Online data broker Spokeo settles FTC charges for $800,000
Company operated as a consumer-reporting agency without offering adequate protections, Federal Trade Commission says
Computerworld - Spokeo, a company that aggregates and sells public data on individuals from numerous online and offline sources, has agreed to pay $800,000 to settle Federal Trade Commission (FTC) charges that it improperly marketed the information to employers and recruiters.
The FTC's settlement order, announced on Tuesday, also bars Spokeo from making misrepresentations about the endorsements it receives from clients and requires the company to clearly disclose any material relationships it may have, with endorsers of its service.
In a statement, the FTC noted that the Spokeo settlement marks the first time the commission has addressed the aggregation and sale of internet and social media data for employment screening purposes.
Spokeo describes itself as a "people search engine" that merges offline information such as an individual's address, marital status and email addresses with social network data about that person gathered from Facebook, Twitter feeds and other online sites. According to the FTC, the consumer profiles created by the company contain information such as an individual's name, address, age range, hobbies, religion, ethnicity, participation in social media networks and other details.
Spokeo then marketed the profiles to headhunters, human resource firms and background screening companies without verifying the accuracy of the data or informing its customers about their obligation to only use the data in compliance with the Fair Credit Reporting Act (FCRA), the FTC noted.
"Spokeo operated as a consumer-reporting agency and violated the FCRA by failing to make sure that the information it sold would be used only for legally permissible purposes," the FTC noted in its statement.
Between 2008 and 2010, Spokeo actively marketed its consumer profiles on a subscription basis to HR professionals, recruiters and employment-screening services. The company ran advertisements to attract customers from these fields and posted misleading endorsements to make it appear as if other customers and businesses supported Spokeo's services, the FTC noted.
The FTC's investigation stems from a complaint filed in 2010 by the Center for Democracy and Technology (CDT). In its 24-page complaint, the CDT accused Spokeo of offering credit estimate and "wealth level" ratings on millions of American's based on inaccurate and incomplete data on consumers gathered from numerous online and offline sources.
Although Spokeo actively pitched its data and consumer profiles for employment decisions, the company did not offer consumers any of the protections offered under the FCRA. "Consumers have no access to the data underlying Spokeo's conclusions, are not informed of adverse determinations based on that data, and have no opportunity to learn who has accessed their profiles," the CDT noted in its complaint.
In a blog post today, Spokeo founder and president Harrison Tang noted that the company never intended to act as a consumer-reporting agency. "We have made changes to our site and our internal business practices in order to ensure we don't infringe upon the FCRA's important consumer protections," he wrote.
"We do not create our own content, we do not possess or have access to private financial information, and we do not offer consumer reports," Tang noted. "Our agreement with the FTC will allow for a continued open dialogue regarding our business practices."
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
Read more about Internet Search in Computerworld's Internet Search Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Mobile Applications Case Study: 8 Billion Transactions a Day The story documents how the online brokerage company tradeMONSTER created a custom mobile app and the success gleaned from this initiative. Also covered...
- Who's afraid of the big (data) bad wolf? Survive the big data storm by getting ahead of integration and governance functional requirements This paper provides a detailed review of the best practices clients should consider before embarking on their big data integration projects.
- Understanding big data so you can act with confidence Automating information integration and governance and employing it at the point of data creation helps organizations boost confidence in their big data.