The recent Facebook-Cambridge Analytica data scandal put a spotlight on the nebulous world of data brokers and data mining. As you shop, browse the Internet, participate in a quiz, subscribe to a magazine, fill a prescription, or network on social media, data brokers are hovering in the background, stealthily collecting your personal information. In the eyes of data brokers, you are the commodity. You are being packaged and sold. Because data brokers lurk in shadowy darkness, you may be unaware of their existence, leading to such questions as: What are data brokers? What are they collecting and how do they get it? What are the dangers and what can you do?
What are Data Brokers?
According to The Federal Trade Commission (FTC), data brokers are companies that collect, analyze, package and sell consumer information. Government agencies, businesses, other data brokers, organizations, and individuals purchase your information for the purpose of marketing products, establishing identity, or detecting fraud. The data broker industry is divided into three broad categories based upon the type of product that they sell: (1) marketing products, (2) risk mitigation products, and (3) people search products. Examples of these categories are:
Marketing products:
Risk mitigation and people search products:
How Data Brokers Get Your Information
Your personal information is collected from commercial, government, and other publicly available sources such as:
- online or offline warranty cards, sweepstakes entries, contests, quizzes, surveys, and loyalty cards;
- web crawlers – programs that capture content across the Internet and transmit it back to the data broker’s server;
- census demographic information, motor vehicle records, driver’s license records, telephone directories, voter registrations, court filings, real property and tax assessor records, recorded liens and mortgages, real estate listings, birth, marriage, divorce and death records, professional license filings, and recreational licenses; and
- social media platforms such as Facebook, LinkedIn, WhatsApp and others.
What are Data Brokers Collecting?
Data brokers collect details of who you are and your everyday interactions. “Imagine if you could know consumers like you know your friends. Understanding what they crave, what they need, why they buy and what they’ll buy next.” This quote from Epsilon’s web page makes it clear that they want to know everything about you. For example, Experian and Epsilon collect the following data elements about you:
- life event triggers like new parents, new homeowners, and new movers;
- consumer demographics like age, gender, marital status, children, and income;
- attitudinal and behavioral data such as interests, hobbies, and brand preference;
- automotive data, vehicles consumers have in their garages, and the likelihood of households to purchase a vehicle;
- technology attributes, use and adoption of devices and, even social media platforms; and
- ailments, allergies, arthritis, diabetes, high blood pressure, respiratory ailments, and high cholesterol.
A detailed profile of your life is compiled based on the information that is collected. Data brokers analyze these elements to infer your interests, including potentially sensitive interests. You may now be grouped into multiple categories called segments with other consumers such as, “Winter Activity Enthusiast,” “Dog Owner,” “Diabetes Interest,” “Cholesterol Focus,” “Expectant Parent,” and so on. Astonishing amounts of information have been collected. For nearly every U.S. consumer data brokers have collected 3,000 data segments.
What Dangers Does This Pose?
Storing detailed consumer profiles certainly has inherent security risks. Indeed, consumer profiles are high value targets for identity thieves and other malicious hackers. Consider the following examples. LexisNexus and ChoicePoint were victims of social engineering attacks that exposed the data of thousands of consumers. Axicom and Epsilon both experienced significant data breaches. In 2015 the Experian data breach affected 15,000,000 T-Mobile consumers. The 2017 Equifax data breach affected 145,000,000 consumers.
What You Can Do
Be proactive. Some data broker companies offer an “opt-out” form. The process may feel a bit counterintuitive as the form requires you to submit personal information such as your name, mailing address, and possibly an email address, but it’s worth the effort. According to the FTC, data brokers have indicated they will only use this information for identity verification to initiate the opt out process. It may also be necessary to submit multiple opt-out requests to take into consideration name variations. For example, “Jonathan Doe” may also need to submit an opt-out form for “John Doe.”
Filling out and submitting the opt-out form may not remove your information entirely. Axicom’s opt-out form states, “the information provided on this form will be used only for the purpose of removing information about you from Axicom’s marketing products.” A master list of data brokers and their opt-out links can be found at Privacy Rights Clearinghouse.
Knowing how data brokers obtain information empowers you to make informed choices. Use that knowledge to shine a light on the dark and shadowy world of data brokers. The fact that Cambridge-Analytica used the personality-quiz app, “This Is Your Digital Life,” to mine the data of millions of Facebook users should make you think twice before you participate in the next quiz that comes your way.
If you are curious to see how you may be unknowingly giving away your information, the FTC has produced this helpful video.
“It is better to light a candle than to curse the darkness” – Eleanor Roosevelt
Sources:
https://www.cnbc.com/2018/04/10/facebook-cambridge-analytica-a-timeline-of-the-data-hijacking-scandal.html
https://www.ftc.gov/sites/default/files/documents/reports/federal-trade-commission-report-protecting-consumer-privacy-era-rapid-change-recommendations/120326privacyreport.pdf
https://us.epsilon.com/data-driven-marketing-solutions#CRM
http://www.experian.com/marketing-services/targeting/data-driven-marketing/consumer-view-data.html
https://www.social-engineer.org/framework/general-discussion/categories-social-engineers/identity-theives/
https://www.social-engineer.org/framework/general-discussion/categories-social-engineers/information-brokers/
https://www.theregister.co.uk/2006/02/23/acxiom_spam_hack_sentencing/
https://krebsonsecurity.com/2015/03/feds-indict-three-in-2011-epsilon-hack/
https://www.theguardian.com/business/2015/oct/01/experian-hack-t-mobile-credit-checks-personal-information
https://www.social-engineer.com/equifax-breach-need-know/
https://www.theatlantic.com/technology/archive/2018/04/facebook-cambridge-analytica-victims/557648/
https://www.privacyrights.org/data-brokers