Make no mistake; the collection of consumer data is big business. Everything from shopping in the grocery store, to closing on a home mortgage, to writing a check for your favorite charity, to making a purchase online, creates information that can be tracked.  Technology may provide the consumer with the ease of shopping online, or allow businesses to be more responsive to customer needs, but it also facilitates the collection of personal data. Therein lies the rub. Ask most people, and they will balk at what they see as a growing invasion of their privacy.

 

Today, all of the major credit reporting agencies, including TransUnion, Equifax and others, engage in some form of consumer data selling, and a growing list of other companies specialize purely in the list brokerage and CRM (customer relationship marketing) analysis field. According to a study from the Direct Marketing Association, U.S. direct and interactive marketing sales will top $1.7 trillion in 2003, with about $133 billion from catalog sales and $41 billion from e-commerce. With that amount of money on the table, it’s no wonder that the tracking and analysis of consumer data is a major priority for retailers, marketers and all of the affiliated servicing industries.

 

Exactly where is the data coming from? How is it collected and compiled? Often, information is taken without the individual even being aware of the process. Make a purchase at the local Toys “R” Us or Sports Authority, and it’s likely you will be asked for your telephone number upon checkout.  Chris Hoofnagle, associate director of the Electronic Privacy Information Center (EPIC), a public interest research center, cautions the shopper to keep this tidbit of info to themselves, as he notes that the telephone number you give will often be matched up to your purchase along with additional data the retailer may have purchased on you, through a process called “enhancement” marketing.

 

Even the information collected on mailed-in product warranty cards after your purchase of a stove or DVD player can end up as fodder for another customer database. Hoofnagle adds that some banks have gotten in on the act, with the checks that you write being analyzed by software that can identify the company you wrote the check to, or even the message in the memo line. In addition, with merchants or banks reselling your info to related companies, the data then can travel further than you might imagine.

 

A simple trip to the supermarket can turn into a data minefield. With one swipe of that personalized store convenience card, the local A&P, Piggly Wiggly or Kroger has compiled considerable information on your shopping habits. In turn, the store will generate coupons for similar or even competing products. But what may seem like an innocuous marketing practice is fast becoming a nuisance to privacy conscious shoppers, many who want the benefits of sale offerings without the strings attached of having to share their shopping predilections. The overwhelming support and signup in the recent “National Do Not Call” registry, to stop telemarketers from calling individuals, shows just how disgusted Americans have become with intrusive marketing practices.

 

The newest realm for retailers is RFID (radio frequency identification) devices, flat microchips just slightly bigger than the head of a pin, equipped with a radio antennae, and installed on products or shopping carts. The technology has the potential to be used to track customers in a store, in order to prevent theft of merchandise. Gillette recently backed off of a trial run of RFID tags on their razor blade products in the U.K., a high theft item here and abroad, after a consumer backlash over the possible privacy implications. Some civil liberties organizations, such as the ACLU, fear the development of the technology will eventually lead to tracking of consumers beyond a short radius, and long after they leave a store’s premises.

 

For now, Wal-Mart and a host of other merchants, as well as the U.S. Department of Defense, are working to get RFID capability from their major suppliers, applying it only to B2B inventory applications. Wenli Wang, professor of decision and information analysis at Emory University’s Goizueta School of Business, notes that inventory management is an ideal use of RFID technology, as it will allow for faster tracking of items on a palate or in large cases. She adds that it is inevitable that the evolving wireless technology marketplace will spawn an even broader range of products and services, opening up a whole new realm of concerns over consumer privacy. RFID remains in the infancy stages, with the costs of using the technology still high and applications limited by the current frequency range of the microchip.

 

The biggest issue, says Benn Konsynski, professor of decision and information analysis at Goizueta, is the balancing of the individual’s privacy rights with the needs of legitimate business. Stiffer enforcement action, when possible, can help to some degree on illegal activities, such as identity theft. Then there needs to be a give and take on the business aspects, weighed against the consumer’s desire for privacy.

 

It is clear that technology is here to stay, and that along with the bad, there are certainly many positive aspects to the new age in which we live. Government agencies, such as law enforcement, benefit from quick crosschecks of criminal records, or may even locate someone ill or in danger by tracking a telephone call to an address, says Wang. Without certain types of technology, merchants would be at a disadvantage, as tracking software allows for large merchants such as Wal-Mart or Target to keep the shelves stocked with the items that customers most desire. Shipping companies from FedEx to UPS, and even the U.S. Postal Service, benefit from technology, allowing for individuals and businesses to get the items they want quicker than ever.

 

However, when the technology can allow for a shopper’s habits to be even more closely scrutinized, such as what is being proposed by merchants with the future applications of RFID, there is more controversy.  One application, says Wang, could consist of a computerized screen on a shopping cart, which the shopper would then be able to scan his or her own supermarket convenience card.  In turn, they could receive information on customized specials or even specific aisle-related recommendations, as the chip would be able to locate their exact location in the store. Wang notes “context-aware services” could consist of the mini-computer highlighting choices on a complimentary wine, after a customer scanned the barcode on a particular cheese into the system checking for a price.

 

Still, shopping at a brick and mortar store may prove to be less of a privacy invasion than an Internet transaction. A casual visit to e-tailer Amazon.com, or even to a government website such as the Federal Trade Commission, will result in data collection on the individual user, by way of “cookies.” The level of information gathering depends on the site, and how that particular online merchant allows its customers to opt in or out of data collection.

 

Even the U.S. government is in on the act, as some privacy advocates balk at the surveillance powers given to federal authorities by way of the U.S. Patriot Act. Post 9/11, even the beloved pastime of football fell prey to the watchful eye of Big Brother.  Law enforcement used facial scan technology to look for potential terrorists in the crowds at the 2001 Tampa Bay Super Bowl game. This application is now becoming more common; with fingerprint and iris scan technology also a part of the growing field of biometric technology.

 

With the growing reliance on (and the ever-increasing power of) technology to facilitate the collection and analysis of customer information, it is inevitable that the public would take issue with what many see as an inalienable right – the right to privacy. A growing list of consumer groups and privacy advocacy organizations, including EPIC, Consumers Against Supermarket Privacy Invasion and Numbering (CASPIAN), and Privacy International, are actively working to limit access to consumer data. But even with such groups arguing for tighter controls, the result of this tidal wave of information floating about online and via the mail is that unsavory forces, from spammers to individuals committing identity theft, are also hard at work gathering consumer and business information and using it to their advantage.

 

Another problem is created when detailed shopping information is generated, and then shared with unrelated sources or companies. Konsynski notes, “This will be rationalized by case law ultimately.” In fact, as the technology changes, so too has the nature of data sharing, egged on by consumer sentiment. In 1999 and 2000, big name companies such as Toys “R” Us, AOL and RealNetworks faced considerable criticism and lawsuits, after initially sharing customer data with unrelated third parties.

 

Konsynski warns consumers to remember to “opt out” of data sharing online on any site and to turn off “cookies” whenever possible, to avoid additional personal details getting out to spammers. However, he adds, "There are simply a lot of bottom feeders in this market that sell in mass.” The key to handling consumer information, he says, is to rely on “permission-based marketing.” In essence, this means that customers would agree to receiving information, and generally would deal with companies that they had a previous business transaction or sale with. Any solicitation outside of this realm would be considered spam.

 

What worries consumers the most is unauthorized access to personal financial records and transactions, particularly with the growing threat of identity theft.  “That’s part of the problem,” says James Lee, the chief marketing officer for ChoicePoint, a company that specializes in providing identification and credential verification to business and government clients.  “In today’s world, I need to know that you are who you say you are, and you need to know the same about me.”  He notes that data can be put into “two broad collection buckets” – from public record information created and held by government sources, to information collected during legitimate transactions with merchants and financial institutions.  Lee agrees with Konsynski’s observations, noting a need for better-established parameters and penalties, as well as the need to gain customer permission for information sharing. Lee adds, “The genie is out of the bottle. The benefits that flow from the information age, when used appropriately, are significant. We can’t have a Luddite view of the world that all technology is bad. There has to be a dialogue here.”

 

Catherine Pulley, spokesperson for the American Bankers Association, the trade association representing the banking industry, says that privacy advocates who argue for sweeping changes in the way information can be gathered may ultimately limit the ability of financial institutions to conduct legitimate business. Often, she says the public may not understand what the information gathered is used for. Pulley adds, “For the banks, it is in their best interest to protect your info. If your identity is stolen, it hurts the banks. The amount of money banks spend on firewalls and id theft is high and growing.”

 

The Financial Modernization Act of 1999 (Gramm-Leach-Bliley Act) and the Fair Credit Reporting Act of 1971 govern financial transactions, and also provide the consumer with the right to look at their credit reports, to see who has requested information on them, and to challenge incorrect information. Pulley notes that banks, credit unions and insurance companies are the only industries subject to these sweeping oversights at present. However, says Hoofnagle of EPIC, Gramm-Leach-Bliley doesn’t go far enough to protect consumers, as the banks may enter into a joint marketing deal with almost any company, and then they are allowed to provide customer data to that “affiliated” partner.

 

Other privacy advocates, such as representatives from Consumers Union and the U.S. Public Interest Research Group, concur with the viewpoint of EPIC, and argue that recent measures to limit access to consumer information simply do not go far enough, though some state measures are seeking to change that. As well, the money involved in data collection keeps driving the technology further ahead of any checks and balances in the system. For instance, notes Professor Wang, companies doing analysis of e-commerce are becoming more common, and firms such as Coremetrics, which analyzes the buying habits of online consumers for e-tailers, are growing by leaps and bounds. Wang adds that the global, boundary-free nature of an Internet presence can complicate the privacy vs. data collection issue further. Other countries may or may not deem certain information private, while the U.S. could hold an opposite viewpoint.

Kevin George, vice president of products for Silverpop, an email relationship marketer, says that his company is well aware of the “best practices” needed for this growing and relatively new terrain to succeed. Silverpop does not own the data that they work with and that their clients upload into Silverpop’s system. He adds, “It is all protected. In fact, our clients must sign a term of service agreement with us saying that they won’t distribute unsolicited commercial email or spam.” Unfortunately, George acknowledges that a “small group of very aggressive marketers will look for providers in the email servicing space to go beyond best practices and to step over the line into the realm of spam.” Today, George notes that about 60% of email is spam, and the biggest problem for companies is that the software and blocking filters set up to reject some of the spam is now affecting legitimate targeted email.

 

Of course, what one person considers legitimate advertising may be another person’s spam. While there is certainly the need for business to target its audience, there is also the obvious need to temper the data collection and dissemination along the way. Konsynski notes, “There is a natural tension between the rights of the individual and the needs of commerce to have information that have to be balanced.” As the technology continues to develop and to stretch the limits, the debate will continue to reshape and grow. He cautions, “This is a never-ending conflict, and you can’t swing too far one way or the other. It is a difficult issue, as where do you set the lines.”

 

(November 2003)

 

To our readers:  This is the first in a 4-part series of articles on technology and privacy.  We want to hear from you. What are your privacy concerns?   Have you experienced problems related to access to your information?  Your feedback may be featured in future articles (with your permission only).  To provide your views, go to  

http://knowledge.emory.edu/index.cfm?fa=feedback