Florida investigator Brian McGuinness, Vice President of the National Council of Investigation and Security Services, testified before the Subcommittee on Social Security of the House Ways and Means Committee on June 15, 2004.  The subcommittee is chaired by Representative Clay Shaw, R-FL, author of HR 2971, the bill under discussion.  The bill is entitled the Social Security Number Privacy and Identity Theft Prevention Act of 2003.  Mr. McGuinnessĺ─˘ testimony can be reviewed by going to the NCISS website at, and clicking on the Legislative page.


Subsequently, the Subcommittee has submitted additional questions to Mr. McGuinness and NCISS.   Following are those follow-up questions and the answers submitted for NCISS by Brian McGuinness:


1. How many states do not have a specific licensing requirement for private investigators?  For those states that do have licensing requirements, how uniform are those requirements?  Describe the oversight performed of licensed investigatorsĺ─˘ activities?  What would prevent an investigator from becoming licensed, or having a license renewed?


Response to Question One

There are currently seven states that do not require licensing of private investigators.  In my state of Florida investigators are subject to extensive criminal history background checks.  We are stringently regulated with requirements for records retention, insurance, training (if armed) and subject to disciplinary action.  The Department of Agriculture and Consumer Services takes its job seriously.  Requirements do vary among the states but include background checks.  Details about the various requirements may be found through the website of the International Association of Security and Investigative Regulators at  As in my state, investigators are subject to penalties including the loss or suspension of a license.  Serious violations of state regulations would prevent an investigator from renewing a license.  Mandatory background checks prevent unqualified applicants from obtaining one.  Let me add that there are very few instances of private investigators misusing identifying data.  As proposed, the restrictions on our ability to access critical information puts the public at far greater risk than do the handful of cases where an investigator may have inappropriately used the data.


 2.   You mentioned that information providers audit the users of the data to ensure compliance with their contract (i.e., that the data is being used only for purposes authorized under the law).  Do both licensed and unlicensed private investigators have access to credit header data?  What percent of transactions would you say information sellers audit?  How many times have you been audited?  What checks are there in the system to prevent a private investigator (licensed or unlicensed), or a member of the staff of a private investigator, from accessing credit header information for an unauthorized purpose?



Response to Question Two

We are not aware that the bureaus publish the number or extent of their audits.  I have never been audited personally, but some of our members have and report that TransUnion, for example, has conducted stings to verify our members comply with the requirements to know their client and verify the purpose for which a report is used.


3.  You recommended deletion of section 108 of the bill, which would authorize the release of SSNs by credit bureaus only under the terms required for a full consumer report.  That provision in the bill is not the jurisdiction of this committee, but rather the Committee on Financial Services.  However, we are interested in hearing your feedback about the provision.  Since the billĺ─˘s provision only restricts release of the SSN, why couldnĺ─˘t other parts of the credit header, like name, address, and telephone number still be used to locate witnesses?  In what percent of cases overall is the SSN needed to help differentiate between records?  Rather than eliminate the provision altogether, is it possible to modify it in a way that balances SSN privacy with necessary uses?



Response to Question Three

With regard to jurisdiction, we realize that any changes to the FCRA would be done by the Financial Services Committee, however, though you are not representing that Committee, Chairman Shaw is the author of the bill and we presume would have the authority to make recommendations for amendments.  Because HR 2971 has been referred to multiple committees we expect that the vehicle that will ultimately be considered on the floor would in all likelihood be the product of a negotiation among these committees and the House Rules Committee.  Recommendations of the sponsor and the Ways and Means Committee will be important.


Name and address information is not sufficient to assure that an individual is the person whom we are attempting to locate.   The Social Security Number is essential for distinguishing among numerous people with the same name.  In many instances we are seeking persons who share a name with thousands.  Even if we had John Smithĺ─˘s birth date it wouldnĺ─˘t be sufficient because he would share it with many other John Smithĺ─˘s.


There are two ways requests for credit header information is made:


One is by submitting a social security number to the credit bureau provider.  While that appears to be permissible under the current structure of Section 108, under Section 107 (a), it would be unlawful for an investigator acting as a Consumer Reporting Agency to submit a social security number to the provider or anyone.  Under the Fair Credit Reporting Act, and pursuant to the Federal Trade Commission, investigators conducting investigations for a ĺ─˙permissible purposeĺ─¨ are considered to be Consumer Reporting Agencies.  A substantial percentage of investigations by our members fall under the purview of the FCRA.


It should also be pointed out that the credit bureaus only sell header information to entities with whom they have contracted and who have executed those contracts which contain detailed limitations on the way that information may be used.   I am unaware that credit headers are being sold directly to the general public.


Investigators are also required to indemnify the provider unconditionally for any liability incurred or alleged.  The contracts spell out that the providers will conduct periodic reviews of ĺ─˙subscriber activityĺ─¨ and random audits.  Violators are subject to termination of the account, legal action and being reported to federal and state regulatory agencies.


The second way header information is requested is by submitting a name and date of birth to the provider.  However, under Section 107 (b)(1), the provider would be prevented from providing the social security number to the investigator thereby preventing a positive identification cross check.


With regard to modifying Section 108, that could be done by inserting exemptions.  However, we feel it should best be eliminated. 


Following are our suggestions for amending Section 107:


In section 107, after (c) strike (A)and insert the following new subsection:



(i) to the extent necessary for law enforcement, including (but not limited to) the enforcement of a child support obligation, as determined under regulations of the Attorney General of the United States issued under section 205(c)(2)(I);


(ii)  if the display, sale, or purchase of the number is for a use occurring as a result of an interaction between businesses, governments, or business and government (regardless of which entity initiates the interaction), including, but not limited toĺ─ţ


(I) For use in connection with any civil, criminal,  administrative, or arbitral proceeding in any Federal, State, or local court or agency or before any self-regulatory body, including the service of process, investigation in anticipation of litigation, and the execution or enforcement of judgments and orders, or pursuant to an order of a Federal, State, or local court, or



`(II) the prevention of fraud (including fraud in protecting an employee's right to employment benefits);


`(III) the facilitation of credit checks or the facilitation of background checks of employees, prospective employees, or volunteers;


`(IV) the retrieval of other information from other businesses, commercial enterprises, government entities, or private nonprofit organizations; or



4.  You said you believe Congress should spell out all the appropriate uses of SSNs in the private sector, rather than allow the U.S. Attorney General to provide exceptions through regulations to the billĺ─˘s prohibitions on sale, purchase, and display of SSNs to the general public, as HR 2971 requires.  The activities you listed that private investigators provide are laudable.  Why do you believe that you would not be able to convince the U.S. Attorney General during the process of developing and receiving comment on regulations that the SSN is needed for these purposes and that the costs do not outweigh the benefits?



Response to Question Four

HR 2971 includes several exceptions to the restrictions on the use of SSNs in Section 107.  These include exceptions for law enforcement, child support, national security, public health, emergencies, and research and where the Attorney General determines appropriate.  We believe investigations in anticipation of litigation, due diligence, insurance claims, civil and criminal fraud, criminal defense, identity fraud, stalking and other violations of law are just as deserving of exception.  Not clearly listing these investigations in the statute sends a message to the Department that they are of less concern to Congress.  Our industry has had recent experience with administrative interpretations of statute.  Until corrected by statute last year, the Federal Trade Commission had interpreted the Fair Credit Reporting Act to require the consent of employees suspected of workplace misconduct before we could institute an investigation!  We want to avoid repeating that experience.