This is disturbing in principle and dangerous in practice: Brokers classify consumers in categories such as “Ethnic Second-City Strugglers” and “Tough Start: Young Single Parents” so that companies can market them risky financial products such as high-cost loans. A prospective employer could access a candidate’s health history, or Internet searches that point to potential medical conditions, and decide not to hire. Data brokers’ security practices are not monitored, either, which means the data they collect can easily fall into the hands of hackers with even worse motives.
To fix this problem, Congress should include in any federal privacy framework a registry of data brokers, similar to the one Vermont established last year. A robust privacy regime should impose limitations on what companies across industries can do with consumer data. It should grant consumers the right to access, correct and delete their information. But even with those guardrails in place, data could still reach brokers, and any new rights would be worth little, if Americans remain powerless to exercise those rights because they do not know who the brokers are.
This registry, administered by the Federal Trade Commission, would offer consumers a one-stop shop for tracking down their data — and seeking redress when it has been abused. Americans could also enroll with a single click in a “do not track” list that would keep their information out of broker databases. The tech titans at the center of the privacy controversy have done much to earn the suspicion of consumers and politicians. But their size and prominence also makes them easy targets. Congress should pay attention to those that are harder to spot, too.