In: Computer Science
Data for Sale
Want a list of 3,877 charity donors in Detroit? You can buy it from USAData for $465.24 through USAData’s Web site, which is linked to large databases maintained by Acxiom and Dun & Bradstreet, anyone with a credit card can buy marketing lists of consumers broken down by location, demographics, and interests. The College Board sells data on graduating high school seniors to 1,700 colleges and universities for 28 cents per student. These businesses are entirely legal. Also selling data are businesses that obtain credit card and cell phone records illegally and sell to private investigators and law enforcement. The buying and selling of personal data has become a multibillion dollar business that’s growing by leaps and bounds. Unlike banks or companies selling credit reports, these private data brokers are largely unregulated.
There has been little or no federal or state oversight of how they collect, maintain, and sell their data. But they have been allowed to flourish because there is such a huge market for personal information and they provide useful services for insurance companies, banks, employers, and federal, state, and local government agencies. For example, the Internal Revenue Service and departments of Homeland Security, Justice, and State paid data brokers $30 million in 2005 for data used in law enforcement and counterterrorism.
The Internal Revenue Service signed a five-year $200 milllion deal to access ChoicePoint’s databases to locate assets of delinquent taxpayers. After the September 11, 2001 terrorist attacks, ChoicePoint helped the U.S. government screen candidates for the new federally controlled airport security workforce.
ChoicePoint is one of the largest data brokers, with more than 5,000 employees serving businesses of all sizes as well as federal, state, and local governments. In 2004, ChoicePoint performed more than seven million background checks. It pocesses thousands of credit card transactions every second. ChoicePoint builds its vast repository of personal data through an extensive network of contractors who gather bits of information from public filings, financial-services firms, phone directories, and loan application forms. The contractors use police departments, school districts, the department of motor vehicles, and local courts to fill their caches. All of the information is public and legal.
ChoicePoint possesses 19 billion records containing personal
information on the vast majority of American adult consumers.
According to Daniel J. Solove, associate professor of law at George
Washington University, the company has collected
information on nearly every adult American and “these are dossiers
that J. Edgar Hoover would be envious of.”
The downside to the massive databases maintained by ChoicePoint
and other data brokers is the threat they pose to personal privacy
and social well being. The quality of the data they maintain can be
unreliable, causing people to lose their jobs and
their savings. In one case, Boston Market fired an employee after
receiving a background check from ChoicePoint that showed felony
convictions. However, the report had been wrong. In another, a
retired GE assembly-line worker was charged a higher insurance
premium because another person’s driving record, with multiple
accidents, had been added to his ChoicePoint file.
ChoicePoint came under fire in early 2005 for selling information on 145,000 customers to criminals posing as legitimate businesses. The criminals then used the identities of some of individuals on whom ChoicePoint maintained data to open fraudulent credit card accounts.
Since then ChoicePoint curtailed the sale of products that contain sensitive data, such as social security and driver’s license ID numbers, and limited access by small businesses, including private investigators, collection agencies, and non-bank financial institutions. ChoicePoint also implemented more stringent processes to verify customer authenticity.
Marc Rotenberg of the Electronic Privacy Information Center in Washington, D.C., believes that the ChoicePoint case is a clear demonstration that self-regulation does not work in the information business and that more comprehensive laws are needed. California, 22 other states, and New York City have passed laws requiring companies to inform customers when their personal data files have been compromised. More than a dozen data security bills were introduced in Congress in 2006 and some type of federal data security and privacy legislation will likely result. Privacy advocates are hoping for a broad federal law with a uniform set of standards for privacy protection practices.
1) Discuss the issues raised by data brokers in the context of management, organization, and technology factors.
2) Use a professional code of ethics to recommend solutions to the issues in 2.