Fourteen leading information industry companies* as part of the Individual Reference Services Group (IRSG), in December 1997 pledged to adopt self-regulatory principles governing the dissemination and use of personal data. The IRSG developed these principles in conjunction with the Federal Trade Commission during its examination of privacy concerns and the uses of personal information.
Individual reference services are commercial services that provide data to help identify, verify, or locate individuals. These services play an important role in facilitating law enforcement, fraud prevention and detection, and a range of business transactions and legal proceedings.
The principles impose significant restrictions on the access and distribution of non-public information, such as non-financial identifying information in a credit report. For example, social security numbers obtained from non-public sources may not be displayed to the general public on the Internet by IRSG companies. IRSG members also have agreed to restrictions on the dissemination of social security numbers and dates of birth to commercial and professional subscribers. Furthermore, information from non-public sources about persons identifiable as minors will not be available to either the public or commercial and professional markets.
Each IRSG member has pledged to be in compliance with the principles by December 31, 1998. After the initial compliance period, companies will be subject to yearly audits by a qualified independent auditor or assurance organization. In addition, the principal suppliers of non-public information will enforce these provisions through contracts with vendors. All companies in the industry that obtain information from these suppliers and fail to comply with the principles risk losing access to the data.
* Experian and Metromail are now owned by the same company.