Privacy & Information Security Law Blog

On June 12, 2012, the Federal Trade Commission announced a settlement agreement with data broker Spokeo, Inc. (“Spokeo”). The FTC alleged that Spokeo operated as a consumer reporting agency and violated the Fair Credit Reporting Act (“FCRA”), and that certain of its advertisements were deceptive in violation of Section 5 of the FTC Act. The proposed settlement order imposes a $800,000 civil penalty on Spokeo and prohibits future violations of the FCRA. This is the first FTC case to address the sale of Internet and social media data in the employment screening context.

According to the FTC’s complaint, Spokeo’s consumer data collection and sharing practices effectively made it a consumer reporting agency as defined by the FCRA, and Spokeo specifically targeted its services for sale to companies operating in human resources, recruiting and background screening as a tool for evaluating job candidates. Spokeo, however, failed to limit distribution of its reports to entities with a “permissible purpose” to obtain them, did not maintain reasonable procedures to ensure the accuracy of the reports or that recipients had a permissible purpose, and did not provide the appropriate notice to users of the consumer reports it sold. The FTC further alleged that Spokeo posted “endorsements” that appeared to have been submitted by independent reviewers on technology websites and blogs, but that these statements were deceptive (and violated Section 5 of the FTC Act) because they were in fact created by Spokeo employees.

The proposed settlement includes a civil penalty of $800,000 for the FCRA violations, and it permanently enjoins Spokeo from furnishing consumer reports to entities that do not have a permissible purpose to receive such reports. The settlement also requires Spokeo to maintain reasonable procedures to assure the maximum accuracy of the information in its consumer reports, and it prohibits Spokeo from making misrepresentations about its endorsements or failing to disclose a material connection with endorsers. Spokeo also must comply with reporting, recordkeeping and monitoring measures imposed by the settlement order.

In May 2011, we reported on a civil claim filed against Spokeo in California federal court.