Spokeo data broker to pay $800,000 in FTC privacy case

The people search website marketed its consumer profiles to human resources and background checking companies, the agency says

Data broker and online people search service Spokeo will pay US$800,000 to settle U.S. Federal Trade Commission charges that it sold consumer profiles to other companies without taking steps required under the U.S. Fair Credit Reporting Act (FCRA) to protect consumers, the FTC announced Tuesday.

In the first FTC case addressing the sale of Internet and social media data in the employment screening area, the agency alleged that Spokeo operated as a consumer reporting agency but failed to ensure that the information it sold would be used only for legal purposes, the agency said. Spokeo also violated the FCRA by failing to ensure that the information it sold was accurate and by failing to tell users of its consumer reports about the company's obligations under the credit law, the FTC alleged.

Spokeo marketed consumer profiles to companies in the human resources, background screening and recruiting industries, the FTC said.

Spokeo collects personal information about consumers from hundreds of online and offline data sources, including social networks, the FTC said. It merges the data to create detailed personal profiles of consumers, containing the consumer's name, address, age range, and email address. The profiles can also include hobbies, ethnicity, religion, participation on social networking sites, and photos.

From 2008 to 2010, Spokeo marketed the profiles on a subscription basis to human resources professionals, job recruiters and others as an employment screening tool, the FTC said. The company encouraged recruiters to "explore beyond the resume."

Spokeo created a special section of its website for recruiters, the FTC said.

The company never intended to act as a consumer reporting agency, Spokeo founder and President Harrison Tang wrote in a blog post. Spokeo has made changes to its website and its business practices to comply with the FCRA, he wrote.

The changes will "ensure an honest and transparent service that will continue to be easy for our customers to use," he added. "We are a technology company organizing people-related data in innovative ways. We do not create our own content, we do not possess or have access to private financial information, and we do not offer consumer reports."

The agreement with the FTC will "allow for a continued open dialogue regarding our business practices," Tang wrote. "We also believe our industry must listen to the public and work with policymakers to act on consumer privacy interests."

The FTC alleged that Spokeo failed to notify consumers that it was required to tell them of adverse actions taken against them by buyers of the consumer data. Spokeo also posted deceptive endorsements of its service on websites and blogs by portraying the endorsements as independent when they were created by Spokeo's own employees, the FTC alleged.

Under the settlement, the FTC has barred Spokeo from future violations of the FCRA and from making misrepresentations about its endorsements.

The FCRA, passed by Congress in 1970, was intended to promote the accuracy, fairness, and privacy of information in the files of consumer reporting agencies.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is grant_gross@idg.com.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Grant Gross

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place