Congress Holds Experian, Acxiom, Equifax and Other Data Brokers’ Feet to the Fire over “Consumer Genome”, Demands Answers

You can share this, including by text message!

  • Congress Holds Experian, Acxiom, Equifax and Other Data Brokers’ Feet to the Fire over “Consumer Genome”, Demands Answers

Every once in a while our U.S. Congress does something that renews one’s faith in our elected officials at the top. And this is one of those times. Following the damning expose last month in the New York Times, You for Sale: Mapping, and Sharing, the Consumer Genome, in which Times journalist Natasha Singer moved a rock and shed light on the fact that data broker Acxiom, and others like them, are amassing, collating, correlating and selling far more personal data about you – yes, you – than you can possibly imagine, Congress has with lightening speed (literally a few weeks) demanded that Axciom, and others like them, including Experian, Epsilon, Equifax, Harte-Hanks, Intelius, Fair Isaac, Merkle, and Meredith Corp., respond to a demand for information about just what information they are gathering on pretty much every American, and just where they are getting it from, among other questions.

The letter was signed by Congressmen Edward J. Markey, Henry Waxman, G.K. Butterfield, Bobby Rush, Joe Barton, Steve Chabot, Austin Scott and Jan Schakowsky.

Says Singer, in her article, “Right now in Conway, Ark., north of Little Rock, more than 23,000 computer servers are collecting, collating and analyzing consumer data for a company that, unlike Silicon Valley’s marquee names, rarely makes headlines. It’s called the Acxiom Corporation, and it’s the quiet giant of a multibillion-dollar industry known as database marketing.”

You can read Singer’s articles here: You for Sale: Mapping, and Sharing, the Consumer Genome.

A note on Congressman Markey’s site explains that “A bipartisan group of six lawmakers joined Reps. Edward J. Markey (D-Mass.) and Joe Barton (R-Texas), co-Chairmen of the Congressional Bi-Partisan Privacy Caucus, in letters sent today to nine major data brokerage companies querying each about how it collects, assembles and sells consumer information to third parties. Other signatories on the letters include Reps. Henry A. Waxman (D-Calif.), Steve Chabot (R-Ohio), G.K. Butterfield (D-N.C.), Austin Scott (R-Ga.), Bobby Rush (D-Ill.), and Jan Schakowsky (D-Ill.).

 

Representing a multi-billion dollar industry, data brokers have aggregated information about hundreds of millions of Americans from both online and offline sources, which they then sell to third parties for targeted advertising and other purposes, often with little consumer knowledge. A recent New York Times story, “A Data Giant is Mapping, and Sharing, the Consumer Genome” detailed how data brokers have developed consumer profiles that go beyond basic demographic information to include buying habits, household health concerns, political affiliations and even time spent on vacation. The lawmakers’ letters request information from the data brokers on polices and practices related to privacy, transparency and consumer notification, including as they relate to children and teens.”

Here is the letter that Congress sent to the data brokers last week:


Congress of the United States
Washington, DC 20515

July 25, 2012
Don Robert
Chief Executive Officer Experian
475 Anton Blvd.
Costa Mesa, CA 92626

We know you're sick of ads on websites. But we still need to pay to keep the lights on for you. So instead of huge ads and video ads, we use smaller, plainer ads. Still, if you'd like to support the Internet Patrol but not the ads, please consider supporting us here:
Donate via Paypal
Other Amount:
What info brought you here today? (Optional):

Dear Mr. Robert,

The business of data brokerage, namely the collecting, assembling, maintaining, and selling to third-parties of consumers’ personal information, has grown into a multiple billion dollar industry. By combining data from numerous offline and online sources, data brokers have developed hidden dossiers on almost every U.S. consumer. This large scale aggregation of the personal information of hundreds of millions of American citizens raises a number of serious privacy concerns.

According to a recent article in The New York Times (“A Data Giant is Mapping, and Sharing, the Consumer Genome”, June 16, 2012), consumer profiles developed by data brokers often extend far beyond age, race, and sex, to include “weight, height, marital status, education level, politics, buying habits, household health worries, vacations — and on and on”. Data brokers then advertise these detailed profiles to third parties to use for targeted advertisement, among other purposes.

The implications of data brokers’ practices extend beyond customizing advertisements at consumers. A number of privacy advocates, as the Times article points out, “are more troubled by data brokers’ ranking system, which classify some people as high-value prospects, to be offered marketing details and discounts regularly, while dismissing others as low-value — known in industry slang as ‘waste’. This practice may have long-term impacts on access to education, health care, employment, and other economic opportunities. Some have termed this practice “Weblining”, analogous to the illegal practice of “Redlining” in the physical world.

The aggregation of personal details for sale to marketers has the potential to affect nearly all Americans, but children and teens are particularly at risk. Because of this, we have questions concerning whether you are collecting information about children and teens and, if so, what kind of information you are collecting.

Consumers, regardless of age, often have little or no knowledge about the identity of data brokers, how they collect personal information, and to which outside parties they sell or otherwise provide this information. A growing number of privacy advocates, along with the Federal Trade Commission (FTC), have called for increased transparency by data brokers, including disclosure of their business practices and the rights consumers have over their own personal information.

As Members of Congress who are concerned about privacy, we ask that you provide answers to the following information requests and questions:

1. Please provide a list of each entity (including private sources and government agencies and offices) that has provided data from or about consumers to you or your contractors or affiliates from January 2009 through the present.

2. Please list each type of data you or your affiliates or enterprise partners has collected from or about consumers, including racial, ethnic, or religious information, from January 2009 through the present.

3. Please describe each method by which you have collected information from or about consumers from January 2009 through the present and answer the following questions:

(Article continues below)
Get notified of new Internet Patrol articles for free!
Or Read Internet Patrol Articles Right in Your Inbox!
as Soon as They are Published! Only $1 a Month!

Imagine being able to read full articles right in your email, or on your phone, without ever having to click through to the website unless you want to! Just $1 a month and you can cancel at any time!
Congress Holds Experian, Acxiom, Equifax and Other Data Brokers’ Feet to the Fire over “Consumer Genome”, Demands Answers

a. Do you use social media to collect information about consumers? If yes, what types of information do you collect from social networks-(i.e., friends, interests, etc.)? If yes, from what platforms do you collect this information?

b. Do you collect data on consumers’ mobile use and activity? If yes, what types of information do you collect about consumers’ mobile use and activity? If yes, for what purposes is this information used (i.e., targeting on real-time ad exchanges)?

4. Please explain each product or service, both online and offline, that you have offered to third parties from January 2009 to the present that uses data collected from or about consumers. For each product or service, please describe:

a. Each type of data that is used in or by the product or service.

b. Each type of entity that you sell or otherwise provide the product or service to.

c. Any prohibitions or restrictions (i.e., contractual, technological, etc.) on the sale or use of the product or service.

d. Whether or not the products or services involve lead-generation, including the sale of offer clicks or leads. If so, please explain.

e. Whether or not the products, services, or business practices subject you or any affiliates to the Fair Credit Reporting Act (FCRA). If so, what products or services are subject to FCRA?

f. Whether or not your company maintains completely separate, firewalled databases or data used for both FCRA and non-FCRA purposes. If used for both purposes, please explain.

5. Are consumers able to access personal information that is held by your company? If no, why not? If yes:

a. How may consumers access this information?

b. What information are consumers given access to? Please list each type of information.

c. How are consumers made aware of their right to access this information?

d. What kinds of personal information are they required to provide to verify their identities?

e. Do your terms of service allow you secondary uses of that verification information? If yes, what uses?

f. flow many consumers have requested access and how many requests has your company complied with?

g. How long has your company provided consumers with this access?

6. Are consumers able to correct personal information that is held by your company? If no, why not? If yes:

a. How may consumers request corrections?

b. How are consumers made aware of their right to correct this information?

c. What kinds of personal information are they required to provide to verify their identities?

d. Do your terms of service allow you secondary uses of that verification information? If yes, what uses?

e. How many consumers have requested corrections and how many has your company corrected?

f. How long has your company provided consumers with this option to request correction?

7. Are consumers able to opt-out of the use or sharing of personal information about them? If no, why not? If yes:

a. Is this a simple, full opt-out or do consumers select from a range of limited opt- out options? Please describe the various options that are offered.

b. Does this opt-out completely prohibit all uses, including collecting and targeting, or is it limited to an opt-out of targeting?

c. How may consumers opt-out?

d. How are consumers made aware of their right to opt-out?

e. What kinds of personal information are they required to provide to verify their identities?

f. Do your terms of service allow you secondary uses of that verification information? If yes, what uses?

g. How many consumers have requested to opt-out and how many requests has your company complied with?

h. How long has your company provided consumers with the option to opt-out?

8. Are consumers able to request the deletion of their personal information? If not, why not? If yes:

a. How may consumers request deletion?

b. How are consumers made aware of their right to delete this information?

c. What kinds of personal information are they required to provide to verify their identities?

d. Do your terms of service allow you secondary uses of that verification information? If yes, what uses?

e. How many consumers have requested deletion and how many requests has your company complied with?

f. How long has your company provided consumers with this option to request deletion?

9. Does the company charge consumers a fee for any access, correction, opt-out, or deletion services? If yes, state the amount the company charges for each service. If yes, what is the total revenue earned by the company through such fees during each of the last five years?

10. How does your company store each type of data collected from or about consumers (please distinguish between types of data, if applicable)? What security measures do you have in place to safeguard the data collected?

11. What encryption protocols or other security measures do you put in place to prevent the loss of or acquisition of data that is transferred between your company and outside entities?

12. What review process do you have in place for entities who wish to purchase personal information from you (i.e., do you evaluate their data security measures or whether the entity is a legitimate business)? Do you conduct any follow-up audits? If not, why not? If yes, please describe the nature and timing of these audits.

13. Do you provide notice to consumers about your data collection, use, or sharing practices? If no, why not? If yes, please describe how you provide this notice.

14. Does your company compile information from or about children or teens? If yes:

a. Do you also sell or otherwise provide this information to another entity?

b. Do you distinguish between information about children ages 12 and under from information about
teenagers ages 13-17?

c. Are different procedures in place to allow children and teens to access, correct, or delete their personal information, or opt-out of sharing of this personal information? If not, why not?

Thank you for your attention to this important matter. Please provide responses to these questions no later than August 15, 2012. If you have any questions, please have a member of your staff contact Joseph Wender (202-225-2836) in Congressman Markey’s office or Emmanual Guillory in Congressman Barton’s office (202-225-2002).

Sincerely,

Edward J. Markey
Henry Waxman
G.K. Butterfield
Bobby Rush
Joe Barton
Steve Chabot
Austin Scott

  
No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free? Thank you!

Congress Holds Experian, Acxiom, Equifax and Other Data Brokers’ Feet to the Fire over “Consumer Genome”, Demands Answers

Get notified of new Internet Patrol articles!

You can share this, including by text message!

  • Congress Holds Experian, Acxiom, Equifax and Other Data Brokers’ Feet to the Fire over “Consumer Genome”, Demands Answers

Leave a Reply

Your email address will not be published. Required fields are marked *