources whose data collection practices and policies are understood.(281) The services
must take reasonable steps to help ensure the accuracy of the information.(282)
Upon being informed of an inaccuracy by an individual, a service must either correct
the inaccuracy or inform the individual of the source of the information. It must
also tell the individual where a request for correction may be directed, if that
information is reasonably available.(283) The Principles do not compel lookup services
to correct inaccuracies reported by an individual about public record or publicly
available information maintained by the services about that individual.
4. Ability to Opt Out
The Principles provide individuals with the ability to opt out of only “general
distribution” of their nonpublic information.(284) Individuals may not opt out of
distribution to “qualified subscribers” or to “professional and commercial users.”
Furthermore, signatories may not make available “unlisted” telephone numbers or
addresses obtained from a telephone company.(285) If an individual has not opted
out of a service’s general distribution, however, the service is permitted to make
available that individual’s “unlisted” name and address if it obtains the information
from sources other than the telephone company. Upon request, the signatories must
also inform individuals of any other choices available to limit dissemination of
their information.(286)
5. Consumer Education and Openness
The Principles require the individual reference services to educate users and the
public about privacy issues associated with their services, about the types of services
they offer, and about the Principles.(287) In addition, each service must make available
a privacy policy statement that describes what information it has from what types
of sources, how it is collected, the type of entities to whom it may be disclosed
and the type of uses to which it is put.(288) The services must also notify consumers
about their practices through Web sites, advertisements, or company- or industry-initiated
educational efforts.(289)
6. Compliance Assurance
The enforcement program has two prongs. First, signatories’ practices will be subject
to a review by a “reasonably qualified independent professional service.” That entity
will determine whether a signatory is in compliance with the Principles, using criteria
based upon the Principles.(290) The summary of the annual review will be made public.
Second, the Principles provide that signatories who are information suppliers may
not sell information to lookup services that do not comply with the Principles.
B. Analysis of ISRG Proposal
The record reflects opposing views as to the very notion of self-regulation. Supporters
of self-regulation believe that industry should be given the opportunity to regulate
its own practices, and that government action should be taken only if this approach
proves ineffective.(291) Critics point to one central weakness with this approach:
the lack of either incentive or mechanism for enforcement.(292) They also highlight
several difficulties, such as influencing industry members who do not adhere to
self-regulatory schemes,(293) sustaining a self-regulatory program once public attention
wanes,(294) and addressing nuanced privacy-related issues.(295)
In determining whether the ISRG Principles offer a viable self-regulatory program,
the Commission has assessed the extent to which the Principles can effectively implement
controls similar to those set forth in Section IV above. These controls include:
(1) limiting the availability of sensitive information; (2) monitoring use and maintaining
audit trails; (3) allowing individuals to access records maintained about them and
dispute inaccuracies; (4) giving individuals control over their information (provided
this would not impede important public interests); and (5) educating consumers and
business about information practices and privacy issues. Even if such controls are
set forth in principle, the Commission believes that they are not meaningful without
an effective mechanism to assure compliance and to influence the practices of the
entire industry.
The Principles address the first control, limiting the availability of sensitive
information, through the three-tiered customer category scheme. These access restrictions
not only prohibit signatories from making available to the general public Social
Security numbers, full dates of birth, and information about children (which are
obtained from nonpublic sources and not otherwise publicly available), but also
limit the extent to which established, professional entities can obtain this information.
Furthermore, before signatories can provide unrestricted access to information,
they must take measures to verify the identity of potential users and establish
the legitimacy of their purposes.
The Principles address the second control, monitoring use and maintaining audit
trails, in part by requiring that signatories take measures to protect against misuse
of all nonpublic information. Signatories must ensure that the more potentially
sensitive information, which is available only to “qualified subscribers” and “professional
and commercial users,” is used properly; if it is not being used properly, they
must remedy misuses. Moreover, signatories have to keep track of the identities
as well as the types of information (but not the actual information) accessed by
these two categories of users.
With regard to the third control, individuals’ access to their own information,
signatories must allow individuals to access nonpublic records maintained about
them and dispute inaccuracies. As to the fourth safeguard, consumer control, the
Principles allow individuals to opt out of the general distribution of their nonpublic
information, but not out of distribution to qualified, professional, or commercial
users. Finally, the Principles include the fifth control, education, by requiring
signatories to notify consumers as to their information practices and to educate
them about privacy issues related to their industry.
Most important, the ISRG Principles show promise for success in a critical area:
the framework should assure compliance by both signatories and other members of
the industry. The signatories characterize themselves as the “vast majority” of
the industry that supplies information to commercial users.(296) Thus, the vast
majority of the industry has agreed to annual compliance reviews -- an innovative
step for a self-regulatory program, particularly as applied to information practices.
Publicizing the results of compliance reviews performed on signatories (and their
customers) by third parties, coupled with potential liability under the FTC Act
and similar state statutes for noncompliance, should assure the signatories’ compliance.(297)
In instances where non-signatories’ practices are inconsistent with the Principles,
they will likely be unable to obtain nonpublic information easily to redissemination
through their services. Major suppliers of nonpublic information to this industry
-- and the only primary suppliers of credit header information -- have agreed to
sell only to companies whose practices are consistent with the Principles. Therefore,
the Principles can be expected to have a beneficial impact on the practices of even
those entities who are not signatories.(298)
The ISRG Principles fail, however, to incorporate all the suggested controls, and
therefore do not address important concerns that have been raised about the industry.
First, they provide essentially no limitations on the availability or uses of public
records and publicly available information.(299) Accordingly, they do not limit
the potential harm that could stem from access to and exploitation of sensitive
information in public records and publicly available information. Second, the Principles
fail to require individual reference services to maintain audit trails of the precise
records accessed by each user, an important mechanism for identifying when an apparently
legitimate entity obtains and uses information illegitimately and possibly the only
mechanism that can link harm to the lookup services.(300) Third and most notably,
the Principles fail to provide individuals with a means of accessing public records
and other publicly available information maintained about them by individual reference
services. The Commission is concerned that individuals have no way of discovering
or correcting errors that may have occurred in the transcription, transmission,
or compilation of this information.(301) Accordingly, the individuals cannot prevent,
let alone identify, situations where that inaccurate information results in decisions
which may adversely affect them. The Group is aware of this problem, and has stated
that it will seriously consider conducting a study about the extent of relevant
inaccuracies and related harm.(302)
Notwithstanding these shortcomings, the Principles have the potential to (1) curb
misuse of nonpublic, personal identifying information; (2) address many of the relevant
consumer information privacy concerns; and (3) significantly affect the practices
of the entire individual reference service industry. The ISRG proposal is more comprehensive
and far-reaching than any other voluntary, industrywide program in the information
sector. Members of the ISRG Group have made rapid and significant strides toward
responding to consumers’ concerns.
VII. Commission Recommendations
A. Recommendations Regarding the ISRG Principles
The Commission recommends that the ISRG Group be given the opportunity to demonstrate
the viability of the ISRG Principles.
The present challenge is to protect consumers from threats to their psychological,
financial, and physical well-being while preserving the free flow of truthful information
and other important benefits of individual reference services. The Commission commends
the initiative and concern on the part of the industry members who drafted and agreed
to the ISRG Principles, an innovative and far-reaching self-regulatory program.
The Principles address most concerns associated with the increased availability
of nonpublic information through individual reference services. With the promising
compliance assurance program, the Principles should substantially lessen the risk
that information made available through the services is misused, and should address
consumers’ concerns about the privacy of nonpublic information in the services’
databases. Therefore, the Commission recommends that the ISRG Group be given the
opportunity to demonstrate the viability of the ISRG Principles. (For a detailed
analysis of the ISRG Principles, see Section VI, supra.)
The Commission looks to industry members to determine whether errors in the transmission,
transcription, or compilation of public records and other publicly available information
are sufficiently infrequent as to warrant no further controls.
While the Commission believes the ISRG Principles address most areas of concern,
certain issues remain unresolved.(303) Most notably, the Principles fail to provide
individuals with a means to access the public records and other publicly available
information that individual reference services maintain about them. Thus, individuals
cannot determine whether their records reflect inaccuracies caused during the transmission,
transcription, or compilation of such information. The Commission believes that
this shortcoming may be significant, yet recognizes that the precise extent of these
types of inaccuracies and associated harm has not been established. An objective
analysis could help resolve this issue. The ISRG Group has acknowledged the Commission’s
position, and has demonstrated its awareness of this problem by (1) stating that
it will seriously consider conducting a study of this issue and (2) agreeing to
revisit the issue in eighteen months. The Commission looks to industry members to
undertake the necessary measures to establish whether inaccuracies and associated
harm resulting from errors in the transmission, transcription, or compilation of
public records and other publicly available information are sufficiently infrequent
as to warrant no further controls. (For a detailed discussion of this issue, see
Sections IV(B), V(C), supra.)
B. Recommendations Regarding the Industry Generally
The Commission acknowledges that not every concern associated with the lookup services
industry can be resolved by the individual reference services themselves. Rather,
certain issues are within the control only of primary sources of information, other
information providers, or of users of the information. Thus, understandably, the
Principles cannot and do not address every concern associated with the industry.
The Commission’s recommendations with regard to concerns that cannot be addressed
through the Principles are set forth below.
The Commission encourages public agencies to consider the potential consequences
associated with the increasing accessibility of public records when formulating
or reviewing their public records collection and dissemination practices.
The Commission has found that the easy availability of sensitive, unique identifiers
(e.g., Social Security number, mother’s maiden name, and date of birth) listed on
public records increases the risk of serious harm. Given that information about
such risks has surfaced only recently, public agencies may not have yet considered
these risks in formulating their public records collection and dissemination practices.
Thus, it is possible that certain government agencies may require and/or make available
unique personal identifiers even though the collection and dissemination of that
information is not essential to advance that agency’s intended purpose. The Commission
encourages public agencies to consider the potential consequences associated with
the increasing accessibility of public records when formulating or reviewing their
public records collection and dissemination practices. (For a detailed discussion
of this issue, see Sections II(2)(B)(1), IV(C), V(A)(2), supra.)
The Commission urges online white-pages directory services that have not yet done
so to implement important privacy safeguards, including not publishing unlisted
directory information and allowing individuals to opt out of their databases.
The Commission commends those online white-pages directory services that have voluntarily
addressed consumer privacy concerns by allowing individuals to opt out of their
database and by not publishing unlisted directory information. The Commission urges
online white-pages directory services that have not yet done so to implement important
privacy safeguards. (For a detailed discussion of this issue, see Sections II(D),
VI at 25, supra.)
The Commission encourages users of individual reference services, where not otherwise
required by law, to notify individuals voluntarily of adverse decisions based on
information obtained through an individual reference service, and to disclose the
source of such information, provided such disclosure would not hinder law enforcement
or fraud prevention.
The Commission has learned that users of lookup services may erroneously make adverse
decisions affecting individuals because of inaccurate information obtained from
individual reference services. Often, such individuals would have no way of knowing
that information about them had been obtained, that it was inaccurate, or that it
formed the basis for an adverse decision.(304) With adequate notification, such
individuals could determine whether inaccurate information about them was disseminated,
and, if appropriate, they could attempt to correct it. Accordingly, the Commission
encourages users of individual reference services, where not otherwise required
by law, to notify an individual voluntarily when they have made an adverse decision
about that individual based on information obtained through an individual reference
service. This voluntary adverse action notice should also disclose the source of
the information on which the decision is based, provided such disclosure would not
hinder law enforcement or fraud prevention. (For a detailed discussion of this issue,
see Section IV(B), supra.)
The Commission recommends continued and enhanced consumer and business education.
Finally, the Commission acknowledges the meaningful efforts undertaken by many privacy
advocates, consumer groups, government agencies, and industry members to educate
consumers and businesses about information privacy issues. The Commission looks
forward to working with all of these groups to better inform consumers and businesses.
Endnotes
(1) In June of 1996, LEXIS-NEXIS released a locator product for its subscribers
called P-Trak, and marketed the product’s ability to find an individual’s name,
aliases, current and prior addresses, month and year of birth, and Social Security
number. Roughly one week later, after a deluge of telephone calls from subscribers,
the company provided individuals with the ability to have their information suppressed
from the database (“opt out”) and discontinued displaying Social Security numbers.
Subscribers could still use a Social Security as a search term, to retrieve an individual’s
name and address. The following September, a message about P-Trak was posted to
RISKS, an Internet discussion group that focuses on the risks of computer technology.
Word of P-Trak then spread across the Internet and LEXIS-NEXIS was soon flooded
with thousands of phone calls protesting, inter alia, the accessibility of Social
Security numbers from the database. Stories about P-Trak and the public outcry appeared
in both the Washington Post and the Wall Street Journal. See Mary J. Culnan, “Self-Regulation
on the Electronic Frontier: Implications for Public Policy” in Privacy and Self-Regulation
in the Information Age, US Dept. of Commerce, NTIA, June, 1997 at 50-51.
(2) The senators requested that the study encompass the collection, compilation,
sale, and use of computerized databases that contain consumers’ identifying information,
without their knowledge. See Letter from Senators Larry Pressler, Richard H. Bryan,
and Ernest F. Hollings to Commission (October 8, 1996). Separately, Congress requested
the Board of Governors of the Federal Reserve System (“FRB”) to conduct a study
concerning the availability to the public of sensitive information about consumers,
whether such information could be used to commit financial fraud, and if so whether
its availability caused an undue potential risk of loss for depository institutions.
61 Federal Register 68,044 (December 26, 1996). The FRB released its report in March.
Federal Reserve Board, Report to the Congress Concerning the Availability of Consumer
Identifying Information and Financial Fraud, March 1997 [hereinafter “FRB Report”].
(3) The study was announced in the Federal Register last March. 62 Federal Register
10,271 (March 6, 1997). The Commission undertook this examination pursuant to Section
6 of the FTC Act, 15 U.S.C. ß 46 (1997). In particular, Section 6(a) authorizes
the Commission to “gather and compile information concerning . . . any person, partnership,
or corporation engaged in or whose business affects commerce . . . .” Id. at ß 46(a).
Section 6(f) permits the Commission “to make annual and special reports to the Congress
. . . .” Id. at ß 46(f).
(4) See letter from Commission to Senator John McCain (February 28, 1997). In general,
the FCRA (15 U.S.C. ßß 1681-1681u (1997)) governs the sale of consumer credit and
other data compiled by agencies such as credit bureaus to parties evaluating individuals
for credit, insurance, employment, or similar purposes. As set forth in detail below,
many individual reference services offer a broad range of information, from purely
identifying data, the primary focus of the study, to a vast array of other data
gleaned from public records and other sources. Customers of the services use such
information for locating individuals and verifying identities, as well as for many
other purposes.
(5) Appendix A describes the Commission’s information-gathering efforts in connection
with the study.
(6) Other types of personal identifying information are described more fully in
Section II.B. infra.
(7) See H. Jeff Smith, Managing Privacy: Information Technology and Corporate America.
Univ. Press 1994, at 9, 178-79, 181-83. See also, United States Government, National
Information Infrastructure Task Force, Options for Promoting Privacy on the National
Information Infrastructure, Draft for Public Comment (1997) at 1, 6; Carole Lane,
Naked in Cyberspace, Pemberton Press 1997 at 44; Transcript of FTC Consumer Information
Privacy Workshop, June 10, 1997 [hereinafter “Transcript”], Cerasale at 93-94; Varney
at 95-96; Wenger at 102; Rotenberg at 104; Baity at 157-58. Unless otherwise indicated,
footnote citations are either to the printed transcript of the June 10, 1997 Workshop
or to public comments submitted pursuant to the March 6, 1997 Federal Register notice
[hereinafter Comment, __ (Doc. No. __)]. The Workshop agenda can be found at Appendix
B. A list of comments can be found at Appendix C. All of these materials are on
file at the Federal Trade Commission’s Public Reference Room, File No. P974806,
and are available online at Federal Trade Commission, Consumer Information Privacy
Workshop (last updated December 5, 1997) 7 <http://www.ftc.gov/bcp/privacy2
>.
(8) Smith, supra n. 7, at 181-83; see also Transcript, Hendricks at 83-84.
(9) Smith, supra n. 7, at 7; Lane, supra n. 7, at 44.
(10) Smith, supra n. 7, at 7-9; Transcript, Dick at 78; Lane, supra n. 7, at 45.
(11) Smith, supra n. 7, at 178-79.
(12) Smith, supra n. 7, at 178-79.
(13) Id. at 8; Lane, supra n. 7, at 44. Today in the United States, 40 million computer
information terminals sit on consumers’ desks. Transcript, Dick at 126.
(14) Louis Harris & Associates and A. Westin, Commerce, Communication, and Privacy
Online, Report on National Survey of Computer Users, 1997 [hereinafter “1997 Harris
Survey”] at 1; Lane, supra n. 7, at 22.
(15) See Naom, Privacy and Self-Regulation: Markets for Electronic Privacy at n.
33 in Privacy and Self-Regulation in the Information Age (published by Dept. of
Commerce, NTIA) 1997; USA Today Editorial “But this Nut’s Tougher” 10/24/95. Eight
companies report that together they employ over 5,000 employees to administer their
individual reference services. Comments of Individual Reference Services (“ISRG”)
at 2 (Doc. No. 35). The whole information industry is growing rapidly. For example,
in 1994, revenues from business information services exceeded $28 billion and, for
the five years prior, the market for those services grew 6% annually. Comments of
Information Industry Association (“IIA”) at 6 (Doc. No. 32) (citing Veronis Suhler
& Associates, Communications Industry Forecasts, 296, 305, 309 (9th ed. 1995)).
The investigations industry, alone, has projected revenue to reach $4.6 billion
by the year 2000 (four times the revenues in 1980). N. Bernstein, “Electronic Eyes:
What the Computer Knows -- A Special Report; On Line, High-Tech Sleuths Find Private
Facts,” New York Times, September 15, 1997 at 1.
(16) See discussion of online reference services at Section 11.D. infra.
(17) In fact, apparently in response to this study, commercial entities that provide,
directly or as suppliers to others, individual reference services, defined themselves
as the individual reference service industry. See Comments of ISRG at 2 (Doc. No.
35); CDB Infotek at 5 (Doc. No. 20).
(18) In a promotional brochure sent out in July of 1997 to its government customers,
Information America boasts that its People Finder database contains credit header
information on “160 million individuals, 92 million households, 71 million telephone
numbers, and 40 million deceased records.” This promotional brochure is on file
at the Federal Trade Commission’s Public Reference Room, File No. P974806.
(19) When consumers offer this information, they generally may not realize that
it may be made publicly available, transferred, or sold and then used in ways completely
unconnected from the purpose for which they initially offer it.
(20) Comments of ISRG at 3 (Doc. No. 35).
(21) One noteworthy exception requires the Internal Revenue Service to disclose
the contents of a tax return only in limited circumstances, such as in connection
with conducting an income tax audit or locating the recipient of a tax refund. 26
U.S.C. ß 6103 (1997). Another exception is a law prohibiting the Census Bureau from
publishing information that would identify a particular individual. 13 U.S.C. ß
9 (1997).
(22) Lane, supra n. 7, at 251-79.
(23) See, e.g., Lane, supra n. 7, at 251-79.
(24) Id.
(25) About half the states restricted access to or use of voter registration records
as of 1996. Paul M. Schwartz & Joel R. Reidenberg, Data Privacy Law, Michie
Law Publishers, Charlottesville, VA, 1996 at 54 (citing Robert Gellman, “Public
Records: Access, Privacy and Public Policy” (1995) (unpublished)).
(26) Information America recently promoted its “FAA Airmen Directory” as containing,
for all individuals registered to fly in the US, “information such as pilot’s name,
address, FAA region, certification class, medical certificate type and date of last
medical exam.” This promotional brochure is on file at the Federal Trade Commission’s
Public Reference Room, File No. P974806.
(27) Subject to its ability to withstand constitutional scrutiny, the federal Driver’s
Privacy Protection Act of 1994 (“DPPA”), effective as of September of 1997, may
limit states’ traditional practice of releasing motor vehicle records upon request.
The DPPA requires that individuals be given some control over the release of their
information, by limiting the circumstances under which the information can be disclosed
unless “the motor vehicle department has provided in a clear and conspicuous manner
on forms for issuance or renewal of operator’s permits, titles, registrations, or
identification cards, notice that personal information collected by the department
may be disclosed to any business or person, and has provided in a clear and conspicuous
manner on such forms an opportunity to prohibit such disclosures.” 18 U.S.C. ßß
2721-2725 (1994). Two district courts have struck down the DPPA on Tenth Amendment
grounds. Condon v. Reno, 972 F. Supp. 977 (D.S.C.1997), appeal pending; Oklahoma
v. United States, 1997 U.S. Dist. LEXIS 14455 (W.D. Okla. 1997), appeal pending.
(28) Twenty-two states used the Social Security number as the driver identification
number as of 1994. Testimony of Congressman James P. Moran, Before the House Subcommittee
on Civil and Constitutional Rights on HR 3365, The Driver’s Privacy Protection Act
of 1993, 2/3/94, 1994 WL 14167988 (page unavailable online). Some states allow individuals
the option of not using their Social Security number. See, e.g., Va. Code Ann. ß
46.2-342 (1997).
(29) FRB Report, supra n. 2, at 6.
(30) The sale of digitized records is providing governments with a new revenue stream.
Illinois, for example, makes $10 million a year selling public records and Rhode
Island makes $9.7 million selling Department of Motor Vehicle Records (“DMV”) records
alone. Bernstein, supra n. 15, at 1.
(31) Transcript, Wenger at 109.
(32) Id.
(33) Comments of ISRG at 5 (Doc. No. 35).
(34) Transcript, Hogan at 105-07; Comments of LEXIS-NEXIS at 2 (Doc. No. 18).
(35) Lane, supra n. 7, at 130-31; Comments of ISRG at 6 (Doc. No. 35); Transcript,
Hanna at 129.
(36) See, e.g., Comments of LEXIS-NEXIS at 2 (Doc. No. 18).
(37) See Lane, supra n. 6, at 57-59; Transcript, Lane at 48-50.
(38) Transcript, Lane at 51-52.
(39) For example, an information supplier could solicit information from individuals
for the precise purpose of enabling them to be found through a lookup service. Some
self-reported information, such as information voluntarily posted on one’s own Web
site, may be publicly available as well.
(40) See Transcript, Ford at 112.
(41) Equifax does not sell credit header information to private investigators and
its locator products do not contain Social Security numbers. Transcript, Ford at
113-14.
(42) The FCRA allows credit reports to be distributed only to entities with specified
“permissible purposes” (such as evaluating individuals for credit, insurance, employment,
or similar purposes) under specified conditions (such as certification from the
user), and provides for certain consumer rights in connection with the information
maintained by credit reporting agencies (see infra n. 109). 15 U.S.C. ßß 1681-1681u
(1997). A consumer reporting agency may not furnish medical information in connection
with employment, credit, insurance, or direct marketing without the consent of the
consumer. Section 604(g), FCRA, 15 U.S.C. ßß 1681b (1997).
(43) Comments of the DMA at 1(a) (Doc. No. 14). The DMA's Guidelines for Personal
Information Protection indicate that personal information collected for marketing
“should only be used” for marketing purposes and the DMA maintains that its Committee
on Ethical Business Practice reviews complaints regarding the alleged use of marketing
data for non-marketing purposes. Comment of the DMA at 1(b) (Doc. No. 14). Further,
a Senior Vice President of the DMA has stated explicitly that magazine subscription
lists and direct marketing lists may not be used by individual reference services.
Transcript, Cerasale at 74. See also Transcript, Quarles at 238-39 (representing
that Metromail’s marketing information was not available to lookup services).
(44) See, e.g., Web sites of DigDirt, Inc.,
http://www.pimall.com/digdirt/index.asp ; The Cat Midwest,
http://spytaps.com/thecat/home1.asp ; DocuSearch,
http://www.docusearch.com . See also Transcript, Lane at 47, 50-51
(The reason unlisted phone numbers can be accessed through the Internet is that
database operators purchase marketing lists, and these lists are increasingly being
merged with other databases.)See Transcript, Reed at 71-73 (asserting that information
products obtained from Metromail and sold by IRSC, an off-line reference service,
originated from direct mail and magazine subscription lists); Reed at 245 (retracting
his earlier statement and stating that he had been informed that Metromail has not
sold information obtained from marketing transactions since 1994); Hanna at 76-77
(admitting that he did not know the current source of information products obtained
from Metromail and First Data Corporation and sold by WDIA, an online reference
service, but asserting that at least in the past they had originated from marketing
information.) See Transcript, Reed at 71-73; Transcript, Hanna at 76-77. Transcript,
Medine, Quarles, Reed at 244-245. <http://www.cdb.com/public/services/locate.shtml>
on March 28, 1997.
(45) E.g., DigDirt, Inc. (visited November 26, 1997) <http://www.pimall.com/digdirt
> (travel records and phone records); The Cat (visited November 26, 1997) <http://www.visi.com/thecat/missing1.asp#sea1>
(utility records).
(46) For example, one individual reference service combines information from telephone
directories and public records. Comments of LEXIS-NEXIS at 2 (Doc. No. 18).
(47) Comments of IIA (Doc. No. 32) at 18.
(48) Transcript, Reed at 74. To the extent an individual reference service provides
customers with consumer reports (containing, e.g., credit history, financial status,
and employment background information), that entity may be acting as a “consumer
reporting agency” subject to the obligations and restrictions set forth in the FCRA.
(49) E.g., Comments of Biggerstaff at 4 (Doc. No. 3); Comments of Privacy Rights
Clearinghouse (“PRC”) at 1 (Doc. No. 6). As these types of information become more
widely available, they may become less useful as unique identifiers, and society
may have to begin using other identifiers. Some under development include digital
key signatures and biometrics such as retinal scans and digitized fingerprints.
See, e.g., Comments of Electronic Information Privacy Center (“EPIC”) at 7 (Doc.
No. 26).
(50) For example, at one time, one information provider, Metromail, provided access
to the names, home addresses, and ages of children over a 900 number for three dollars
a minute. This service has since been discontinued. Comments of EPIC at 6 (Doc.
No. 26). In fact, Metromail along with certain other services, like LEXIS-NEXIS,
have discontinued making available for wide commercial distribution nonpublic records
about minors. Comments of ISRG at 12 (Doc. No. 35).
(51) DigDirt Inc. (visited on November 26, 1997) <
http://www.pimall.com/digdirt/mo00016.htm >. Commission staff has not
verified the accuracy of these representations.
(52) As discussed in more detail below, customers may have to pay subscription and
monthly fees in addition to the costs of individual searches. See discussion at
n. 59 infra and accompanying tex
(53) Typically, searches accessing higher numbers of databases that contain larger
amounts of records cost more, as do searches for harder-to-obtain pieces of information.
(54) Although online commercial providers may not charge consumers directly for
accessing information, they may otherwise profit from making the information available,
such as through advertisements on their Web sites.
(55) For an in-depth discussion of which public records are available online, see
Lane, supra n. 7, ch. 31.
(56) Comments of ISRG at 10 (Doc. No. 35) (discussing the practices of eight individual
reference services).
(57) See, e.g., Comments of LEXIS-NEXIS at 3 (Doc. No. 18).
(58) Comments of CDB Infotek at 4 (Doc. No. 20); Comments of ISRG at 11 (Doc. No.
35) (discussing the practices of Database Technologies); Transcript, Hogan at 107-08.
(59) Comments of IIA, Appendix at 18 et. seq. (not paginated) (Doc. No. 32). One
service, for example, charges an initiation fee of $130, a monthly fee of $30, and
per-search charges ranging from $7 to $32. Id.
(60) Transcript, Hogan at 107-09; Abrams at 128.
(61) Notwithstanding the Commission’s request for information, few companies volunteered
specific information about their access limitations, contractual use limitations,
or prices, presumably due to proprietary concerns.
(62) Comments of IIA at 22 (Doc. No. 32); Comments of ISRG at 11 (Doc. No. 35);
Comments of NCISS at 3 (Doc. No. 11).
(63) Experian, for example, requires a nexus between the end user and the data subject
when providing current and past addresses and Social Security numbers to organizations
that use the information to locate or authenticate individuals. Transcript, Abrams
at 114-15. For example, an insurance company would have a sufficient nexus to an
uninsured individual who caused a car accident involving a motorist insured by the
company. Id. at 116.
(64) Comments of IIA at 22 (Doc. No. 32); Comments of NCISS at 3 (Doc. No. 11);
Transcript, Hogan at 107. For example, each of the four databases to which the National
White Collar Crime Center subscribes examined the center’s operation before granting
it a subscription. However, the lookup services have not conducted any formal audits
of the center’s uses. Transcript, Belcher at 148-49.
(65) Comments of IIA at 22 (Doc. No. 32).
(66) Comments of IIA at 22-23 (Doc. No. 32).
(67) Comments of ISRG at 12 (Doc. No. 35). LEXIS-NEXIS’ P-Trak database, for example,
does not display Social Security numbers. Transcript, Welch at 21. Other services
display Social Security number only on a truncated basis, i.e., by replacing the
last four digits with X’s. Transcript, Hanna at 41. A customer, however, may use
a Social Security number as a search term if she already knows that number. Transcript,
Welch at 21; Hanna at 40- 41.
(68) Comments of ISRG at 12 (Doc. No. 35) (discussing the practice of LEXIS-NEXIS,
Metromail, and other services, which avoid making available nonpublic information
about minors, and the practice of Database Technologies and IRSC, which make such
information available only for limited purposes, for example to search for missing
children ); Transcript, Welch at 22 (noting that LEXIS-NEXIS’ P-Trak and P-Find
databases do not contain information about individuals identified as being under
the age of 18).
(69) Comments of ISRG at 12 (Doc. No. 35) (discussing, for example, LEXIS-NEXIS’
practice of displaying an on- screen notice describing uses of the information that
are covered by the FCRA)
(70) Transcript, Reed at 123; Abrams at 128.
(71) Comments of NCISS at 4 (Doc. No. 11); Comments of ISRG at 11 (Doc. No. 35)
(discussing the practices of Database Technologies).
(72) Transcript, Dick at 59-60. A newspaper article reports that according to Jack
Reed, president of an individual reference service and of NCISS, roughly 200 legitimate
resellers of identifying information have sprung up on the Internet. Ed Mendel,
“What Others Know Can Hurt You, San Diego Union Tribune, May 15, 1997 at A1. Privacy
advocate Beth Givens, states that she finds a new online service everyday. Transcript,
Givens at 189. Carole Lane, author of Naked in Cyberspace, estimates that the number
of online individual reference services, if broadly defined, would be in the thousands.
Transcript, Lane at 190.
(73) See, e.g.,Transcript, Hanna at 37 (discussing service available to general
public over Internet through WDIA) and Lane at 44-47 (discussing services available
to general public over Internet).
(74) DBT-Online reportedly offers this service to its 20,000 customers. Bernstein,
supra n. 15, at 1.
(75) Comments of ISRG at 10 (Doc. No. 35) (discussing the practices of eight individual
reference services).
(76) Transcript, Hanna at 38.
(77) See, e.g.,Transcript, Lane at 46 (discussing a service made available over
the Internet only to subscribers of CDB Infotek).
(78) Transcript, Dick at 301.
(79) Id. at 60.
(80) E.g., Transcript, Panzera at 138; Belcher at 146; Baity at 158-59; Comments
of the National Council of Investigation and Security Services (“NCISS”) at 3 (Doc.
No. 11); Comments of Archer at 2 (Doc. No. 22).
(81) See, e.g., Transcript, Belcher at 146; Comments of ISRG at 1 (Doc. No. 36).
“Twenty percent of the population change address on an annual basis.” Transcript,
Abrams at 235
(82) Transcript, various participants at 136-60. For example, one service reports
that the following entities subscribe to its services: FBI, IRS, Health Care Financing
Administration, and the US Department of Justice. Comments of CDB Infotek at 1 (Doc.
No. 20).
(83) E.g., Comments of USSS at 1 (Doc No. 28); Comments of National White Collar
Crime Center (“White Collar Crime Center”) at 1 (Doc. No. 33); Transcript, Panzera
at 137-38; Belcher at 144-45; Baity at 158-59.
(84) Transcript, Baity at 158-59; Belcher at 154-55; Panzera at 137-38.
(85) Comments of White Collar Crime Center at 1 (Doc. No. 33).
(86) Transcript, Panzera at 137-38; Comments of USSS at 1 (Doc. No. 28).
(87) Comments of White Collar Crime Center at 1 (Doc. No. 33).
(88) See FinCEN (visited on December 5, 1997) <http://www.ustreas.gov/treasury/bureaus/fincen/faqs>;
Transcript, Baity at 158.
(89) Transcript, Baity at 156-57. In addition to its financial database, FinCEN
uses roughly fifteen commercial databases, and has access to almost all law enforcement
databases. Id.
(90) In fact, FinCEN's analysts provide case support to more than 150 federal, state,
and local agencies and issue approximately 8,000 intelligence reports each year.
FinCEN (visited December 5, 1997) <http://www.ustreas.gov/treasury/bureaus/fincen/faqs
>.
(91) Transcript, Baity at 157.
(92) Id.
(93) Comments of White Collar Crime Center at 1 (Doc. No. 33); Transcript, Belcher
at 147.
(94) Contrary to the assertions of the individual reference services, some industry
critics maintain that another private sector use -- marketing -- is what actually
drives the industry. E.g., Transcript, Sobel at 214. Again, databases used primarily
for marketing fall outside the scope of this study.
(95) See Comments of ISRG at 13-15 (Doc. No. 35); Comments of NCISS at 2 (Doc. No.
11); Transcript, J. Byrne at 207 (bank industry representative noting that the Secret
Service is “great at investigating credit card fraud but that they can’t do everything”);
Transcript, Hulme at 228 (representative of NCISS asserting that the private security
sector is twice as large as the public security sector); Transcript, Jensen at 165-66
(representative of a non- governmental child support enforcement agency asserting
that without the help of agencies like theirs, custodial parents in dire financial
straits could have to wait a long time for services to be rendered by their government
counterparts, and potentially jeopardize their children’s health and safety); Comments
filed by individual members of the private investigation and information industry
(Doc. Nos. 39-243, 245-271) [hereinafter “Comments of Private Investigation Industry”]
(stating that the free flow of information allows the public, who would otherwise
not have the resources, to defend themselves without relying on government for help).
(96) See Comments of ISRG at 13-14 (Doc. No. 35); Comments of NCISS at 2 (Doc. No.
11); Comments of Private Investigation Industry (e.g., Doc. Nos. 43, 47, 67, 78,
103, 141, 143, 149, 182, 197, 206); Transcript, J. Byrne at 207; Transcript, Jensen
at 165-66 .
(97) Comments of CDB Infotek at 2 (Doc. No. 20); Comments of ISRG at 14 (Doc. No.
35).
(98) See Transcript, Reed at 121-22.
(99) Comments of National Retail Federation (“NRF”) at 5 (not paginated) (Doc. No.
21); Transcript, Duncan at 205-07; Comments of GE Capital at 1 (not paginated) (Doc.
No. 2); Comments of ISRG at 14 (Doc. No. 35).
(100) Comments of NRF at 5 (not paginated) (Doc. No. 21); Transcript, Duncan at
205-07; Comments of ISRG at 14 (Doc. No. 35).
(101) Comments of American Bankers Association (“ABA”) at 2-3 (Doc. No. 1); Transcript,
J. Byrne at 207-08.
(102) Comments of ABA at 3 (Doc. No. 1).
(103) Id.
(104) Id.
(105) Due diligence refers to a legal requirement compelling individuals to diligently
verify certain information before taking various types of actions, e.g., verifying
the financial status of an entity before a merger or acquisition.
(106) Comments of ISRG at 9, 15 (Doc. No. 35).
(107) Transcript, Duncan at 206 (noting that credit grantors in retail industry
use services in deciding whether to grant credit); Comments of ABA at 3 (Doc. No.
1) (noting that banks use services to ensure that potential bank employees have
clean criminal records); Transcript, Reed at 195-96 (noting that the corporations
use credit header information to detect misrepresentations on job applications);
Transcript, Sobel at 214 (asserting that services are used to make employment, insurance,
and credit decisions); Transcript, Givens at 182-84 (asserting that services are
used to make employment decisions)
(108) Workshop participants and entities that submitted comments to the Commission
were not clear as to whether credit and employment decisions are based on consumer
reports (containing, e.g., credit history, financial status, and employment background
information). See, e.g., Transcript, Duncan at 206 (retail industry representative
referring to the information obtained from database services as a “credit report”);
Comments of Independents Bankers Association of America (“IBAA”) at 4-5 (not paginated)
(Doc. No. 24) (bank association referring to individual reference services, including
LEXIS-NEXIS, as “credit bureaus”); Transcript, Sobel at 214 (asserting that services
are used to make employment, insurance, and credit decisions); Transcript, Givens
at 182-84 (stating that services are used to perform background checks on potential
employees). This lack of clarity likely stems from the fact that certain individual
reference services also act as credit bureaus. Transcript, Hanna at 39-41; Reed
at 194. Such services, in addition to providing basic identifying information, also
|