Abine on CNN: why big companies buy and sell your data

Last night, CNN’s OutFront had the first-ever interview with the CEO of the biggest company you’ve never heard of: Acxiom, Inc., a data broker that collects and sells personal information on 96% of Americans.

Abine was in the story as a privacy advocate to represent the side of the consumer, and I–Sarah, your faithful blogger and privacy analyst–talked to reporter Ed Lavandera.  You can check out the story here.

It’s kind of awkward to post a picture of myself.

What are data brokers?

Acxiom’s headquarters.

Every single day, companies you’ve never heard of are collecting and storing information about you.  They’re commonly known as “data brokers” or “people search sites.”

Intelius, Spokeo, Acxiom, and BeenVerified are just some of almost 200 data brokers, and that number continues to rise.  These data brokers have personal information like your age, estimated net worth, and religious and political views, and they combine that with contact information like your address and phone number, as well as photos you’ve posted. 

They get it from sources you can’t control, like drivers’ licenses and birth certificates, and things you voluntarily give out, like Facebook photos, supermarket rewards cards, and warranties.

All of this information adds up to create a virtual you–a second you.  And this “virtual you” is being sold to anybody who wants it–individuals, companies, hiring managers–for only a few dollars.  Most people realize that basic information is out there, but they’re shocked to learn how many personal details are up for sale.

What’s the problem with data brokers?

Reporter Ed Lavandera asked Acxiom’s CEO whether the company knew people’s bank account numbers. He didn’t answer.

People are using data broker information to make important decisions about the real you based on the virtual you, decisions like your credit score, your insurance rates, and even whether you get a job.  What’s worse, this data is frequently inaccurate.

Recently, a Massachusetts woman wasn’t hired for a pharmacy job after a background check had incorrectly reported that she had 14 felony convictions. Her record was clean, but the data broker providing the report messed up and linked someone else’s name to hers.  It’s a major problem when employers are judging people based on these background checks, yet people can’t respond to or even see the content of their own files.

Besides not getting hired, there are other dangers of having so much personal information out there, ranging from things as benign as embarrassment or unsolicited marketing, to as severe as identity theft or stalking.

Legality

People always ask us, “how is this legal?”  The data has always been public, but it was in government storage that was much less accessible than a website.  The problem is that these sites are taking advantage of out-of-date public records laws.  These laws were built around paper documents in regulated storage:  you used to have to go to a town clerk’s office to see them.

But with the advent of the Internet, they’re one click away:  records have become super-public, and they’re far more accessible and visible than they’ve ever been.  And unlike the government, these private data brokers do almost no oversight to make sure the info they’re selling about you is accurate.

Confusing opt-out processes

Many data brokers offer the ability to conceal your information from the public, but they don’t make it easy.  There are hundreds of different data brokers and they all have different, time-consuming removal procedures.  Some don’t even offer any way to do it.

Some require faxes, others emails, others certified mail, creating a long line of hoops you’ll have to jump through to get your data removed.  Surprisingly, you have to provide them with more information just to have yours removed, like a copy of your government-issued photo ID and your addresses going back 20 years.

And even after all that, your data repeatedly pops back up on these sites as you naturally leave a digital trail out in the world.  It’s unrealistic to expect people with busy lives and responsibilities to spend dozens of hours removing and re-removing their info from all these different sites.

That’s why we created DeleteMe. With DeleteMe, we do all the hard work of removing your data from the biggest data broker sites, and a personal DeleteMe advisor consistently scours them for your info, making sure it stays gone for good.

What you can do about data brokers

Luckily, there are a few things consumers can do to fight for their privacy.

First, realize that your data is yours and you don’t have to give it out every time someone asks for it.  Whether you’re at the mall or the supermarket or registering for an online account, give out as little info as you have to.  Use an email alias or a different date of birth.

Second, if a company isn’t honoring your privacy requests, report them:  go to the Federal Trade Commission’s simple online complaint form, your state’s attorney general, the BBB, or write a negative online review.

Third, you should also remove your info from data broker websites that already have it.  We wrote a free do-it-yourself guide to removing your info from the biggest data broker sites, and we have a paid option called DeleteMe.  DeleteMe is a customized subscription service that removes personal data like address, email, and age from data broker websites, like Spokeo.com and others.  Plain and simple–it makes you harder to find online.

At Abine our business is user privacy, and we support measures that give people more control over how their data is collected, stored, shared, and sold.  We’ve worked hard to support that goal, from filing FTC complaints against data brokers, to submitting public comments to Congress about privacy concerns, to creating innovative privacy products and services.

What’s in the future for data brokers?

In February, the Obama administration called for a consumer privacy bill of rights and specifically said they’re cracking down on data brokers.  The Federal Trade Commission has said so as well.  For example, in June, the Federal Trade Commission fined Spokeo $800,000 for selling personal information to hiring managers.  Data brokers aren’t allowed to sell consumer data for things like hiring and housing unless they uphold strict privacy and accuracy standards, which Spokeo wasn’t doing.

The FTC has also called for data brokers to create a universal opt-out similar to the Do Not Call registry, and we agree.  We think people want, and need, a simple, one-stop website where they can see all the info that data brokers have about them and remove it from being publicly displayed with one action.

Congress also needs to update public record laws for the realities of today’s digital world.  But government action can be slow, so more consumers are taking privacy into their own hands and using services like DeleteMe today.




9 comments shared on this article:

  • Richard says:

    Yes, I absolutely agree. It was a VERY interesting Abine article I just read. I found your site after previously going onto Microsoft’s tracking protection lists, and installed it for both IE and Firefox. Will check into it also later for other browsers. This whole internet thing of tracking users, puts internet users in a strange position. On the one hand, at one time I read that even some police departments were encouraging internet users to use an alias or get a P.O. Box when purchasing online. I have also read that online banking is one of the prime ways identity theft occurs. However, when one signs up for a website such as an e-mail provider, or web portal or social networking site — often the agreements, state that the user must provide accurate, complete and truthful information.

    I am wondering just what the legalities are, etc. regarding the use of aliases or giving a different date of birth, as was suggested in your article. Could there ever be a situation where users are accused of providing false info, and therefore be sued or have their service terminated ?? What is the federal government’s position on this, or state governments ? It all seems to be so unclear.

    And yet, the data brokers seem to have no problem with selling personal private information without the consent of the person. Has your company experienced any problems or heard of situations where customers or users take these kind of measures to protect their privacy, and then more and more information gets out there on the internet over time — both the accurate info, and user created identity protection info (such as aliases, different city names, locations, addresses, etc. ), possibly to such an extent that it may be difficult to tell the true information from the false info (which for the sake of clarity I’ll call “Identity Protection Info”) ??

    Could it be that possibly as time goes on that more and more people have trouble finding jobs or qualifying for loans, etc. etc. because the information out there might be so confusing that it would be difficult to tell which is which ??

    Anyway, just wanted to say hello, and let you know that your company seems to be providing a valuable service. I hope to learn more about privacy matters as time goes by.

    — Rich

    (A relatively new senior citizen using his computer again after some years.)

  • Chad says:

    The only question I have is… how can one be certain that a so-called “data removal’ site, doesn’t also in turn sell the private information that they recieve in order to “remove” the data. Doesn’t a “data-removal” site need to know what data they are removing, after all? The selling of privatized information, despite of its (often unenforced) illegality in the majority of states, is so built into the capitolistic system of our society that even a profressing data removal site can remove a lot of information and make more money by selling information on the side. Therefore, how can a consumer of a data removal site be entrusted to the fullest capacity that they aren’t being swindled?

    • Sarah Downey says:

      Good question and one we hear a lot. You can’t be certain, but most of them state in their privacy policies that they won’t, so doing so would put them at risk of violating the FTC Act’s deceptive business acts clause. The data brokers say they need a your information to make sure they’re removing the right record, which is true up to a point–it doesn’t seem like they need as much as they ask for. After all, what’s the risk here? That they’ll remove the wrong person’s record? That’s more like a gift–no one wants to be listed on these sites! We’re pushing the data brokers to make a one-stop opt-out website that will make this entire process easier, and the FTC is watching them closely. It’s definitely the wild West in data broker land right now, but we’re optimistic that things will improve.

  • Nina says:

    They all lie. Even when you go through the opt-out process, or file complaints with the AG’s offices involved, the FTC, et al., they just put the information right back up a couple of months later. It’s disgusting. I don’t know how people can be so low, so utterly without honor that they’d happily take money for putting someone’s life in danger, either by selling personal info to identity thieves, or to stalkers, or — as happened to one woman — to a convicted felon released from jail who decided to hunt down witnesses and jurors.

    • Sarah Downey says:

      We’re with you here. What’s the specific case you’re referencing with the convicted felon who hunted down witnesses and jurors? That’s awful.

      • Gaia Smith says:

        I don’t have details on that case, but I, personally, was faced with a similar issue. I spent WEEKS (I was on dial-up at the time) removing myself from every dB I could find, and it was all consuming. Some require fax, others snail-mail, all demanded I show PROOF; it was a bloody nightmare.

        I went so far as to have my name obscured from the county/state real estate records–something they happily do for elected officials, law enforcement, “famous” people, but for domestic violence victims, there are yet more hoops through which to jump.

        The most important, and first stop, is Google. A picture of your HOUSE, for crying out loud–and, for your added convenience, a map to get there! I just went on a virtual tour of the INSIDE of my sis-in-law’s new house, just by entering the address…it’s just plain scary what’s out there now.

        As an aside, do you offer a plan for cases such as this? Shouldn’t you?

  • E, Gasçon says:

    Not only IP addresses but MAC addresses can be tracked. This is very disturbing. Anonymizing services such as I2P – The Anonymous Network or Tor address the issue of IP tracking

  • Steve says:

    Replying from UK, the privacy issues you have in the US and Canada are gradually creeping over here. The big companies (google etc ) have already made inroads to our personal data through street view, google mail, car insurance quotes, and surveys etc.
    The only thing I have learned is to be mean with my information to all, and where appropriate ask WHY the information is required. Once the info is out there it is hard to erase it completely.
    Thanks to “Do not track me” we can all fight back, although it would be nice to earn say 10% commission on the sale of our info???

    • Sarah Downey says:

      That’s great advice. If everyone walked around with the mindset that “my data is mine, and no one’s getting it unless it’s absolutely necessary,” people would have a lot more privacy. It’s a good tactic (and I do it myself). Sorry to hear that the UK is starting to have the same privacy issues that the US does. The UK and the US are pretty closely matched when it comes to government surveillance. However, the EU has stronger privacy laws in general, so regulation has you better covered than it does here.

Leave a Reply

Your email address will not be published.

Comment

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>