Information sellers and resellers / Shane C. Leger.

Format:

Book

Contributor:

Leger, Shane C.

Series:

Financial institutions and services.

Financial institutions and services series

Language:

English

Subjects (All):

United States. Government Accountability Office.

United States.

Data protection--Law and legislation--United States.

Data protection.

Information services--Government policy--United States.

Information services.

Records--Access control--United States.

Records.

Financial institutions--Law and legislation--United States.

Financial institutions.

Physical Description:

1 online resource (166 p.)

Edition:

1st ed.

Place of Publication:

New York : Nova Science Publishers, Inc., 2009.

Language Note:

English

Summary:

Explores federal privacy laws, information resellers and their ability to safeguard sensitive data. This book discusses the Government Accountability Office (GAO), which examined: financial institutions' use of resellers; federal privacy and security laws applicable to resellers; federal regulators' oversight of resellers; and, more.

Contents:

Intro

INFORMATION SELLERSAND RESELLERS

CONTENTS

PREFACE

PERSONAL INFORMATION AGENCYAND RESELLER ADHERENCE TO KEY PRIVACYPRINCIPLES∗

WHAT GAO FOUND

WHY GAO DID THIS STUDY

WHAT GAO RECOMMENDS

ABBREVIATIONS

RESULTS IN BRIEF

BACKGROUND

Federal Laws and Guidance Govern Use of Personal Information in FederalAgencies

Additional Laws Provide Privacy Protections for Specific Types and Uses ofInformation

The Fair Information Practices Are Widely Agreed to Be Key Principles forPrivacy Protection

Congressional Interest in the Information Reseller Industry Has BeenHeightened

USING GOVERNMENTWIDE CONTRACTS,FEDERAL AGENCIES OBTAIN

Personal Information from Information Resellers for a Variety of Purposes

Department of Justice Uses Information Resellers Primarily for LawEnforcement and Counterterrorism Purposes

DHS Uses Information Resellers Primarily for Law Enforcement andCounterterrorism

SSA Uses Information Resellers Primarily for Fraud Prevention and IdentityVerification

The Department of State Uses Information Resellers Primarily for PassportFraud Detection and Investigation

Agencies Contract with Information Resellers Primarily through Use ofGSA's Federal Supply Schedules and the Library of Congress's FEDLINKService

RESELLERS TAKE STEPS TO PROTECT PRIVACY, BUT THESEMEASURES ARE NOT FULLY CONSISTENT WITH THE FAIRINFORMATION PRACTICES

Information Resellers Generally Did Not Report Limiting Their DataCollection to Specific Purposes or Notifying Individuals about Them

Information Resellers Do Not Ensure That Personal Information TheyProvide Is Accurate for Specific Purposes

Information Resellers' Specification of the Purpose of Data CollectionConsists of Broad Descriptions of Business Categories.

Information Resellers Generally Limit the Use of Information as Requiredby Law, Rather Than on the Basis of Purposes Originally Specified When theInformation Was Collected

Information Resellers Reported Taking Steps to Improve SecuritySafeguards

Information Resellers Generally Informed the Public about Their PrivacyPolicies and Practices

Information Reseller Policies Generally Allow Individuals Limited Ability toAccess and Correct Their Personal Information

Information Resellers Report Measures to Ensure Accountability for theCollection and Use of Personal Information

AGENCIES LACK POLICIES ON USE OF RESELLER DATA, ANDPRACTICES DO NOT CONSISTENTLY REFLECT THE FAIRINFORMATION PRACTICES

Agency Procedures Reflect the Collection Limitation, Data Quality, UseLimitation, and Security Safeguards Principles

Limitations in the Applicability of the Privacy Act and Ambiguities in OMBGuidance Contribute to an Uneven Adherence to the Purpose Specification,Openness, and Individual Participation Principles

Privacy Impact Assessments Could Address Openness, and PurposeSpecification Principles but Are Often Not Conducted

Agencies Often Did Not Have Practices in Place to Ensure Accountability forProper Handling of Information Reseller Data

CONCLUSIONS

MATTER FOR CONGRESSIONAL CONSIDERATION

RECOMMENDATIONS FOR EXECUTIVE ACTION

AGENCY COMMENTS AND OUR EVALUATION

COMMENTS FROM INFORMATION RESELLERS

LIST OF REQUESTERS

APPENDIX I

Objectives, Scope, and Methodology

APPENDIX II

Federal Laws Affecting Information Resellers

Gramm-Leach-Bliley Act

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT

Fair Credit Reporting Act

Fair and Accurate Credit Transactions Act

APPENDIX III

APPENDIX IV

APPENDIX V

APPENDIX VI

REFERENCE.

PERSONAL INFORMATION: KEY FEDERALPRIVACY LAWS DO NOT REQUIREINFORMATION RESELLERS TO SAFEGUARD ALLSENSITIVE DATA∗

FINANCIAL INSTITUTIONS USE INFORMATION RESELLERSFOR ELIGIBILITY DETERMINATIONS, FRAUD PREVENTION,PATRIOT ACT COMPLIANCE, AND MARKETING

Consumer Reports Sold by Credit Bureaus and Other CRAs Are Used toMake Credit and Insurance Eligibility Decisions

Financial Institutions Use Information Resellers to Comply with thePATRIOT Act, Prevent Fraud, Mitigate Risk, and Locate Individuals

Some Financial Institutions Use Information Resellers for Marketing

FEDERAL PRIVACY AND INFORMATION SECURITY LAWSAPPLY TO MANY INFORMATION RESELLER PRODUCTS,DEPENDING ON THEIR USE AND SOURCE

Several Federal Privacy and Security Laws Apply to Personal Data Held byInformation Resellers

FCRA Applies Only to Consumer Information Used to Determine Eligibility

FCRA Provides Access, Correction, and Opt-Out Rights for ConsumerReports

GLBA Applies to Information Resellers That Are Financial Institutions orReceive Information from Financial Institutions

No Federal Statute Requires Notification of Data Breaches

FTC HAS PRIMARY RESPONSIBILITY FOR ENFORCINGINFORMATION RESELLERS' COMPLIANCE WITH PRIVACYAND INFORMATION SECURITY LAWS

FTC Has Primary Federal Enforcement Authority over InformationResellers

FTC Has Investigated and Initiated Formal Enforcement Actions againstInformation Resellers for FCRA and FTC Act Violations

FTC Cannot Levy Civil Penalties for GLBA Information Privacy andSecurity Violations

AGENCIES DIFFER IN THEIR OVERSIGHTOF THE PRIVACY AND SECURITY OF PERSONAL INFORMATIONAT FINANCIAL INSTITUTIONS.

Financial Institutions and Their Regulators Said They Do Not Distinguishbetween Data from Information Resellers and Other Sources

Federal Banking Agencies Provide Guidance and Examine RegulatedBanking Organizations for GLBA and FCRA Compliance

Securities Regulators Oversee GLBA Compliance of Securities Firms

State Insurance Regulators Require Insurers to Comply with InformationPrivacy and Security Provisions, but Enforcement May Be Limited

FTC Enforces GLBA and FCRA Compliance of Financial Institutions withinIts Jurisdiction

NCUA, Securities, and Insurance Regulators Do Not Have Full Authority toExamine Third-Party Vendors, Including Information Resellers

MATTERS FOR CONGRESSIONAL CONSIDERATION

RECOMMENDATION FOR EXECUTIVE ACTION

AGENCY COMMENTS

APPENDIX I: SCOPE AND METHODOLOGY

Sample Insurance Claims History Report

Sample Deposit Account History Report

Sample Identity Verification and OFAC Screening Report

SAMPLE FRAUD INVESTIGATION REPORT

APPENDIX III:COMMENTS FROM THE FEDERAL TRADE COMMISSION

REFERENCE

SOCIAL SECURITY NUMBERS:INTERNET RESELLERS PROVIDE FEW FULL SSNS,BUT CONGRESS SHOULD CONSIDER ENACTINGSTANDARDS FOR TRUNCATING SSNS∗

INTERNET RESELLERS'WEB SITES SHARED SIMILARCHARACTERISTICS

Internet Resellers Offered to Sell a Variety of Information in Various Ways

Three-Quarters of Internet Resellers Identified Their Sources of Information

MOST ATTEMPTS TO PURCHASE SSNS FAILED

APPLICABILITY OF FEDERAL PRIVACY LAWS TO INTERNETRESELLERS CANNOT BE DETERMINED

APPENDIX II: COMMENTS FROM THE SOCIAL SECURITYADMINISTRATION.

INDEX.

Notes:

Description based upon print version of record.

Includes bibliographical references and index.

ISBN:

1-61470-093-1

OCLC:

756496918