Database Marketing: Your Life For Sale

Database Marketing: Your Life For SaleYour personal profile, including sensitive information, is for sale. And the company offering it to prospective advertisers or other commercial clients is a firm you probably never heard of.

Most people, and certainly the computer-savvy, have heard of Facebook, Google, and other Internet giants that have come under scrutiny for their privacy policies. But very few consumers, even the well-informed, ever heard of the Acxiom Corporation, at least before it was profiled by the New York Times. But it, along with other little-known database marketing firms, has amassed an enormous volume of personal consumer information, and is eagerly offering it for sale.

(The Times piece has a confusing title:  While firms like Acxiom do traffic in medical information as well as other personal data, the human genome itself is not part of the story.)

Database marketing firms such as Acxiom are the hidden face of Big Data. This mass of personal data does not all come from social sites, or from the Internet at all. Indeed, Acxiom first launched its targeted-marketing business in 1969. In that era, when most advertisers concentrated on mass marketing, Acxiom's key source of demographic data was the phone book.

One major concern for privacy advocates is the ranking systems that database marketing firms develop to identify the most promising prospects for their marketing clients.

While offering special deals such as free shipping only to "best" customers may in itself be a fairly trivial matter, it has larger implications. Says Pam Dixon of World Privacy Forum, such selective offerings could evolve into "a mountain of pathways not offered, not seen and not known about" by most consumers.

Privacy and security are very closely interlinked. Consumers' lack of information about their own personal data – who has it, how it is used, whether it is accurate or not – constitutes a massive, ongoing data security breach.

The security principles set forth in industry standard ISO/IEC 27002 provide a framework for effective security, built around the cycle of Plan, Do, Check, and Act (PDCA). Many good security products are on the market, but all are designed to meet specific threats – and will not block other threats. At GRT Corp. our security philosophy is built around these words by noted security expert Dr. Bruce Schneier: "Security is not a product, but a process."