Are Data Firms Getting Too Personal?
| About This Series |
| PART ONE: New "data warehouses" have an unprecedented ability to compile personal facts about ordinary people for marketers and others, raising concerns about individual privacy. Part Two: Electronic versions of public government records have become an increasingly valuable source of information for businesses, fueling a debate over the proper use of such data. Part Three: A growing army of angry consumers is fighting back against data collectors in an effort to regain control of their personal information. |
By Robert O'Harrow Jr.
Washington Post Staff Writer
Sunday, March 8, 1998; Page A1
CONWAY, Ark. You've probably never heard of Acxiom Corp., a giant information service tucked near the rolling Ozark foothills. But chances are that Acxiom knows quite a lot about you.
Twenty-four hours a day, Acxiom electronically gathers and sorts information about 196 million Americans. Credit card transactions and magazine subscriptions. Telephone numbers and real estate records. Car registrations and fishing licenses. Consumer surveys and demographic details.
What Acxiom does is perfectly legal bringing together an array of facts from scattered sources. But the phenomenon known as "data warehousing" or "datamining" represents yet another example of how traditional notions of personal privacy have become obsolete, outstripped by technology's ability to peer into personal lives.
In a flash, data warehouses can assemble electronic dossiers that give marketers, insurers and in some cases law enforcement a stunningly clear look into your needs, lifestyle and spending habits. And without aggressive action to preempt the companies, individuals have no control over facts that are gathered and disseminated about them.
The explosion of data warehousing has sharpened the ethical, legal and political questions about an individual's right to privacy in an increasingly open society.
Access to minute details about prospective customers was once just a marketer's dream. Now, privacy advocates believe the fulfillment of that dream represents an unprecedented intrusion into individual lives.
"The whole thing is scary," said Jim Settle, former supervisor of the FBI's National Computer Crimes Squad and now a security consultant in Fairfax. "It's not the government you need to worry about. It's private industry."
Acxiom often can determine whether you own a dog or a cat, enjoy camping or gourmet cooking, read the Bible or lots of other books. It often can pinpoint your occupations, the car you drive, your favorite vacations. And by analyzing the equivalent of billions of pages of data, it often projects for its customers who should be offered a credit card or who is likely to buy a personal computer.
Some believe this new power is fundamentally benign and ultimately benefits consumers by allowing quicker loan approvals and fewer annoying direct mail pitches.
"The data has always been there," said Donald Hinman, an Acxiom executive. "It's just that now, with the technology, you can access it."
Acxiom is a leader among hundreds of companies around the country that now maintain vast electronic reservoirs. These companies include retailers like Sears, Roebuck and Co., gift shop chains like Hallmark Cards Inc. and insurance companies like Allstate.
Data warehouses glean much of their information from consumers themselves, who often don't realize that the facts they provide in credit card applications or at the checkout counter are valuable commodities in this new age of information trading.
Firms like Acxiom are under few obligations to divulge their files to consumers, and state and federal lawmakers are only beginning to address some of the privacy questions raised by aggressive data gathering.
Although banks and retailers have long kept files on customers, few have had the technological capability to sort information from various sources everything from government records to magazine subscriptions to produce a clearer picture of their patrons.
"Technology has been the enabler," said Hinman, who likens the advances to the invention of the printing press. "Today it's almost unbounded, our ability to gather, sort and make sense of the vast quantities of information."
The number of data warehouses, large and small, using faster computers, the Internet and other networks now exceeds 1,000, a tenfold increase in five years. Only a few such as Metromail Corp. and R.L. Polk & Co. have grown as large or powerful as Acxiom.
"They have gone on an information collecting binge," said Charles Morgan Jr., Acxiom's chief executive, describing the datamining explosion. "There's just this insatiable appetite for more information to make better decisions."
Privacy anxieties have drawn the attention of legislators and regulators in Washington and across the country. New federal restrictions on the use of credit reports and driving records took effect last fall; the federal Department of Health and Human Services recently made recommendations about the use of personal health information.
The Clinton administration has pressed companies using the Internet to disclose more about their information gathering. And last year, the number of privacy bills introduced in state legislatures topped 8,500, according to an analysis by StateNet, which tracks legislation.
In Virginia, for example, legislators are considering sharper restrictions on pharmacies concerning the use of prescription information. And the U.S. Senate two weeks ago began considering several bills that would reinforce medical privacy protections.
But privacy specialists say such scattershot efforts lag far behind the race to build larger, faster data repositories.
"We have witnessed an enormous transformation in information collection and use, without any of the concomitant political debate," said Joel Reidenberg, a Fordham University law professor and author. "This stuff has dramatically increased and changed, largely hidden from public view."
Web of Information
The surge in aggressive data gathering is obvious to anyone who has cruised the Internet lately, although no one really monitors precisely how such information is used.Sites on the World Wide Web now track visitor meanderings, using the information to target advertising online. Many also solicit names and other personal information from computer users details that are sometimes matched to files kept in data warehouses.
One New York clothing company targets children on the Web, asking for names, ages, addresses, genders and hobbies in exchange for a "Jet Set button," according to Shelley Pasnik, director of children's policy at the nonprofit Center for Media Education, a group pressing for regulation to control marketing to children. Pasnik said countless Web sites are "preying on children's desire to fit in and be cool."
Credit reporting is a booming business, but officials at the country's big three credit bureaus Experian Inc., Equifax Inc. and Trans Union Corp. declined to divulge just how many credit reports they issue. They say such information could help their competitors.
Associated Credit Bureaus Inc., a Washington-based trade group, estimates that 600 million reports were sold last year, a 25 percent jump since 1991. These reports typically contain a person's name, age, Social Security number, past and current addresses, as well as information on credit and payment histories.
There also has been an uncharted increase in the number of World Wide Web sites selling reports with personal data that helps locate individuals, evaluate them for jobs or bolster legal cases against them. These details frequently are culled, legally, from credit reports.
Jack Reed, chairman of Information Resource Service Co., estimated that his firm is one of several thousand up from several hundred a few years ago now making such information available. His company's sales of reports tied to Social Security numbers have more than tripled since 1990 to 25,000 a month. Like some other large information services, Reed said, IRSC sells data only to clients who dial in directly.
A newcomer to this field is Discreet Research, a small Tamarac, Fla., operation. Discreet's home page on the Internet recently showed an eye peering through a peephole.
Discreet offers a "disguised free gift packaged" phone card that can be given to individuals a customer wants to track. The card secretly generates a report of telephone numbers the user dials.
Discreet also boasts of "fast turnaround" on requests for personal data. In a demonstration, owner David Muskowitz took about two minutes to find a caller's Social Security number, including the time required to correct a typing error.
"We're just trying to do a professional job," said Muskowitz, who gathers much of his information by paying a modest monthly fee for access to the files of information brokers. Tina Furlow, an assistant Florida attorney general, said, "We definitely are looking into this."
There are few laws restricting the collection and sale of most personal data, and federal agencies have stressed self-regulation and greater disclosure of data gathering.
The Direct Marketing Association, a trade group whose members rely on marketing research, recently announced that starting in 1999, its members will be required to publicly disclose how they gather and use data.
But such disclosure has its limitations. Acxiom officials, for example, will discuss how the company gathers information. But they say it is technically impractical to allow individuals to see their files.
Acxiom doesn't typically provide reports on individuals. Rather, it identifies thousands or millions of people at a time who fit particular profiles: for instance, people of a certain age or weight who read certain magazines, drive certain cars or use certain credit cards could all get personalized promotions from a vacation company.
Acxiom's files also can be used to weed out people who lie when, say, applying for car insurance. An insurer could send a batch of 100,000 applications to Acxiom, which would then match its store of data about applicants with what the individuals reported to the insurance company.
The company does allow people to opt out of its databases, but fewer than 300 people had done so by the end of last year, according to Jennifer Barrett, Acxiom's group leader in charge of privacy issues. Barrett believes that is because the company does not abuse information. "The real issue is not what information is collected on you," she added, "it's how it's used."
But Leslie L. Byrne, the former director of the U.S. Office of Consumer Affairs, offered a different explanation. "In my travels," Byrne said, "most people don't have a clue what's being gathered about them."
That obfuscation is sometimes intentional, according to Maryalice Hurst, former chairman of the Direct Marketing Association's ethics committee. Some companies "go behind the customers' back to acquire what they know the customer wouldn't give them," Hurst said. "Datamining is just another word for using information the customer doesn't understand you have."
"The government has to start thinking about the kinds of requirements for disclosures that should be made by information-collecting companies," said Paul Schwartz, a University of Arkansas law professor and privacy specialist. "Consumers are not getting a voice."
Convenience vs. Privacy
Americans are deeply ambivalent about all of these developments, even as they have grown to depend on the convenience electronic networks and databases offer.Data warehousers contend their techniques already have improved customer service by insurance firms, banks and department stores. When a customer calls, a company can "flood" the computer screen with personal information, offering "one-on-one" service, according to Neil Mendelson, director of data warehousing for software firm Oracle Corp. "What we're going for as an industry is 'a segment of one,' " Mendelson said.
But these benefits haven't quelled public anxiety about privacy erosion. In a 1996 survey by Louis Harris & Associates for Equifax Inc., a major credit bureau, almost 9 of 10 respondents voiced concern about privacy threats. In another Louis Harris survey conducted last year for a privacy research group, 8 of 10 computer users agreed that "consumers have lost all control over how personal information about them is circulated and used by companies."
At Acxiom, officials acknowledge that many Americans are unnerved by the growing capacity to gather and manipulate personal data. "My mom says I work for Big Brother," joked spokeswoman Marice Gardner.
But Hinman insists that rigorous self-regulation by companies has minimized abuse.
Acxiom also touts its prowess. A database query that took six minutes on a giant mainframe computer in 1994 now takes 19 seconds. Officials just announced they will soon be able to deliver massive amounts of data to customers over the Internet in a few hours something that now takes up to a week.
The value of such computing power was illustrated in the recent sale of Experian, a giant credit bureau and information services company formerly known as TRW Information Systems & Services. It sold for more than $1 billion in the fall of 1996. Seven weeks later, it was resold for $1.7 billion.
Analysts at the META Group estimate that the money spent on building and maintaining data warehouses will increase from about $2 billion in 1995 to more than $10 billion in the year 2000.
"Our economy is not simply supplied by information, it is fueled by information," D. Van Skilling, Experian's chief executive, said at a conference last fall. "I believe we are at the beginning of a great new era."
Industry officials say companies also will find ever more clever ways to use data. Oracle's Mendelson, for example, predicts that companies will use databases to court friends and relatives of their most profitable customers.
Members of a customer's "circle of influence" perhaps a mother or best friend could be targeted by an airline and offered perquisites to build customer loyalty, he said.
Other predictions go beyond marketing. With improved access, heart patients will be able to go online to compare track records of heart surgeons, or drivers will be able to get maintenance records of automobile dealerships, according to Michael J. Saylor, president of MicroStrategy Inc. in Vienna, a leading producer of warehousing software.
"There are all sorts of instances like that in which you are mining for some tidbit of information," he said.
For now, Acxiom, whose revenue has grown from $91 million to $402 million over the past five years, remains focused on compiling information about people and getting it to companies as quickly as possible.
After more than two decades of gathering facts, it has 350 trillion characters of consumer data in its computer library. That includes motor-vehicle registrations from 34 states, real estate records from 41 states, reverse telephone records from 1,100 communities and millions of credit card transactions.
It has access to legal marketing information from credit reports, including Social Security numbers and addresses, because it is partly owned by Trans Union and manages Trans Union's files.
And twice a month, it receives every change of address filed with the U.S. Postal Service. Acxiom recently bought a share of Bigfoot Partners, a New York firm that maintains e-mail addresses and specializes in direct marketing on the Internet.
This spring, Acxiom customers will be able to buy access to its data storehouse via the World Wide Web.
"It's going to let a lot of smaller companies have access to the same things the very biggest guys have got," Morgan said. "It's just going to be a dramatic change."
© Copyright 1998 The Washington Post Company
ncG1vNJzZmivp6x7uK3SoaCnn6Sku7G70q1lnKedZMSxedKrrWieoqS6sbvSrWammaKYtXqEjqmpoq6RmMZ5esetpA%3D%3D