Hundreds of data brokers could break the laws of the States, say the defenders of privacy

The Electronic Frontier (EFF) Foundation and a group of non -profit privacy rights called several states to investigate Why the “hundreds” of data brokers did not register with state -owned protection agencies in accordance with local laws.

An analysis carried out in collaboration with Clearinghouse Private Rights (PRC) revealed that many data brokers have failed to register in the four states with laws that require it, preventing consumers in certain states from learning what types of information that these brokers collect and how to withdraw. These results could be explained by variations in the definition of a data broker, but they may indicate that certain brokers violate the law.

Data brokers are companies Who collect and sell trox of personal information on people, including their names, addresses, telephone numbers, financial information, etc. Consumers have little control over this information, posing serious confidentiality problems and attempts to respond to these concerns at the federal level have mainly failed. Last month, Lexisnexis Risk Solutions revealed a data violation This may have revealed the names, social security numbers, driving license numbers and contact details of more than 364,000 people.

Four states – California, Texas, Oregon and Vermont – try to regulate these companies by forcing them to register with consumer protection agencies and to share details on the type of data they collect. California consumers, for example, can use the online database to search for different data brokers recorded in the state, see contact details and find steps on how to withdraw from data collection. Meanwhile, in Texas, data brokers must follow certain security measures designed to protect consumer information.

In letters to the attorneys general of the States, the EFF and the PRC say that they “discovered a disturbing model” after having scratched the registers of the data brokers in California, Texas, Oregon and Vermont. They found that many data brokers do not regularly record their activities in the four states. The number of data brokers that appeared in a register but not another includes 524 in Texas, 475 in Oregon, 309 in Vermont and 291 in California.

As the EFRA noted, the differences in the way in which each state defines a data broker could explain some of these differences. It is also possible that some brokers do not collect data from people in all these states – although the industry generally throws a large net.

Conversely, the EFF also indicates that this analysis would not include the data brokers which “do not take into account the laws of the State by not being part of any state”.

The EFF and the PRC suggest that California, Texas, Oregon and Vermont look at companies that have failed to register in other states, writing that their results “could indicate a systematic failure of conformity” in each state. They add that a survey and application actions could “send a powerful signal” concerning the commitment of a state towards privacy.