GAO: Information resellers quickly invading personal lives
Privacy laws changes urged to meet data collection technology
Technology is so rapidly and completely outpacing our ability to protect fundamental elements of our identity and our activities that comprehensive federal action is required to help us cloister the essence of who we are, according to congressional investigators.
In its wide-ranging study, "Information Resellers," the Government Accountability Office found that -- when it comes to personal privacy -- credit card users and virtually all other Americans have been left at the mercy of "data assemblers" and marketers.
Our names, addresses, purchases and voter registrations. Our children's ages. Our pregnancies and births. Our financial investments. Our ailments. Our social media activities. Our preferences when it comes to music, literature and our pets. Even our astrological or psychic inquiries. All of this information -- and much more data -- are for sale, and, in most cases, we are powerless to stop it or even control it.
"The core message of our study is that there definitely is a need to look at the privacy framework so people understand just how much of their information may be available to others," said Alicia Puente Cackley, the director of financial markets and community investment at the GAO, which is the audit, evaluation and investigative arm of Congress. "People need to understand that what they think is private may not be."
Cackley and her team produced the 61-page study at the request of Sen. Jay D. Rockefeller IV, the West Virginia Democrat who chairs the Senate Committee on Commerce, Science and Transportation. Completed in September, the report was made public late last week.
It found that "no overarching federal privacy law" regulates the collection and sale by companies of information most people would consider private -- and the situation is growing more ominous by the day. Even as we strive to process recent disclosures about governmental snooping into our private lives, the report offers provocative details about virtually unbridled commercial invasions of our privacy.
"The current statutory framework for consumer privacy does not fully address new technologies -- such as the tracking of online behavior or mobile devices -- and the vastly increased marketplace for personal information, including the proliferation of information sharing among third parties," the GAO reported.
Regarding online tracking, the report helps explain how it is that if you perform an Internet search for, say, a Batman toy, you immediately begin seeing Batman toy ads popping up on many subsequent Internet sites. Much of the data assemblers' information comes from public records and publicly available information such as telephone directories, newspapers and classified ads, but a lot of it also comes from tracking and location programs inserted into websites and, often, tracking and data "cookies" embedded in your computer.
"Consumer information can be derived from mobile networks, devices (including smartphones and tablets), operating systems and applications," the GAO said. "In addition, resellers may obtain personal information from the profile or public information areas of websites, including social media sites such as Facebook, LinkedIn, MySpace and Twitter, or from information posted to blogs or discussion forums. Depending on the context, information from these sources may be publicly available or nonpublic."
Data about you not yours to see
So, would you like to see your file? Are you curious about what is being said about you -- and what is being sold to countless marketers? Good luck with that.
"With regard to data used for marketing, no federal statute provides consumers the right to learn what information is held about them and who holds it," the GAO said. "In many circumstances, consumers also do not have the legal right to control the collection or sharing with third parties of sensitive personal information (such as their shopping habits and health interests) for marketing purposes."
In addition, the GAO said, the industry that is built around invading your privacy has a strong preference to maintain its own privacy. According to the Federal Trade Commission and the U.S. Department of Commerce, no comprehensive list or registry of these firms exists. "There is limited publicly known information about the informational reseller industry, as a whole," the GAO said.
People need to understand that what they think is private may not be.
|-- Alicia Puente Cackley
Government Accountability Office
The agency did note that some private information about credit card customers and others is protected by a piecemeal mesh of "narrowly tailored" regulations, but the net is loose and full of wide gaps.
For instance, the Fair Credit Reporting Act of 1970 protects the confidentiality of personal information used by credit card companies, banks and other entities when you apply for credit, insurance or a new job. Also, the Health Insurance Portability and Accountability Act of 1996 shields some information about your health and medical treatments. Other laws apply to financial institutions, the online collection of data about children and, oddly, what videotapes you rent (not that many people still engage in that activity these days).
That's about it, and a growing number of "data assemblers," also known as information resellers, data brokers, data aggregators or information solution providers, are exploiting both the gaps in regulatory control and the tidal wave of information that you, often unknowingly, are providing about yourself.
In addition to widely known Equifax, Experian and TransUnion, the three national credit bureaus that for years have produced and sold consumer financial reports to credit card companies and other financial institutions, relatively new players such as Acxiom, Spokeo, Intelius and Experian Marketing have been digging much deeper as they assemble portfolios about our lives -- portfolios that are sold to retailers, advertisers, nonprofit groups, law enforcement and other government agencies, and even private individuals.
Smorgasbord of data sold
According to the GAO study, this is the kind of information collected and sold in "marketing products" by Acxiom:
- Individual data, including name, address, telephone number, email addresses, gender, education, occupation, voter party, ethnicity and language, age and date of birth.
- Household data, including genders, marital status and children's age ranges.
- Purchasing behavior, including frequency of purchase indicators, types of purchase indicators, charitable giving indicators, community involvement indicators, and so on.
- Household events, such as when you become an expectant and new parent, when a teen becomes a driver, when a child graduates from college, when you buy a home and sign a mortgage, when you get married or divorced, when you buy a car, and so on.
- Social media activities, such as which sites you are likely to visit and how active you are likely to be, what fan pages you like and what videos you view online.
Experian Marketing goes even further, according to the GAO, collecting information about:
- Your hobbies, including astrological and psychic readings, boating, gardening, photography, politics, religion, self-improvement and even your volunteer efforts.
- Your pets, reading preferences, the things you collect, the recipes you gather, the music you like, the occupations you engage in and the sports you indulge in.
- Whether you prefer casino gambling, lotteries or sweepstakes games.
- Your financial investments, including mutual funds, money market funds and retirement accounts.
- Your ailments -- allergies, cancer, Alzheimer's and so on -- and even if you wear contact lenses or eyeglasses.
It's all out there, for sale to pretty much anyone.
The information reseller industry has grown significantly in recent years, as has the amount of consumer information that these companies assemble and distribute.
"The information reseller industry has grown significantly in recent years, as has the amount of consumer information that these companies assemble and distribute," the GAO said in a cover letter to Rockefeller. "Moreover, growing use of the Internet, social media and mobile applications has intensified privacy concerns because these media greatly facilitate the ability to gather increasing amounts of personal information, track online behavior, and monitor locations and activities."
New protection suggested
In response, the GAO recommended that Congress consider strengthening the "consumer privacy framework to reflect the effects of changes in technology and the marketplace -- particularly in relation to consumer data used for marketing purposes."
The report said this should be done without "unduly" inhibiting corporate activity, but Congress should focus on making sure that consumers have a means to access, correct and control the personal information gathered about them.
"There are some cases where consumers can opt in or out of disclosures, but in many cases, you don't have that opportunity," Cackley said.
Given the current environment in Washington, Cackley declined to comment on the chance of congressional action. So, in the meantime, should consumers govern themselves accordingly while providing information online or in any other format to marketers?
"Yes," Cackley said. "Exactly."
- Fed: Balances on cards rose $1.2 billion in July – Credit card balances rose at a 1.5 percent annualized rate in July, the Federal Reserve said, reversing a decline the previous month ...
- Main lesson after Equifax breach: Protect yourself – September 2018 marks the first anniversary of Equifax's massive breach, which prompted calls for tougher security. Continuing hacks, however, prove that breaches won't cease. ...
- Surprising credit card travel exclusions – Your credit card's travel insurance may not cover injuries sustained while taking part in a protest or riot, driving under the influence, skydiving, or due to a pre-existing medical condition ...