The U.S. Senate Committee on Banking, Housing and Urban Affairs considered testimony on the impact of information resellers (i.e., companies that collect and resell individuals' information) on financial data privacy, credit, insurance, employment and housing.
World Privacy Forum Executive Director Pam Dixon urged Congress to regulate consumer scores and predictions that are being created and sold by information resellers without oversight. According to Ms. Dixon, these scores, which often use artificial intelligence ("AI") to make real-time predictions of consumer behavior, can create "risk, havoc, or diminished opportunities in a person's life."
Ms. Dixon stated that information resellers have avoided regulation due to a loophole in the Fair Credit Reporting Act ("FCRA") that applies only to individuals, not to households. She stated that these unregulated scores, which are supposed to be used only for marketing purposes, contain critical consumer information. For example, she said, credit scores like the Aggregate FICO include numerous detailed financial metrics, such as consumers' "neighborhood risk score." Ms. Dixon was critical of the so-called "adversity score," recently launched by the College Board, that uses a student's home, neighborhood and school background to score the problems a student may face gaining access to a good education. Ms. Dixon advised committee members to address these concerns by (i) expanding the FCRA to close the loophole on unregulated financial scores and (ii) introducing a standards law to ensure due process and fair standards setting regarding consumer data privacy.
GAO Financial Markets and Community Investment Director Alicia Puente Cackley highlighted existing deficiencies in the federal framework protecting consumer information privacy. Ms. Cackley based her testimony primarily on the GAO's recommendations to Congress following its 2013 report on privacy issues. Pursuant to the 2013 report, the GAO advised Congress to (i) strengthen the federal regulatory framework and (ii) address cybersecurity. According to Ms. Cackley, the current consumer privacy framework does not adequately address:
individuals' ability to review, control and correct their personal data;
the methods, sources and types from which resellers collect and aggregate personal information;
new technologies, such as facial recognition, and FinTech firm activities;
internet privacy issues, such as practices that track or collect consumers' activity on the internet or mobile applications; and
regulatory authorities' limited enforcement and regulation of related information reseller activity.