How We Think About Privacy

Of the seemingly infinite number of possible online searches, fully 30% are for people, giving birth to a people-data brokerage industry that generates about $20 billion annually. With so much at stake in a context of rapid development, it’s easy to see how privacy laws and protections often lag behind technology and business practice.

PeopleSmart takes the long-term approach, seeking to not only exceed legal requirements, but also do our best to meet our users’ privacy expectations. We strive to treat customers honestly, build high-quality products, and protect privacy. Learn more about our core values here. We’re also constantly refining and improving our privacy protections and transparency.

Below you’ll find answers to frequently asked questions about our privacy policies.

• What is PeopleSmart?

  PeopleSmart is a public records company with access to 14 billion public records covering property, finance, marriage, birth, crime, courts, and more. Hosted on our proprietary STORM platform, PeopleSmart helps users safely and conveniently find and learn about people, for everything from looking up friends for a class reunion to accessing court records. Our users are professionals from the legal, marketing, and real-estate industries, as well as long-lost friends, significant others, and family members.

• What laws apply to PeopleSmart?

  Many laws govern privacy, thus a diverse legal spectrum applies to PeopleSmart. Here are some important restrictions:

  • The FTC Policy Statement on Deception bans deception, defined as a representation, omission, or practice that is likely to mislead consumers acting reasonably, to the consumer’s detriment.
  • Section 5 of the FTC Act says, "unfair or deceptive acts or practices in or affecting commerce are … unlawful."
  • The Fair Credit Reporting Act (FCRA) regulates "any information" that bears on a consumer's "credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living," and is "used or expected to be used or collected in whole or in part" to help establish eligibility for credit or insurance.

  PeopleSmart complies with the first two guidelines by clearly stating what information we have and avoiding unfair or deceptive practices. We advertise the information we own and explain how our information can be used. We also do not provide FCRA information; instead, we link to sites that do. We also have a 100% Satisfaction Guarantee, and refund users unable to access information.

• I have read about "privacy frameworks." Which ones relate to PeopleSmart?

  At least three:

  • The FTC consumer privacy framework recommends that people search companies identify and describe themselves, that users be permitted to correct and delete their information, and also calls for more industry-led consumer education.
  • The White House has advocated for a Consumer Privacy Bill of Rights, identifying "…a need for transparency to individuals about how data about them is collected, used, and disseminated and the opportunity for individuals to access and correct data that has been collected about them.”
  • The Department of Homeland Security's Fair Information Practice Principles promote "mechanisms for appropriate access, correction, and redress" of personal information.

  We follow these recommendations by allowing users to manage and opt-out their information, describing who we are, and providing privacy education.

• Your site says you are "privacy friendly." What does that mean?

  We strive to be ahead of the curve and make privacy protection a core component of our products. We allow users to remove or manage their information on our sites, free of charge. Our removal and editing process is simple, online, and permanent. We allow members to cancel memberships and offer refunds to dissatisfied customers.

  Our products explain our records' origins. For example, in a criminal records check, we define the states, counties, databases (e.g., Statewide Felony, Misdemeanor and Traffic, etc.), and years searched. We do not sell search or usage information about our users. We are careful when using social networking sites like LinkedIn or Facebook; we enable results when a user authenticates within a social networking site, but we never "scrape” data from them.

  We do not sell information about celebrities or public figures. We never disclose salary, Social Security Numbers, or religious information. Finally, we protect data by physically securing our servers and encrypting sensitive information.

• Some Internet companies have shady dealings with other companies. Does PeopleSmart?

  We are proud of our partnerships. Our parent company, Inflection, is in two policy groups organized by the Center for Democracy and Technology: the Digital Due Process Coalition and the Internet Privacy Working Group. Inflection is also a member of the International Association of Privacy Professionals (IAPP) and the Direct Marketing Association (DMA). We adhere to DMA guidelines stating that third-party sellers must describe "the goods and services being offered and all material terms of the offer." Our buttons clarify the buttons purpose, using words like "buy," and when we offer an extra product or deal we give customers a chance to say no rather than burying charges in our legalese. We also work with PrivacyChoice to enhance our IdentitySmart product.

• Overall, how does PeopleSmart think about privacy?

  The technological problem of privacy is that information about people often moves and is traded, sold, or displayed without concern for social, ethical, and legal norms. Rather, technological feasibility often dictates how information is moved, sold, and used . Thus, rational privacy decision-making is quite difficult. People simply cannot process all the privacy choices involved in being online. In the face of this uncertainty and confusion, we expect our legal and social framework to predict how information is collected and used. But our expectations are often misguided. Helen Nissenbaum, a privacy expert and computer scientist at NYU explains the problem thusly: "When the flow of information adheres to entrenched norms all is well; violations of these norms, however, often results in protest and complaint."

  Knowing this, we use information in line with societal privacy expectations. While we are eager to make the most of what is technologically possible, we also consider how users will feel when using our products and what they expect. Good questions to ask are:

  • How would I feel if my friends used PeopleSmart?
  • How do people expect their information to be displayed and offered?

  People expect control of their information, expect their religion or salary to be confidential, and expect charges to their credit card to be obvious. Likewise, false advertising, giving out false information, and not allowing someone to correct false information about them violates our users’ expectations. We build our products based on these expectations. Social expectations also govern our sources, as we distribute public records; our view is that scraping and selling information from a private, personal profile (e.g., Facebook or Twitter) does not follow our social expectations.

• What could improve privacy in the people search industry?

  In a general sense, courts, legislatures, and regulatory agencies can continue to apply laws with current and future technology in mind; educate consumers and industry leaders; and punish companies that violate privacy laws. Already, courts have held data brokers accountable for breaking the law, and the Supreme Court bolstered the Fair Credit Reporting Act (FCRA) by finding that a defendant violates the Act if they willfully fail to comply with it. The FTC has also recently brought charges against companies that violated users' privacy and broke FCRA violations, which is encouraging. In addition, the FTC has shown exceptional energy and done important work by educating and protecting consumers and leading industry discussions. We fully support this work.