A coalition of 13 large data compilers is considering filing a lawsuit that would seek to invalidate new Federal Trade Commission financial privacy rules, members of the group said this week.
The controversy is an extension of an 8-year-old battle between the FTC and the national credit bureaus over the use of certain information from credit reports.
The Individual Reference Services Group, Washington, which includes all three national credit bureaus and other organizations that compile data about individuals, is concerned about provisions in the FTC’s rules for the implementation of the Gramm-Leach-Bliley Act that would bar credit bureaus from sharing the “header” data from credit reports with third parties. The data include individuals’ names, ages, addresses and Social Security numbers.
Under terms of the Fair Credit Reporting Act, however, the credit bureaus have been permitted to sell the header data to third parties for marketing purposes, unlike the actual credit information they compile, which can be used only to offer credit or insurance.
Marketers use the header information to generate lists because it has been a good source for age data and current address information, said Jan Davis, executive vice president at Trans Union LLC, the Chicago credit bureau and list marketer. She said the FTC’s privacy rule carries particular significance for direct marketers because the newly enacted Driver’s Privacy Protection Act restricts their access to personal information from state motor vehicle agencies.
The FTC, in issuing its rules for implementing the Gramm-Leach-Bliley Act, determined that the credit report header data were nonpublic personal financial information and could not be shared with third parties except under the restrictions that govern the use of the rest of the credit data.
Ron Plesser, a Washington attorney who is coordinator of the IRSG, said he would meet with group members in the coming weeks to determine whether to file suit to block the FTC’s rule.
“Our legal position is that, No. 1, names and addresses are not financial information, and that’s what Gramm-Leach-Bliley covers — nonpublic personal information,” he said. “No. 2, the statute says nothing in the act should interfere with or supersede the operation of the Fair Credit Reporting Act, and we think the treatment of credit header information has been part of the operation of the Fair Credit Reporting Act, and the FTC went beyond their authority in doing that.”
An FTC spokeswoman said the credit bureaus might still be able to use the credit header information for other purposes, however, if the financial services firms that supply the data inform their customers that the data will be re-used by credit bureaus. The financial services firms must then give their customers the opportunity to opt out of having the data shared.