Federal Trade Commission Workshop, held March 13, 2001
600 Pennsylvania Ave., N.W., Washington, D.C. 20580
Privacy Rights Clearinghouse
3100 - 5th Ave., Suite B
San Diego, CA 92103
Phone: (619) 298-3396
Web: www.privacyrights.org
Submitted April 30, 2001
Topics covered in these Comments:
- Background
- Introduction
- Consumer surveys
- Product registration forms
- Supermarket loyalty club programs
- "Invisible" data capture
- Financial "supermarkets"
- Marketing solicitations
- Secondary uses of consumer data
- Conclusions: observations and recommendations
On behalf of the Privacy Rights Clearinghouse, I appreciate the opportunity to comment on a topic that I have long observed to be of key concern to consumers - the compilation and exchange of data captured from consumers when they participate in the marketplace.
Background
Since the mid-1990s the Federal Trade Commission (FTC) has held numerous workshops and conducted important surveys on privacy in the online arena. The FTC has taken significant strides in bringing these issues to light and in framing the public policy debate. I am pleased that the FTC is now taking up the issue of offline consumer privacy issues.
The Privacy Rights Clearinghouse (PRC) is a nonprofit consumer information and advocacy program based in San Diego, California. We were established in 1992 with a two-part mission -- consumer education and public policy advocacy. Over the years, we have been contacted by tens of thousands of consumers who have registered their complaints about privacy abuses and have sought information on how to safeguard their privacy.
Our many fact sheets provide practical information on steps consumers can take to limit how their personal information is collected and used as a result of their participating in the marketplace. These consumer guides as well as the transcripts of our public policy comments and testimony can be found on our web site.
Introduction
My comments will focus on what we have learned from consumers' complaints and questions. As a general observation, we have received far more complaints and questions about offline or "real-space" privacy matters than we have about online privacy. During our early years, unsolicited mail was the number one topic of complaint to our hotline. Telemarketing followed closely behind. In recent years, the topic of identity theft has overtaken complaints about "junk" mail.
At first glance, it might appear that these topics -- unsolicited mail and identity theft -- have little in common with each other. But when considered in the context of control, they are not as far apart as they might seem. The definition of privacy that the PRC uses is the ability to control what is done with one's personal information. I believe the reason that we have received so many complaints about unsolicited mail is because it represents a lack of control of the consumer's name, address, and demographic profile.
Consumers who have contacted us express considerable frustration at not being able to control the use of their personal information. In some cases they have made several requests of the mailer to be taken off the mailing list, to no avail. Identity theft is also a control issue. Victims of this crime have no control over access to and uses of their Social Security number and other identifiers used by criminals to commit identity theft.
Note regarding usage: I have chosen to use the term "data" as singular rather than plural in order to avoid awkward phrases such as "data are..."
The following comments are provided in response to selected questions listed in the FTC's Federal Register notice.
What kinds of consumer information do businesses purchase, sell or exchange to create profiles and what are the sources of that information?
What types of notice have businesses provided to consumers regarding various kinds of data merger and exchange activities?
I will answer both of these questions together. The Comments will be limited to ways in which companies obtain information from consumers that is subsequently entered into data bases, merged with other data sources, and sold for a variety of marketing purposes.
Consumer Surveys
A great deal of consumer profile data is gathered from individuals who fill out consumer surveys. Attached are two such surveys (Attachments A and B). Individuals receive such surveys by mail, either mailed to a named individual or sent to "resident." Sometimes they are included among the free-standing coupons that are delivered with the Sunday newspaper.
Attachment A is "The National Consumer Survey." The incentive given consumers to complete the survey is the chance to win a prize in a sweepstakes. It appears that the survey is conducted by Experian. It is essentially the same as the surveys conducted in previous years by Metromail, which Experian purchased in 1997. Experian is named on page one, and is also listed in the fine print that explains the sweepstakes rules.
I was not able to find an "opt-out" box to check anywhere on the three-page survey. The top of page one contains a notice stating, "Information you provide may be shared with reputable organizations whose products or services may interest you. You will also be included in a preferred group that is eligible to receive free samples, coupons and other special offers. You must be 18 years or older." Although it is not clear, I interpret this to mean that individuals who complete the survey will have their names, addresses, and profile data sold (or more accurately, rented) to companies who will then send them solicitations for products and services.
The survey collects a great deal of detailed information:
- Products purchased, such as soft drinks, face soaps, and pet food.
- Leisure activities such as gambling, outdoor recreation, and travel. Also, reading preferences, music tastes, and items collected by household members.
- Technology tools used by the household such as computers and Internet access.
- Family and home information such as education level, home construction plans, automobile insurance carrier, whether anyone in the home smokes or is in a weight loss program, the professions of household members, number of people in household, birthdates of household members (month and year), whether anyone is pregnant in the home, ages of children and grandchildren, and preferences for charitable donations.
- Automotive-related questions including car makes, models, and years, and purchase plans for the next year.
- Last, but not least, health information about the household. The respondent is asked to check whether someone in the household has any of 20 ailments, including Alzheimer's, angina, bladder control problems, diabetes, epilepsy, high blood pressure, Parkinson's, or prostate problems. That question is followed by a list of 25 prescription medications that might be used by household members, including estrogen replacement, lipitor, oral contraceptive, paxil, prozac and zocor. The respondent is asked to provide information for three members of the household.
Attachment B is another widely disseminated survey, "Consumer Product Survey of America." It appears to be distributed by mail to "resident" (Dear Shopper). The incentives to complete this four-page survey are a chance to win a sweepstakes prize, receive coupons and free product samples, and product information. (I assume the latter to be unsolicited mail.) The cover letter includes testimonials from individuals who have completed the detailed survey and have received valuable coupons.
To its credit, the letter explains that the recipient's responses will be shared with product developers to enable them to more successfully bring products to market. It is signed by Laura David. Near the end of the survey is an opt-out box that the respondent can check: "I would like to receive further mailings and offers that would be of interest to me...Yes or No." However, it is not clear who is the company that is conducting the survey. The survey is returned to the Consumer Research Center's Shopper's Voice division.
Like the Experian survey, the Consumer Product Survey of America collects extensive household information:
- Specific purchases named by brand and product name for bathroom tissue, paper towels, pasta sauce, stain removers, hair coloring, toothpaste, soap, dentures, pet food, feminine hygeine, auto insurance, and so on.
- Hobbies and leisure activities such as gardening, sports, reading, collectibles, music, and travel.
- Computer and Internet use.
- Use of health-related products such as brand-name pain relievers, asthma remedies, allergy and sinus remedies, acid and gas relief, diarrhea remedies, cholesterol-reduction drugs. The survey also asks if household members have such ailments as asthma, frequent headaches and migraines, bladder leakage, high blood pressure and diabetes. The survey even asks about child bedwetting. The respondent is asked to answer question about nutrition and diet, the use of vitamins, fat-free foods and the like.
- The survey inquires about occupation, whether the home is rented or owned, the types of investments engaged in, which credit cards are used. Other demographic information sought includes ages of all household members, marital status, income, and whether or not a business is operated from the home.
- A special section is devoted to cigarette smoking. It inquires about brand smoked, type smoked (for example, menthol) and exact birthdates of smokers. A signature of an adult smoker is required in order to be mailed cigarette-related coupons.
By filling out either of these surveys, a great deal of very specific consumer information is collected. The companies that compile this data can append other data to it, such as public records information and the aggregated demographics from the Census Bureau, making the profile even more robust.
Companies such as Experian and Acxiom then sell the profile data to entities who are marketing products and services to consumers. Acxiom states that its InfoBase List is a "multi-sourced file comprised of data from such sources as public records (county tax and recorder files) drivers license and motor vehicle registrations, phone directories, warranty cards (discussed below), consumer surveys (such as those described above) and consumer purchases. Acxiom states on its web site that is has compiled such demographics and lifestyle information on 100 million households, or 165 million individuals (See ) Experian's web site indicates that it has demographics and lifestyle information on a similar number of households (www.experian.com).
Product registration forms
Similar demographics and lifestyle information is collected about U.S. consumers on so-called product registration forms. When a consumer purchases an appliance, like a microwave oven, or a consumer electronics product such as a computer, camera, or CD/stereo system, he is likely to find a product registration form included among the documents packaged with the product. This form is typically a folding postcard, with survey questions on one side and a self-mailer on the other.
Two such product registration cards are attached to these Comments. Attachment C is a Product Information Card for Sharp microwave ovens. Attachment D is a Warranty Confirmation card for a powerstrip, the SL Saber Power Protection product.
The first six questions on such registration cards are usually dedicated to the name and address of the individual who purchased the product, as well as specific information about the product - essential data for the purpose of informing the company that the individual is now the owner of one of its products, and useful information for the company in case of a product recall. But the remainder of the card consists of a survey that asks the purchaser about his/her demographics and lifestyle characteristics, including:
- Questions about how the customer learned of the product and how it will be used.
- The number of people in the household, the respondent's date of birth, marital status, and occupation.
- The gender and ages of the children and other adults in the household, as well as family income level.
- Whether the residence is owned or rented.
- Types of credit cards used.
- And leisure-time pursuits such as travel, cooking, sewing, hunting, golf, entering sweepstakes, real estate investing, civic activities, and collectibles.
Clearly, none of this demographics and lifestyle information is necessary to register the product with the company. Yet nowhere on the two product registration forms that are attached, or on most other such forms that I have seen, is the individual told that providing answers to these questions is optional. Just the contrary. The words "Important! Important!" are emblazoned on the top of the Sharp Product Information Card (Attachment C). The Warranty Confirmation card for the Waber powerstrip, a $12 item, says "Important! Please complete and return within 10 days." The card also says that "Your prompt product registration confirms your right to the SL Waber Power Protection Promise available under the terms and conditions of your SL Waber warranty." The consumer is left with the impression that filling out the entire card is a condition of obtaining the warranty, whereas in reality, one's receipt is all that is needed to activate the warranty and receive a refund if the product should fail before the warranty period expires.
Such product registration cards are deceptive in another way as well. Most such forms, including Attachments C and D, are mailed to the product's brand name (Sharp, Waber) at post office boxes in Denver, Colorado. What most consumers do not realize is that the postcards are not really returned to the company that manufactured the product, such as Sharp and Waber. Rather, most such forms are mailed to a data aggregation company; hence, the similar post office boxes in Denver. The company that compiles many such product registration cards is Equifax, formerly known as National Demographics and Lifestyles. Equifax recently purchased the marketing data divisions of the Polk company (but not its automotive division).
I have long considered the collection of data via these so-called product registration forms to be an unethical practice of the direct marketing industry. A tremendous amount of highly detailed personal data is collected from unwary consumers who are led to believe that they are taking the important step of registering their product. The opt-out notices on such forms are usually written in vague terms. They are also printed in extremely small type, significantly smaller than the remainder of the form; and such notices are usually placed at the end of the survey, not at the top.
The opt-out notice on the Sharp Product Information Card (Attachment C) reads: "Thanks for taking the time to fill out this questionnaire. Your answers will be used for market research studies and reports. They will also allow you to receive important mailings and special offers from a number of fine companies whose products and services relate directly to the specific interests, hobbies and other information indicated above. Through this selective program, you will be able to obtain more information about activities in which you are involved and less about those in which you are not. Please check here if, for some reason, you would prefer not to participate in this opportunity. [box]" The box is particularly small, not much larger than the point of a felt-tip pen.
The opt-out statement on the Waber card (Attachment D) is even less illuminating: "Thanks for filling out this questionnaire. Your answers are important to us. Please check here [ ] if you do not want to learn more about SL Waber or obtain information on new and interesting opportunities."
Supermarket loyalty club programs
Most American supermarkets offer discount club card programs. Shoppers fill out an application form to receive a card that they then present to the cashier at the point-of-sale terminal. The barcode on the card is read into the computer, along with the barcodes of all of the purchases, thereby creating a database of each and every purchase made by the card-holder. A 1999 Los Angeles Times article stated that two-thirds of American households participate in such programs. (Stuart Silverstein, "What price loyalty?, Los Angeles Times, Feb. 7, 1999, p.C-1.)
Profiles of supermarket customers who faithfully use their club cards have the potential of being particularly robust. In addition to food goods, the modern supermarket sells alcohol, cigarettes, over-the-counter medications, pharmaceutical medications, books, magazines, videotapes (both sold and to rent), greeting cards, office supplies, among many other categories of products. It does not appear that the sale of supermarket customer profiles to third parties is a common practice. However, in 1998 news stories reported that the grocery chain Giant Food and the drugstore chain CVS made prescription information available to a third party, Elensys (now Adheris) which in turn sent reminders to customers to renew subscriptions on behalf of pharmaceutical companies.. The public outcry was vocal, and the companies quickly abandoned the practice. (Robert O'Harrow, "CVS also cuts ties to marketing service; like Giant firm cites privacy on prescriptions," Washington Post, February 19, 1998; Page E1.)
Although third-party dissemination of such data now appears to be limited, the potential to use data profiles for secondary purposes exists. This will be discussed in the following section of these Comments.
Examples of invisible data capture
In the previous examples, consumers consciously provide information to companies. Although they have difficulty controlling what uses are eventually made of such information, they are aware that they have at some point disclosed personal information. But there are some situations where information is obtained from consumers invisibly, and without their knowledge. I will discuss two such mechanisms here - "reverse appending" and "Automatic Number Identification." I will not discuss another largely invisible data capture method because it has been the subject of considerable analysis by the Federal Trade Commission - that being, data capture on the Internet.
Several years ago, the PRC learned of the practice of "reverse appending" from a consumer who worked extremely hard to reduce his unsolicited mail to nothing. When he received catalogs from well-known mail order companies after shopping in their bricks-and-mortar stores, he wanted to know how they could have been sent to him, given his extraordinary efforts to eliminate all unwanted mail solicitations. In tracing the catalogs back to their source, he learned of the practice of "reverse appending."
When he and his wife shopped at certain retail outlets that also had mail order services, they paid by credit card. Unknown to him at the time, the merchant stored his credit account number and those of other shoppers. It transmitted those numbers to a credit reporting agency which then attached the mailing address data to the account numbers - a process called "reverse appending." The enhanced data was sent back to the merchant's headquarters, and was used to subsequently mail catalogs to those individuals who were not already receiving their catalogs. When this individual confronted the merchants with his knowledge of their reverse appending practices, they acknowledged using these methods and promised to assess whether or not they would continue to do so.
I have not been able to determine if reverse appending is still used by merchants to identify their customer base and send catalogs and other solicitations to them. That is why I am not stating company names here. Regardless, reverse appending is a good example of how data can be compiled invisibly and without the customer's consent by their simply using their credit card to make purchases. The marketplace uses an increasingly sophisticated array of computer and telecommunications technologies to capture customer data and to streamline operations. As will be discussed in the Conclusions below, just because sophisticated technologies can capture customer data invisibly, is no reason that they should be used for those purposes.
Another example of invisible data capture is Automatic Number Identification, or ANI. When individuals place telephone calls to a toll-free number or to a 900 number, their telephone numbers are transmitted to the call recipient. If the recipient subscribes to an ANI service, it can capture the incoming phone numbers. In a process similar to that described in the reverse appending discussion above, additional data can then be appended to the telephone numbers, thereby enabling the company to obtain names, addresses and demographic data of those who place telephone calls to that company. Acxiom is one company that offers such a service. While "customer relationship management" is a prominent buzz-word used in business today, invisible data capture via ANI is an unethical means to build a company's data base.
Looking to the future - the customer profiles compiled by financial "supermarkets."
The federal Financial Services Modernization Act, also known as the Gramm-Leach-Bliley Act (GLB), enables financial institutions to affiliate with insurance companies and brokerage firms. (15 U.S.C. sections 6801-6810) The law requires financial institutions to provide their customers the ability to opt-out of the disclosure of customer data to third parties. But the law does not require that an opt-out opportunity be provided for affiliate sharing of customer data.
Therefore, financial "supermarkets" have the potential to compile customer profiles comprised of the records of all their affiliate companies. Consider the comprehensiveness and sensitivity of the data that can be compiled on customers when they transact business with their banks, credit card companies, stock brokers and insurance companies. The customer profiles that potentially can be created by these institutions are extraordinarily robust.
The GLB Act requires that financial institutions mail privacy notices to their customers describing how they can opt-out of third-party data disclosure. Companies have until July 1, 2001, to reach their customers with this information. The Privacy Rights Clearinghouse sponsored a readability study of 17 such notices, published in April 2001. Readability consultant Mark Hochhauser found that the average reading level of the notices analyzed to date is at the 3rd to 4th year of college. The notices use vague terms and long, convoluted sentences to explain customers' opt-out rights. (Mark Hochhauser, "Lost in the fine print: readability of financial privacy notices," posted in the PRC web site, April 2001.)
Unfortunately, few individuals are likely to take advantage of the limited opt-out right that they have been given by the law. And unless stronger legislation is passed, whether by Congress or by the states, financial institutions that affiliate with other companies will have an unprecedented ability to compile comprehensive data profiles on their customers.
I now turn to another question posed by the FTC:
How does the merger and exchange of detailed consumer data between companies affect consumers?
Marketing solicitations
The most common result of the compilation of data from consumer surveys, product registration forms, supermarket loyalty programs, and the like, is that consumers will receive mail and telephone solicitations. They will probably also receive e-mail solicitations if they've supplied their e-mail address when filling out any of the survey forms.
Some consumers will link cause and effect. In other words, they will know that their participation in such surveys is the reason they receive numerous mail order catalogs and "junk" mail ads. Many will not, however - the reason being that the explanatory information on such surveys and registration cards is either nonexistent or written in vague terms. Experian's survey form (Attachment A), for example, states: "Information you provide may be shared with reputable organizations whose products or services may interest you." The words "may" and "shared" do not adequately inform the survey respondent about what is done with their profile information.
"So, what's the harm of a little junk mail?" one might ask. "You can just throw it away." I've often heard this refrain from industry representatives at legislative hearings and regulatory agency workshops. I return to the Introduction to these Comments, and the definition that the PRC uses for privacy -- the ability to control what is done with one's information. It is difficult to turn off the solicitation flow once it has been turned on.
As I mentioned in the Introduction, the PRC receives many complaints from individuals who are frustrated that they cannot stop the flow of "junk" mail. The Direct Marketing Association provides a "do not solicit" service for both unsolicited mail and telemarketing calls. But these services have many shortcomings.
First, the Mail Preference Service (MPS) and the Telephone Preference Service (TPS) can only be contacted by postal mail. There is no toll-free number to call, or e-mail address to write. Web site registration is not offered Many consumers do not want to take the time to write a letter. They'd rather call or e-mail.
Second, knowledge of the MPS and TPS is not widespread. I am still surprised at how many people who contact us with complaints about "junk" mail and telemarketing calls do not know of these services. I am aware of a mid-1990s paper that reported about 50% of the populace having knowledge of name removal procedures, but I have not seen anything more recent. (Mary Culnan, "Consumer awareness of name removal procedures: implications for direct marketing," Journal of Direct Marketing, 9:2 Spring 1995, pp. 10-19.)
Third, the MPS and TPS options only last for five years. How many consumers will remember that they had better sign up for the MPS and TPS all over again in 2003 because it's going to run out? Few indeed.
Fourth, when one purchases an item from a mail order catalog, the fact that she is a recent user of a catalog is sold to list compilers and data aggregation companies whether or not she is already on the MPS list. Unless you tell the mail order company to not sell (or rent) your name to other companies each and every time that you purchase something, you will begin to receive catalogs and other types of solicitations anew.
Fifth, and in my estimation most significant, mailers and telemarketers are not required to tell consumers where they acquired their names and profile information. A common complaint to the PRC is that the individual who received the catalog, the ad, or the phone call, is not able to trace that solicitation back to the entity that collected and sold the information in the first place. The reason consumers want to be informed of the entity that sold or exchanged their name is so they can contact this company and tell them to no longer do so. There ought to be a federal law or regulation requiring entities who solicit consumers by mail or telephone (and now e-mail) to inform the recipients where they obtained their personal information. This simple requirement would give consumers considerable control over what is done with their personal information, especially in an opt-out environment.
I would add that "junk" mail can be harmful, despite the claims to the contrary by industry representatives. The PRC has received numerous complaints from individuals who have recently experienced the death of their spouse. They continue to receive unsolicited mail addressed to that individual long after the death, and long after the surviving spouse has notified the mailers to stop sending solicitations. We have also been contacted by parents who have lost a baby due to miscarriage or Sudden Infant Death Syndrome, but who are receiving mail solicitations relevant to the infant years after the death (for example, "Now that your child is two, you will want to delight him with ... xyz."). There is no reason why these grieving individuals must continue to receive unsolicited mail, once they have told the mailers to cease. Yet, such instances are not uncommon in the annals of the PRC hotline.
Clearly, the American consumer has little control over what is done with his or her personal data if he or she completes consumer surveys, fills out warranty cards, purchases items from a mail order catalog, subscribes to a magazine, or joins a book or music club. The disclosure notices are vaguely written or non-existent. And the tools provided to remove one's name from the mailing lists and data bases of data compilers -- the MPS and TPS -- are inadequate.
One of the more common complaints we receive on the PRC hotline is the following: "I've written to company X several times and requested that I be removed from their mailing list. But I still keep getting their ads. Can I sue them?" The answer is generally "no," if the solicitation is by mail.
The consumer has a little more protection from telemarketers, however. The Telephone Consumer Protection Act (47 U.S.C. sec. 227) mandates that telemarketers maintain "do not call" lists. Once an individual tells a specific company that she does not want to receive any more calls, she can sue the company for a small amount of money if it calls her back again. Unfortunately, the regulations written by the Federal Communications Commission for the TCPA did not mandate a central "do not call" data base that all telemarketers would be required to use prior to making telemarketing calls. The burden is on consumers to remember to tell each and every telemarketer to stop calling. A dozen states have now passed laws creating statewide centralized "do not call" lists -- a poor substitute for a centralized, nationwide "do not call" list that marketers are mandated to use. ("States that hang up on telemarketers," posted Jan. 8, 2001, on the Privacy Foundation's web site, www.privacyfoundation.org.) Remember, the Telephone Preference Service is not mandated. It is a voluntary program of the Direct Marketing Association.
Secondary uses of consumer data
A serious consequence of there being no omnibus data protection law in the U.S., as there is in most developed countries of the world, is that consumers have virtually no control over secondary uses that can be made of their consumer profile information. The Direct Marketing Industry is adamant in its claim that the data compiled on virtually every U.S. household is only used for marketing purposes. They further state that the information compiled by the data aggregation companies is only sold in bulk. They claim it is not possible to target a single individual given the way the data is collected, compiled and sold. They point out that mailing lists are sold by the thousand at, say, $50 per thousand names.
Unfortunately, the promises of the direct marketing industry are not backed up in law. It would not be impossible for an insurance company to attempt to purchase a list of people who have diabetes or asthma in order to compare that information with their own data in order to screen out individuals with pre-existing conditions, or to raise the rates of those who have indicated elsewhere that they have those ailments.
See our Attachment E, a one-page ad in a pharmaceutical magazine with the bold headline, "Announcing the world's finest list of who's got what." The ad lists the number of records in the Metromail (now Experian) data base of individuals with asthma, bladder control problems, diabetes, heart disease, ulcers, and yeast infections, among others - the same categories of data collected from the National Consumer Survey, Attachment A. The 1996 ad states:
It's Patient Direct from Metromail... The world's largest ailment database, with over 18 million names. Use Patient Direct to create a mailing program that reminds hundreds of thousands to take their medicine... and refill. Or to put the word out that you're converting a product to over-the-counter. Or to build brand awareness. Knowing who has which ailments could very well make your bottom line healthier. Call [phone number] right now for Patient Direct counts by ailment - for targeted lists of the very people whose problems you're in the business to solve.
The PRC has not learned of insurance companies acquiring such medical-related consumer profile data to compare with its own records, but it is not outside the realm of possibility.
There is also nothing preventing a government agency from using the data found in data aggregators' files for investigation purposes. Here are three examples of how data in commercial data files has already been used.
Example one
In the early 1990s, the Internal Revenue Service approached several of the data aggregation companies for lists of individuals showing a high-living lifestyle - expensive cars and other products, and high income. The IRS apparently wanted to conduct a test comparing such data with tax returns in order to find individuals who under-reported their income. To the direct marketing industry's credit, nearly all refused the IRS's request. But the IRS was able to find one data aggregator who supplied the data. Apparently, the test was not conclusive and further tests were abandoned ... for the time being.
In recent years, the IRS, FBI and other government agencies have turned to information brokers, also known as "look-up services," to access massive compilations of public and private sector data files. An April 13, 2001, Wall Street Journal article states that companies such as "ChoicePoint and its rivals specialize in doing what the law discourages the government from doing on its own - culling, sorting and packaging data on individuals from scores of sources, including credit bureaus, marketers and regulatory agencies." (Glenn R. Simpson, "FBI turns to private sector for data: ChoicePoint turns a profit by selling personal information," Wall Street Journal, April 13, 2001.)
The article explains that these companies buy "credit header" data from the three credit reporting agencies (CRAs - Experian, Equifax, and Trans Union), "each of which maintains credit histories on more than 180 million Americans." The credit header data elements include name, aliases, birthdate, Social Security number, current and previous addresses, and phone number (including unlisted numbers that individuals have unwittingly provided to their banks and creditors). Other information is added such as public records data from local, state, and federal agencies - for example, property holdings, motor vehicle records from those states that sell it, voter registration data (again, from those states that do not restrict its uses), professional license information, UCC filings, and more.
Federal government agencies are among the largest customers of ChoicePoint and other information brokers. According to the same article in the WSJ, the U.S. Department of Justice's contract with ChoicePoint was $8 million in 2000, up from $1 million in 1996. The IRS's multi-year contract is worth $8 to $12 million. Although the federal Privacy Act of 1974 (5 U.S.C. sec. 552a) places some restrictions on uses of personally identifiable information by federal agencies, access to the extensive services of these information brokers appears to be a way around the law.
Example two
Supermarket loyalty card programs result in the compilation of extensive data bases of shoppers' purchases. Such data could also be a tempting source of information for investigation purposes. In a story reported by the Washington Post, the U.S. Drug Enforcement Agency subpoenaed records from the customer data base of Smith's Foods, a supermarket chain in the Southwest states. They were conducting an investigation of certain individuals suspected of manufacturing and selling "speed." Were they looking for high-volume purchases of over-the-counter medications known to be used in the manufacture of this illegal drug, such as Sudafed and other cold medicines? No, they wanted to find out if these individuals had purchased a lot of plastic "baggies," presumably to be used in packaging the drugs and selling them on the street. How many individuals can we all think of who would have the profile of a drug dealer based solely on the number of plastic Ziplock bags that we buy? (Robert O'Harrow, "Bargains at a price: shoppers' privacy," Washington Post, Dec. 31, 1998, p. A-1.)
It should be noted that the DEA subpoenaed the data for specific namedany individuals with such a profile. But would supermarket owners be vulnerable to providing such data for "fishing expeditions" because they want to cooperate with the authorities? Perhaps. How long will it be before aggressive divorce attorneys attempt to subpoena such records to show that the other party in the divorce is an unfit parent based on the types of products they purchase from the supermarket - alcohol, cigarettes, over-the-counter medications like sleeping pills and diet pills, "junk" foods, and books, magazines, and videos of questionable content? individuals. They apparently were not engaging in a "fishing trip," looking for
Example three
During the course of the Clinton impeachment investigation, Independent Counsel Kenneth Starr sought data about Monica Lewinsky's book purchases from Kramer's Books, a popular Dupont Circle bookstore in Washington, D.C. He presumably was looking for books that would shed light on her relationship with President Clinton. His subpoena was vigorously fought be the civil liberties, library and publishing communities. (Angie Cannon, "Starr's effort to learn what books Lewinsky bought stirs outcry," San Diego Union Tribune, March 27, 1998, p. A-11.)
Each of these three examples points out the "secondary use" dangers of the compilation of massive consumer profile data bases. Because of the weak legal climate for privacy protection in this country, consumers are not assured that such secondary uses will not be made. Given the fluidity of information in general, the shortcomings in our laws, and the power of computers to capture, merge, sort and disseminate data about each and every one of us - not to mention the power of the profit incentive - consumers have no assurance that information that has been collected for one purpose will not be used for a multitude of unrelated other purposes.
Example four
In an environment where individuals have no control over their personal information, there is yet another use that can be made of personal data - harassment and stalking. Although such reported cases are few, even one is too many. Thus, these Comments would not be complete without a discussion of the Beverly Dennis v. Metromail case.
Beverly Dennis is an Ohio woman who received a letter from a stranger who was in prison for rape. He said that he knew a lot about her, and even listed personal hygiene products that she used. He also told her that when he was released from prison, he would visit her and molest her. She was understandably distraught and sought an explanation of how her address and intimate personal details could find their way into the hands of a convict. (Nina Bernstein, "Personal files via computer offer money and pose threat," New York Times, June 12, 1997.)
Ms. Dennis learned that a data aggregation company called Metromail had contracted with a third party to input consumer survey data (see Attachment A) into a computer. The contractor had in turn established a subcontract with a Texas prison, where inmates were hired to input the data. One inmate obtained Ms. Dennis's personal details and wrote her the threatening letter described above.
She acquired legal counsel and her case has been settled. For the settlement of the class action lawsuit (Beverly Dennis, et al. v. Metromail, et al., No. 96-04451, in District Court, Travis County, Texas), Metromail was required to notify the 2.2 million class members that their personal information had been provided to prisoners. Metromail is prohibited from using prisoners to input survey data in the future. And it must screen its contractors to make sure they do not use prisoners. Metromail's surveys (now Experian) must explain how the consumer data will be used. Further, Metromail must maintain the confidentiality of the data it holds and must promptly honor requests from consumers to opt-out of direct marketing solicitations. A cy pres fund was established to fund organizations to promote privacy protection.
Although we all hope that there will never be another Beverly Dennis case, this example is a cautionary tale of what can happen if even seemingly benign consumer profile information ends up in the hands of the wrong person.
Conclusions: Observations and Recommendations
Several observations and recommendations can be gleaned from these Comments.
Recommendation: All entities that collect consumer data for the purpose of selling it to other parties, must be required to clearly explain how the information will be used. Consent provisions must be clearly posted and unambiguously stated.
2. Observation: Several of the data collection vehicles described above provide an opt-out option for consumers. These include the Consumer Product Survey of America (Attachment B), the product registration forms, some supermarket loyalty club programs, and pre-approved offers of credit. But for some of the data collection vehicles discussed in these Comments, there is neither a notice nor a consent provision. Examples are the reverse appending process (if it is still being done) and the capture of telephone numbers when individuals call toll-free numbers, known as Automatic Number Identification.
Recommendations: The fairest data collection practices are those in which the consumer is fully informed and is able to provide affirmative consent - commonly referred to as opt-in. Unfortunately, the weaker standard of opt-out has become the norm in both law and industry practices in the U.S. Given the long-term implications for the merger of data sources and the compilation of massive dossiers on virtually every American (see discussion above on investigative and surveillance uses, as well as the discussion on the GLB Act), we must move to an opt-in environment.
And we must pass laws that prohibit personal data from being used for unintended secondary purposes. Such laws should be based on the Fair Information Practices (FIPs), a set of privacy principles first established in the 1970s by the U.S. Department of Health, Education and Welfare, and then expanded by the Organization for Economic Cooperation and Development in 1980. The FIPs form the foundation of several privacy-related laws such as the Fair Credit Reporting Act (15 U.S.C. sec. 1681 et. seq.) and the Cable Communications Policy Act (47 U.S.C. sec. 551).
The Federal Trade Commission has recommended a subset of the FIPs to guide online data collection practices - notice, choice, access, security, and enforcement. For a history of the Fair Information Practices, see "A Review of the Fair Information Principles: The Foundation of Privacy Public Policy," on the PRC's website.
3. Observation: The previous point mentions situations in which consumer data is collected without proper notice or consent - specifically reverse appending and Automatic Number Identification. There should be no data collection conducted secretly.
Recommendation: The Federal Trade Commission should conduct a study of all the ways in which consumer data is collected from individuals without their knowledge. It should issue an order prohibiting these practices. Such data-gathering practices should also be prohibited by law.
4. Observation: So-called "product registration cards" are, in my estimation, one of the more deceptive data collection practices in existence today. Consumers are led to believe that filling out the entire form is necessary to activate the warranty and/or to register the product, whereas they need only save the receipt to do so. The opt-out notices on such cards are vaguely written and hard to read. Consumers are not aware that the majority of such cards are mailed, not to the product manufacturer, but to a data aggregation company such as Equifax.
Recommendation: The Direct Marketing Association should examine the industry practice of collecting consumer demographics and lifestyle data via product registration cards, using the Fair Information Principles as its standard. It should recommend changes in the content and design of such cards in order to bring these surveys into compliance with the FIPs. If the industry does not adopt more responsible practices in the near future, the FTC should conduct an investigation of the data collection practices of product registration cards as possible unfair and deceptive business practices.
5. Observation: True control of one's consumer profile is virtually impossible today. Individuals are not given access to their consumer profiles in order to determine how they are comprised and whether or not they are accurate. Further, individuals are generally not able to delete their consumer data. They are only able to "suppress" it.
Recommendation: If data is going to continue to be gathered from consumers under the weak opt-out standard, consumers must be given greater ability to control the final disposition of their personal information. Whether by FTC decision or legislation, consumers should be ensured access to their data profiles. They should also be able to delete data profiles without difficulty. In addition, consumers should, upon request, be given the name and contact information of the company that originally sold their personal information so they can contact that company to request that they cease.
Thank you for the opportunity to provide these Comments for the FTC's workshop and public policy proceeding, The Information Marketplace: Merging and Exchanging Consumer Data.
[All Attachments - Attachment A, B, C, D, E ]