In the last issue we discussed the compliance requirements that a skip tracer must adhere to when attempting to obtain location information related to the collection of a debt. In this issue we will look at the compliance requirements a cybertracker must follow when tracking a person through the maze of electronic data posted on the Internet.
First let us begin by defining the action that a cybertracker performs in their effort to locate consumers.
The cybertracker locates and analyzes data that has been posted on various free data sites such as public records, social data sites such as Twitter, Facebook and LinkedIn, and pay data sites where an information broker has purchased data, refined it and made it accessible in a user-friendly format for a fee.
The two major areas of concern to a tracer should be obtaining information from data brokers and obtaining information from social media. The information obtained from free data sources such as public records and Internet news postings are usually considered “Open Source” data and there are very few laws which the tracer should be concerned about other than giving a false reason for obtaining public record data covered by a privacy law. An example of this would be driver license information which would have non-public personal information (NPPI) data such as the date of birth, physical characteristics and addresses. Most state Department of Public Safety requires a form to be filled out asking for the purpose the information is needed. The tracer must never put down a false reason as it would violate that state’s law, triggering an FDCPA violation. Now to the two major areas of concern.
Data Broker Compliance
Let’s begin with the Data Brokers who resell information. These entities usually fully vet their potential clients and conduct on-site inspections to insure the clients are legitimate, using the data in a legal manner, properly licensed and bonded as required and have taken the required steps to protect the data both in transit and at rest. The inspection will usually include a review of the various purposes the data will be used for and that the users have been properly trained in relation to the applicable laws such as the FDCPA, GLBA and FCRA. The data brokers will have an area in their program where the user is asked to indicate the reason for obtaining the data and often audit the data purchaser’s records to verify compliance. As I stated, the information obtained through these data brokers falls under a litany of federal and possible state laws and the users should be trained to follow the requirements of these statutes to the letter.
Social Site Compliance
Next, we will discuss the social sites and the guidelines a cybertracker must follow when accessing data extracted from these sites. The two main things to remember when searching for information on the many social sites which may include high school and college sites such as Alumni.com and Classmates.com is 1): It is “read only.” The tracer must never ask to “be a friend” of the person they are attempting to locate or, for that matter, the person’s friends or relatives. And 2): The tracer should never attempt to establish a false identity to obtain information. Doing either of these two things could certainly be viewed as a violation of the Fair Debt Collection Practices Act, § 807 [15 U.S.C. §1692e] which prohibits the use of “any false, deceptive, or misleading representations or means.”
In a nutshell, these rules cover the statutes a cybertracker must adhere to when tracking people through the Internet. When there is a question as to what to do, I train people to ask themselves a simple question: “Could I get in trouble for doing this?” If the answer is “yes” or “I don’t know,” the conclusion is simple: Don’t do it.
Until next time… good luck and good hunting.
Ron Brown is a member of the National Association of Fraud Investigators and the author of “MANHUNT: The Book.” Contact him at