Cheap Background Reports: Bad Idea?
We are routinely contacted by lawyers and private clients inquiring about just what information we can provide about a person or business. We are asked about finding things like prior work-related (industrial) injuries and treatment, other injuries (such as car accidents or bicycle accidents) bank accounts, and even travel plans. More recently, our clients have been asking why they should pay so much more for us to conduct an investigation when they can “just order information online for much cheaper.”
Granted, you can find out all kinds of information about someone on the internet. All you need do is Google a person’s name and you will find a proverbial shopping list of possible information you may be seeking about someone: websites offering phone numbers, addresses, relatives, and criminal history. “All for the low, low price of $19.95!” Your next thought should be – “If something seems too good to be true, it probably is.” Here are a few things you should consider before you unwittingly break the law and possibly kill your case.
The first concern is that the information may be outdated and unreliable. Data brokers obtain their information from many sources with varying degrees of reliability. Background information in particular is culled from many different sources – such as utility bills, judgments, liens, credit cards, magazine subscription lists, even warranty cards for hard goods. Those cards are included in everything from kitchenware to new windows, and many consumers happily supply their name, home address, even information about household income. When dealing with information from online data brokers there likely has been no human being reviewing the information to be certain it actually pertains to your subject and is up-to-date. It is likely just a compilation or “data dump” from multiple databases to which that company subscribes. These reports can be difficult to read for the un-initiated: how do you know which “most recent address” is really the most recent? If your subject has a fairly common name, or shares a name with a family member (ex. John Smith, Jr.), the computer systems may not be able to separate the data specific to your subject. Your “comprehensive report” may include misleading, mischaracterized, or misattributed information. Buyer beware.
The second, larger concern is whether the information has been legally obtained. While phone numbers and addresses are available through many legal means, more sensitive information is protected by a patchwork of federal and state laws. Protected classes of information include medical records, flight manifests, bank accounts, credit information, phone call or text message records and many more. Absent a court order, these records are confidential between the consumer and the entity (be it a doctor, airline, bank or telephone company). As the individual who wants to present this information to a judge and jury, you should ask yourself how it has been obtained and whether you will find yourself (and your client) in hot water.
For example, would you like to be featured in a news article like this one? According to the article, an attorney (who is himself a former U.S. District Judge) allegedly hired a private investigator to obtain phone records. The investigator subcontracted the work to a data broker who contacted AT&T and used a “pretext” to illegally obtain the subject’s phone records. A “pretext” is a lie, a falsehood – using information you do have to obtain information you are not supposed to have. If you have ever called your bank, you know they verify your identity with information such as your social security number or mother’s maiden name. This information is often widely available or can be easily obtained by a knowledgeable private investigator. This is the type of information used by data brokers and others to trick phone companies, banks, health care providers and others into giving them confidential information.
Several federal and state laws prohibit pretexting to obtain private information. The three most well known laws concern credit information (Fair Credit Reporting Act), telephone records (Telephone Records and Privacy Protection Act of 2007), and private information held by financial institutions (Gramm-Leach-Bliley Act). In addition to those laws, the Health Insurance Portability and Accountability Act (HIPAA) and California Confidentiality of Medical Information Act protects individuals’ medical information from being released to anyone but the individual.
There are a multitude of information brokers – companies offering to obtain private information regarding a person – advertising their services online. The offered information includes bank and brokerage accounts, employment information, and even medical care such as where they have obtained treatment, the dates of treatment, where they may have had radiological scans, what pharmacy they use, and the list goes on. Recently, several medical centers across the country have revealed that employees improperly accessed thousands of patient records. Last week, an employee of a medical center in New York was indicted for selling patient records for as little as $3 per record. These breaches are far different from the cases where a hospital employee illegally accessed the information pertaining to a celebrity out of curiosity or to sell the information to a tabloid. In the recent cases one wonders what the employees did with the information: sell to the highest bidder? Perhaps the employees were paid to violate the patient privacy to provide the personal information to online information brokers.
Utilizing the services of an information broker to obtain private information about someone is tempting, especially in the context of a lawsuit. After all, who doesn’t want that Perry Mason moment in court or to be able to wrangle a settlement by simply showing the other side just what you know about them?
You may believe if an online company is offering to obtain information about someone, they have to be obtaining that information legally, right? How could a company get away with offering to obtain information to help you win your case if it is illegal to obtain that information? The website would be shut down by a state or federal agency if they were coming by the information in a manner that violates privacy laws, right? Unfortunately, illegal operations can run for some time before they are shut down. Law enforcement agencies nationwide do not have the manpower to squash every criminal website as it springs up. Investigations take time – the Federal Trade Commission conducts sting investigations on these companies to make sure they are not obtaining the information illegally. Some companies have been fined and prohibited from further illegal conduct. But, like some unscrupulous debt collectors who work out of fly-by-night telephone banks which cannot be traced to a single person, these groups can be difficult to pin down and eliminate. There are also plenty of unscrupulous information brokers willing to take your money and leave you holding the potential liability.
The federal government has been taking some hard looks at data brokers. In 2014, the FTC demanded “transparency and accountability” in a report calling on Congress to legislate this industry. The Data Broker Accountability and Transparency Act has been proposed several times, most recently in 2015. If passed, this Act, among other things, would explicitly prohibit data brokers from utilizing pretexts as a means to obtain information.
If you contact the information broker, assuming someone even answers the telephone, and ask them how they go about obtaining the information you will likely get a response along the lines of “Oh we just call them and they give us the information” or “We can not tell you that as we use our proprietary methods and years of experience in this field to get the information. If we told everyone that information, we would be out of business.” Two important questions to ask are 1) whether they abide by the Gramm-Leach-Bliley Act and/or other federal or state laws in obtaining the information; and 2) whether they would provide you with a declaration to that effect as well as defend and indemnify you if you get sued for using information they provide you?
If you are a California lawyer, you are familiar with California Rules of Professional Conduct 3-110 which has been interpreted to include a duty to supervise subordinate attorneys and non-attorney employees or agents. Contracting out the investigation to a data broker or online information broker without further inquiry or supervision may land a lawyer in an ethics inquiry.
As private investigators, we are frequently requested to find information about the opposing side in a lawsuit or to conduct background or asset searches. It is a service we routinely provide to our clients and one we carefully conduct within the confines of the various federal and state laws. Obtaining the information sometimes requires creativity and perseverance. For instance, conducting surveillance to determine where a person is working or conducts their banking, or reviewing prior lawsuits and bankruptcies to identify possible medical providers that could then be served with a subpoena. Granted, these methods will cost more than the bargain of $19.95, but you will know that your agent did not break any laws in obtaining the information, it will be admissible in court and will not be subjecting you to possible ethical complaints, malpractice complaints or being conflicted off a case and losing a client.
This article is for educational purposes only and is not intended to constitute legal advice.