On May 7, the FTC released letters it sent to 10 data brokers warning that certain of the brokers’ practices could violate FCRA privacy protections. The announcement states that data broker companies that collect, distribute or sell information about consumers’ creditworthiness, eligibility for insurance, or suitability for employment are subject to FCRA, and as such, have an obligation to reasonably verify the identities of their customers and make sure that customers have a legitimate purpose for receiving consumer information. The letters were issued pursuant to an FTC “test-shopping” operation as part of an international privacy practice transparency sweep conducted by the Global Privacy Enforcement Network. The operation and subsequent warnings letters are the latest move by the FTC to address data broker compliance with FCRA. Last year, the FTC ordered certain data brokers to produce information about their collection and use of consumer data and announced at least one settlement with a data broker regarding FCRA compliance. However, the letters do not constitute an official notice that the companies are subject to FCRA or act as formal complaints, but rather “remind” the companies to review their practices to determine whether they are consumer reporting agencies subject to FCRA.