recommended reading

FTC Lifts the Veil on Companies That Sell Your Data

A cell phone displays information during a Federal Trade Commission mobile tracking demonstration.

A cell phone displays information during a Federal Trade Commission mobile tracking demonstration. // Carolyn Kaster/AP

Do data brokers know more about you than your own mother?

The Federal Trade Commission Congress thinks they might, and the agency released a report Tuesday urging Congress to push for more transparency and accountability for the companies that harvest and sell consumer information.

"The extent of consumer profiling today means that data brokers often know as much—or even more—about us than our family and friends, including our online and in-store purchases, our political and religious affiliations, our income and socioeconomic status, and more," said FTC Chairwoman Edith Ramirez in a statement Tuesday.

Data brokers are companies that aggregate information from a vast range of online and off-line sources, such as social media and retailers, to compile and sell consumer profiles to marketers and others for various purposes, from personally tailored advertisements to fraud prevention.

The FTC research found that data brokers are collecting troves of personal information about "nearly every U.S. consumer," largely with a "fundamental lack of transparency," and that the information could be used in ways that are damaging to consumers.

Among the federal agency's recommendations is the creation of a "centralized portal," a one-stop shop for consumers to access information about data brokers' data-collection practices, as well as tools to access their data profiles.

The FTC's investigation into nine of the major data-broker companies, launched in 2012, found that these companies are analyzing billions of data points to make inferences about customers, from the benign, like "Dog Owner," to the potentially damaging categories that highlight sensitive health, age, or socioeconomic information, according to the report.

The risk is that companies could use this data to target vulnerable customers or offer varying prices. For example, someone identified as a "Diabetes Interest" could receive ads for sugar-free products, but an insurance company could use that same data to classify such a person as high-risk, according to Ramirez. 

"Does it mean many among us will be cut off from being offered the same goods and services, at the same prices, as our neighbors?" Ramirez asked in a statement Tuesday. "Will these classifications mean that some consumers will only be shown advertisements for subprime loans while others will see ads for credit cards?"

The data-brokerage industry dates back to mail-order catalogs in the 1950s, but the industry has transformed in the digital age. As consumers' conduct more and more of their lives online, data brokers have an unprecedented amount of information at their fingertips, along with the powerful technology to analyze this information and piece it together like never before.

With the exception of a few industry-specific rules to safeguard sensitive financial data, health data, and data about children, the industry is unregulated. That is why the FTC is calling on Congress to enact legislation that would increase transparency in the industry and give consumers more control over the data collected about them.

The FTC's report follows another on the data-broker industry released earlier this year by Sen. Jay Rockefeller, which raised similar concerns about the secrecy of the industry and the risks it poses to consumers. Rockefeller also introduced legislation, with Sen. Edward Markey, that would enact transparency requirements on data brokers and allow consumers to correct their information.

Threatwatch Alert

Network intrusion / Spear-phishing

Researchers: Bank-Targeting Malware Sales Rise in Dark Web Markets

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.