Advertisement

SKIP ADVERTISEMENT

Intel Executive: Rein In Data Brokers

Congress must act to protect American citizens.

Credit...Alexis Beauclair

Mr. Hoffman is associate general counsel and global privacy officer at Intel Corporation.

Did you know that your personal information is available online to anyone with $10? This isn’t some illegal, dark-web transaction. It’s a service provided by the online data-broker industry, which mines addresses, phone numbers and other personal information, and legally sells that information to anyone who pays.

At best, this practice is disturbing. Sometimes, it is downright dangerous.

Last fall, the phone number of a Vox reporter, Carlos Maza, was shared online by followers of a YouTube personality Mr. Maza had reported on, resulting in hundreds of hostile texts from strangers. Without his consent — or even his knowledge — Mr. Maza’s personal info was spreading across the internet.

While the internet has aggravated the problem, it isn’t new. Twenty years ago, one of the first victims of cyberstalking to attract national attention, Amy Boyer, was murdered after her stalker purchased her personal information from a third-party data broker. For eight years, he tracked her using information including her phone number, Social Security number and eventually the address of her workplace.

Selling personal data is big business: The industry generates $200 billion in economic activity per year. The nation’s largest data broker, Acxiom Corporation, is worth more than $2 billion and maintains 500 million consumer profiles in its databases.

[If you’re online — and you are — chances are someone is using your information. We’ll tell you what you can do about it. Sign up for our limited-run newsletter.]

Companies like Acxiom collect data from public records — court documents, marriage licenses, driver’s licenses and other sources. They use this data to package a profile of you that they can sell online to whomever they want for whatever they want to charge.

For less than $25 per month, Peoplefinders, one of the most popular sites for finding information on private citizens, will sell data on anyone in their database, including current address, phone number and arrest records.

Another of the country’s largest data brokers, Equifax, is known for its data breach in 2017, considered the worst in corporate history because of the sensitive data it exposed. Because of a lax attitude toward cybersecurity, Equifax allowed the credit card histories, Social Security numbers and other critical personal information of 147 million people to be stolen by cybercriminals.

It is easier than ever for sensitive information to spread, and we urgently need legislation that allows the Federal Trade Commission and state attorneys general to protect Americans from having their personal data collected and sold without their consent.

According to a 2014 F.T.C. report, data collected and sold by data brokers “can be used to facilitate harassment, or even stalking, and may expose domestic violence victims, law enforcement officers, prosecutors, public officials, or other individuals to retaliation or other harm.”

States aren’t waiting for the federal government to act. Last year, former Gov. Jerry Brown of California signed the California Consumer Privacy Act, which requires businesses to tell consumers what data they’ve collected about them when requested. But it puts the burden on consumers to fight for their own data protection, rather than placing the burden on companies to ensure that data is used in ethical and responsible ways.

Instead of requiring individuals to fight for their own data privacy (something that is increasingly impossible for them to do), we need a federal standard that requires data collectors to use consumer information ethically. Among other things, Congress must take several steps to ensure data brokers can’t continue selling private data without serious repercussions.

The F.T.C. should have the power to incentivize ethical data use and punish companies that act unethically by sharing information that could cause harm to individuals. This irresponsible behavior by data brokers has included making available rape survivors’ contact information, using personal information to enable racial and ethnic discrimination or providing information on seniors who suffer from dementia.

Big data has the power to transform our world in industries from education to health care to manufacturing. But current law doesn’t discriminate between a company using your data responsibly to develop new cancer treatments and one selling your phone number to an online predator. Congress must give the F.T.C. authority to go after bad actors while still allowing for innovative uses of data to improve lives.

Furthermore, data privacy legislation should take the burden off individuals and place it on companies. Most people don’t have the time or legal background to read and understand pages and pages of terms and conditions just to keep their personal data off the open market. Companies must make it easy to understand how they are using data and to whom they are they’re selling it.

By giving the F.T.C. clear guidelines for enforcement and the resources to pursue it, Congress can hold data brokers accountable and push them to use data fairly, transparently and honestly. Regulations should provide robust rights for individuals to access, correct and obscure data that relates to them, while also supporting responsible use of data to empower a thriving, cutting-edge tech economy. Data privacy need not stifle innovation, but it must protect the public from harm.

Congress has a responsibility to protect the privacy of the constituents it was elected to serve, and it must pass comprehensive federal privacy legislation. In a world where personal information can spread around the world in moments, and where data brokers openly trade in people’s most intimate secrets, it can’t afford not to.

David A. Hoffman is associate general counsel and global privacy officer at Intel Corporation.

Like other media companies, The Times collects data on its visitors when they read stories like this one. For more detail please see our privacy policy and our publisher's description of The Times's practices and continued steps to increase transparency and protections.

Follow @privacyproject on Twitter and The New York Times Opinion Section on Facebook and Instagram.

glossary replacer

Advertisement

SKIP ADVERTISEMENT