NCISS, Federal Trade Commission Discuss Data Access

On Friday, April 8th, NCISS met with top leaders of the Federal Trade Commission to discuss the ramifications of the recent security breaches at Choicepoint, banks and a subsidiary of Lexis-Nexis.  Attending for NCISS were President, Brian McGuinness of Florida, Legislative Committee Chair, Bruce Hulme of New York, Legislative Committee member, Pierre Paret of Virginia, and Washington Representative, Larry Sabbath.  Among those attending for the FTC were:

Director of the Bureau of Consumer Protection, Lydia Parnes
Associate Director, Joel Winston (Financial Practices Division)
Assistant Director, Andrew Smith
Assistant Director, Peggy Twohig (Financial Practices Division)
Associate Director, Lois Greisman (Planning and Information Mgt. Division)
Assistant Director, Lee Peeler

NCISS representatives expressed their concern that as a result of the recent breaches by data providers, private investigators have become the victims.  Many are being denied access by data providers to information they have long been able to use in their investigations.  This raises restraint of trade issues.  Investigators are fearful that legislation could further restrict access.

Hulme pointed out to the FTC that data providers had moved the issue of causation away from the security breaches at their locations holding the data and their lack of due diligence, and onto private investigators as an occupational class even though investigators had not allowed any breaches in their security. Information data sellers, financial institutions and government agencies have been the entities that failed to secure their data, and not private investigators whether in large firms or sole proprietorships.

Furthermore, ChoicePoint’s lack of due diligence had been with individuals and firms purporting to be collection agencies, which are unregulated, and not with private investigators.  NCISS questioned ChoicePoint’s recent re-credentialing of its longstanding private investigator client base and pointed out that alternative controls and measures might be instituted by information brokers to lessen the risk of their data being breached or being used for nefarious purposes. NCISS suggested that information brokers not accept money orders as payment nor allow the sale of data over the Internet to the general public.

Hulme explained how such data is used in various investigations.  He cited examples of successful investigations of different types, including identity theft, fraud, location of heirs, discovery of exculpatory evidence, and location of criminals.  Case histories, with redacted personal information, that had been provided to NCISS by private investigators were turned over to the FTC for their evaluation in order to confirm our contention that the full SSN and DOB are necessary investigative tools.

McGuinness presented information about how such access to data serves the judicial system in both civil litigation and criminal defense cases. He explained how integral private investigators are within the court system, often working behind the scenes on a wide range of cases.  He also described use of a credit header search to reunite a mother with her child who had been abducted by the father. He emphasized the importance of utilizing SSN searches when locating female witnesses because of name changes through divorce and marriage.

The FTC attendees asked how data could be protected without restricting those who need the data for legitimate reasons.  They were particularly interested in assuring that data were accessed only for appropriate reasons.  NCISS advised them that we favor strong sanctions against misuse of such information by anyone, including private investigators.

Sabbath pointed out that the majority of ID thefts occur by low-tech methods, including pick-pocketing, stealing from mailboxes, theft by employees and dumpster diving.  He said that PIs agreed that the general public should not be able to access personal information on the Internet and that NCISS supports legislation to require notice to consumers when breaches occur.  NCISS also advised the FTC that it supports the concept behind Senator Feinstein’s S. 115, the Notification of Risk to Personal Data Act.  He further suggested that ID cards, including health cards, should not display SSN’s. 

Asked what kind of information was essential to any exemptions for private investigators in future legislation, the NCISS representatives suggested language based on existing law, found in the Driver’s Privacy Protection Act.

Discussion was also directed toward whether or not private investigators operating in states without licensing should be allowed access.  NCISS advised that in situations such as this, those investigators could be required to sign an agreement with the data providers that they would voluntarily subject themselves to the most stringent state regulations existing.  FTC officials asked NCISS to continue to keep them informed

Submitted by:
Bruce H. Hulme, Chairman
for the NCISS Investigations Legislative Committee
Email: specialinvestigations@worldnet.att.net