Slashdot Mirror

← Back to Stories (view on slashdot.org)

Inside One of the World's Largest Data Brokers

Posted by samzenpus on from the knowing-all-about-you dept.

itwbennett writes "Contrary to recent reports, data broker Acxiom is not planning to give consumers access to all the information they've collected on us. That would be too great a challenge for the giant company, says spokesperson Alexandra Levy. Privacy blogger Dan Tynan recently spoke with Jennifer Barrett Glasgow, Chief Privacy Officer at Acxiom (she claims to be the very first CPO) about how the company collects information and what they do with it. This should give you some small measure of comfort: 'We don't know that you bought a blue shirt from Lands End. We just know the kinds of products you are interested in. We're trying to get a reasonably complete picture of your household and what the individuals who live there like to do,' says Glasgow."

64 comments

  1. Not the first CPO! by Anonymous Coward · · Score: 0

    Stephanie Perrin was Chief Privacy Officer at Zero-Knowledge Systems (now known as RadialPoint) back in 2001.

    1. Re:Not the first CPO! by c0lo · · Score: 1

      Chief Privacy Officer at Zero-Knowledge Systems...

      Uh??? Somehow, it makes better sense than "director of advertising privacy"

      --
      Questions raise, answers kill. Raise questions to stay alive.
  2. Just a pipe dream... by Frosty+Piss · · Score: 1

    Contrary to recent reports, data broker Acxiom is not planning to give consumers access to all the information they've collected on us.

    Naturally.

    --
    If you want news from today, you have to come back tomorrow.
    1. Re:Just a pipe dream... by clemdoc · · Score: 1

      Are they doing business in the EU? If so, they may have to.
      I can't be bothered to look it up right now, but there was a case of a student from Vienna forcing facebook to give their users full access to whatever information they had collected on them. Impossible to tell of course, whether they did fully comply.
      Still, that might be funny.

    2. Re:Just a pipe dream... by Anonymous Coward · · Score: 0

      I thought the Land's End reference was about the actual geographic Lands End in the UK, as opposed to Lands' End chain, and was thinking about an UK company refusing to follow the UK privacy laws following the EU directive. Buying blue shirts from the Land's End, that would be obscure, to say the least.

  3. The know what I like to do? by frovingslosh · · Score: 1

    Have they no decency? Sounds like a bunch of sicko and perverts!

    --
    I'm an American. I love this country and the freedoms that we used to have.
    1. Re:The know what I like to do? by Chrisq · · Score: 1

      Have they no decency? Sounds like a bunch of sicko and perverts!

      On the other hand you do get the bulk discount vouchers for rubber gloves and Vaseline

    2. Re:The know what I like to do? by philip.paradis · · Score: 1

      Thanks buddy, now you've got She Don't Use Jelly stuck in my head. Since I have to sleep shortly, I'm probably going to have jacked up dreams. Yes, I'm "old" for this, but damnit, I've earned it. In retort, I'll see your Flaming Lips and raise you a Mexican Radio.

      --
      Write failed: Broken pipe
    3. Re:The know what I like to do? by X0563511 · · Score: 1

      I like to block advertisers and data miners.

      How does that compute, motherfuckers?

      --
      For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
  4. so by Anonymous Coward · · Score: 0

    I want to be able to opt out

  5. Worry not by Jenerick · · Score: 1

    "No need to worry, we have slightly less specific information than people think."

  6. Untrue by evanism · · Score: 5, Interesting

    They know everything. Not just the shirt, but how you paid, the brand, how much it was, its size and all the alternatives that were available at the time in the store.

    I worked in a project with them for years and I can tell you they have every last scintilla of every purchase you have EVER made with an EFTPOS or credit card.

    They, like Kang, Know All.

    --
    Just bought a new quantum computer, but I'm uncertain how it works.
    1. Re:Untrue by Anonymous Coward · · Score: 0

      Hmm - would a DMCA takedown do the trick?

    2. Re:Untrue by OhANameWhatName · · Score: 4, Funny

      I worked in a project with them for years

      Something tells me you're about to get arrested and electro-shocked to erase Acxiom's corporate secrets.

    3. Re:Untrue by Required+Snark · · Score: 3, Interesting
      Yes, she's lying her teeth out.

      Recently I needed a car tow on the weekend. It took me about two and a half hours to get home. When I arrived I immediately went to send out email and I was getting targeted adds for used Mercedes cars and auto loans. They don't need to bother implanting a tracking chip. It would be redundant.

      --
      Why is Snark Required?
    4. Re:Untrue by cultiv8 · · Score: 4, Interesting

      This. I worked with JP Morgan Chase for a brief stint and they sent us to Acxiom for week-long training on how they do data collection and what we could do with it. One of the stories they shared was how if a product was purchased at a Disney store and that same account had previous purchases for children's toys, then we could correlate that account with an address and send the address an offer for a Disney-branded Visa or Mastercard. If I remember right there were over 500 data points on households, not including transaction histories.

      --
      sysadmins and parents of newborns get the same amount of sleep.
    5. Re:Untrue by Anonymous Coward · · Score: 0

      Key words here are "EFTPOS" and "credit card". Don't use them!!!

    6. Re:Untrue by cultiv8 · · Score: 4, Interesting

      I hate to respond to my own comment and I know this is blatently trollish, but incase you're wondering, Marketwatch reports that Facebook recently partnered with Acxiom "to enable marketers to incorporate off-Facebook purchasing data in order to deliver more relevant ads to users".

      --
      sysadmins and parents of newborns get the same amount of sleep.
    7. Re:Untrue by tepples · · Score: 1

      Other than with a credit card, how else do you recommend paying for mail-order goods?

    8. Re:Untrue by OhANameWhatName · · Score: 1

      Facebook recently partnered with Acxiom

      Between the devil and the deep blue sea

    9. Re:Untrue by JurgenThor · · Score: 1

      Great! I might finally get some relevant ads instead of pictures of Victoria Beckham telling me the magic secret to losing a stone a week

      --
      GENERAL PUBLIC SIGNATURE (GPS) Any replies (derivatives) of this post must also use the GPS
    10. Re:Untrue by Anonymous Coward · · Score: 0

      WTF. Are you saying that the credit card issuer knows exactly what items I bought? I thought retailers weren't allowed to share that information. It would be valuable. Walmarts not going to give that info up. No way.

      Meh, privacy is dead. Just bribe a PI and you will get the address of anyone with a drivers license.

    11. Re:Untrue by grahamm · · Score: 1

      Other than with a credit card, how else do you recommend paying for mail-order goods?

      Send a cheque or postal order with the order or in settlement of the account.

    12. Re:Untrue by X0563511 · · Score: 1

      What ads? Oh right, the ones I filter out.

      Fuck these bastards, and fuck them hard.

      --
      For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
    13. Re:Untrue by Shotgun · · Score: 1

      Simple logic would tell you that she is lying.

      How can the get any idea of what your household is like, unless they collect the data? You can't.

      How would you determine algorithmically which data is "general" and which data is "specific"? It isn't possible, because there is no acceptable line between general and specific data.

      Ipso facto, they're collecting ALL the data, and her statement is absurd.

      --
      Aah, change is good. -- Rafiki
      Yeah, but it ain't easy. -- Simba
    14. Re:Untrue by Anonymous Coward · · Score: 0

      Acxiom is benign, their biggest customers are VISA/MC/DISCOVER. They track/discover patterns to suggest fraud, and presto your card gets shut down.

      They don't have any magic, and they are located in Conway, Arkansas.

  7. They don't know what I like by OhANameWhatName · · Score: 4, Interesting

    We're trying to get a reasonably complete picture of your household and what the individuals who live there like to do

    I like to have my privacy respected. I've willingly shared this information with Acxiom, but apparently my primary interest isn't valuable for Acxiom to understand. Companies like Acxiom deserve to have their corporate systems pillaged and this data handed out willy nilly to whomever the pillagers associate with .. without recrimination. Because this is PRECISELY how Acxiom operates.

    If our political systems weren't so ridiculously corrupt, Acxiom's board and upper management would have been against the wall long ago. It's about time that companies like Acxiom were targetted by righteous hackers and their corrupt business practices exposed for the entire world to see.

    1. Re:They don't know what I like by Anonymous Coward · · Score: 0

      They do know, they just don't care.

    2. Re:They don't know what I like by Anonymous Coward · · Score: 0

      Are these the same righteous hackers that are always getting busted for petty wire fraud and identity theft? Yes, let's get our torches and pitchforks and rile up the simple folk of the countryside for an old fashioned lynching while we're at it. Vigilantism is nothing more than mob rule, and mobs are mindless crowds of people refusing to take responsibility for their individual actions.

    3. Re:They don't know what I like by game+kid · · Score: 1

      ... mobs are mindless crowds of people refusing to take responsibility for their individual actions.

      That explains all that Acxiom does, come to think of it. (Well, except the "mindless" part; they clearly know what damage they do.)

      --
      You can hold down the "B" button for continuous firing.
    4. Re:They don't know what I like by Anonymous Coward · · Score: 0

      Companies like Acxiom deserve to have their corporate systems pillaged and this data handed out willy nilly to whomever the pillagers associate with .. without recrimination.

      The only data I want pillaged from Acxiom's corporate systems is their payroll.

      I don't care what Acxiom pays their employees; I just want names and addresses. I won't do anything with them, myself, I'll just provide them to a select list of clients.

      Acxiom might wonder who those clients are. Well, it's public information, so they can look it up on the sex offender registries themselves.

    5. Re:They don't know what I like by Anonymous Coward · · Score: 0

      I wonder what would happen if CHINA were to attack the database of Acxiom and poison it with intentionally inaccurate data? Further, I wonder what kind of damage that would inflict upon Acxiom if that poisoning was then made public in a highly visible way. Would that data be of any use to their customers after such an attack? Think about the damage then done, by that same poisoning, to the companies that use that database.

      Cyber-warfare isn't inherently limited to military targets. Companies like Acxiom are central to the success of many other companies--this makes them high-value targets. Who is benefiting the most from the database? I am sure these questions are being asked. America? France? The Western Ruling Elite? I guess we'll find out when we see who comes to their rescue.

  8. And from data mining by Anonymous Coward · · Score: 0

    They know the location you were at, who purchased at around the same time and correlates to you, if you have a loyalty card, the data for that is sold on bulk, and includes stuff like email address and telephone.

    In the case of data services like Choicepoint, they analyze for political affiliations and likely voting choices and participate in a lot of voter-blocking measures designed to sway elections. e.g. Florida's 'voter scrubbing', Mexico's voter challenges etc.

    The idea that you're entitled to privacy has been sold to the highest bidder, and the political machine seems so corrupt you can never get it back.

  9. That must be some kind of law somewhere by Anonymous Coward · · Score: 0

    "if a representative of a firm tells you they are not doing something which would enhance their business model, they are mistaken, liar, or are only in the process of implementing in the short future".

    In the case which interest us, of course knowing that kind of minutiae detail would be interesting, and of course they are either lying when they say they don't gather it, OR the PR does not know and is an incapable, or they are implementing a way to sell it to corporation. In their case they are almost certainly lying, as most firm of such nature I know in the US don#t save such data. They all do.

    1. Re:That must be some kind of law somewhere by easyTree · · Score: 1

      "We are not doing that thing which until just now you had no reason to suspect we were doing."

      Thanks for the info. What else aren't you doing? Huh?

      --
      Requiem for the American Dream
  10. Breach of DPA? by L4t3r4lu5 · · Score: 3, Interesting

    You are required, by law, to allow access to the data held on an individual in order to check for accuracy and relevance to purpose. If you don't do that, you're in breach of the Data Protection Act.

    Give me access to my data.

    --
    Finally had enough. Come see us over at https://soylentnews.org/
    1. Re:Breach of DPA? by blackraven14250 · · Score: 1

      You might not be covered, given they're a US-based corporation. If there's no office in the UK, you're basically SOL.

    2. Re:Breach of DPA? by L4t3r4lu5 · · Score: 1

      http://www.acxiom.co.uk/contact-us/

      Boom. I just hope they have offices in Germany too, because those guys are happy to throw their weight around when it comes to consumer data protection.

      --
      Finally had enough. Come see us over at https://soylentnews.org/
    3. Re:Breach of DPA? by Xest · · Score: 1

      I was wondering about this too, by Lands End I'm assuming she means the actual place Lands End in the UK? If so then again this seems to be yet another company breaking UK law on data collection and not a thing being done about it.

      It's worth noting that it's not simply a breach of the point in law you say - the right to be able to access this data, but also that as a 3rd party company with whom you have no business then they have absolutely no legal right to be holding this data in the first place. It's true that you don't have to have a direct relation to a company for them to be able to hold data on you, a data controller can authorise a data processor to process data they hold on you, but from what she's saying - the fact they have their own distinct hive of data implies they're not acting merely as a data processor but are themselves a data controller and as I've never once had any direct business correspondence with this firm then that suggests they are breaking the law.

      What's actually really really interesting in the case you site is their reason for not giving you access to data they hold - one of the responsibilities placed on data controllers is that they must hold data in a suitable filing system, a suitable filing system can be as simple as a pile of paper on your desk with the caveat that if that pile of paper on your desk contains personal information of someone and they ask to see it then you have to be able to find it else it's not a suitable filing system. The fact they're claiming they can't give you access to your data because their systems are too complex means they're not even fulfilling the minimum requirements needed legally to be a data controller.

      It seems that effectively they're breaching the DPA in almost every possible conceivable way.

    4. Re:Breach of DPA? by wiredlogic · · Score: 1

      "Lands End" Is a clothing retailer in the US.

      --
      I am becoming gerund, destroyer of verbs.
    5. Re:Breach of DPA? by PPH · · Score: 1

      Yes, but are there customers in the UK?

      The USA isn't the only country capable of reaching outside of its borders to enforce its laws. Whether they've actually got the balls (bollocks) to act is another question. And if the UK files charges and the USA refuses to extradite, just don't travel to the EU. Or fly from Seatte to New York and cross through Canadian airspace.

      --
      Have gnu, will travel.
    6. Re:Breach of DPA? by clemdoc · · Score: 1

      Looks like they have: http://en.wikipedia.org/wiki/Acxiom

    7. Re:Breach of DPA? by Xest · · Score: 1

      Well hopefully they're just talking about the US market then!

      Well that's a lie, for the sake of Americans hopefully not, but I mean, for their sake and ours, I hope they haven't just openly admitted to breaking the law in the UK.

    8. Re:Breach of DPA? by blackraven14250 · · Score: 1

      I don't think the US will be extraditing a company to the UK anytime soon.

  11. Ingenous claims? by Bearhouse · · Score: 4, Insightful

    FTA: "Acxiom data can’t be used for employment background checks, credit verification, or insurance underwriting, she adds, because that would make it a consumer reporting company under Fair Credit Report Act. Companies regulated under the FCRA can’t use that data for marketing purposes."

    Urm, "Chinese walls", anyone? Want to bet that they don't sell that information to other people for doing exactly that?

    1. Re:Ingenous claims? by Anonymous Coward · · Score: 1

      I can tell you at least one company uses this same sort of purchase data from an Acxiom competitor which correlate to relatively poor credit scores (low-end purchases paid by cash, check or store credit card as an example) in order to send offers with the explicit goal of getting them to sign up for credit. Bad credit scores result in hefty interest and big fees. They tap dance around the FCRA in order to avoid having to deal with compliance and having to fully disclose the data they collect.

      Almost all U.S. catalog companies and virtually every store you see in a typical indoor mall shares your data with companies like Acxiom. The data shared is very detailed - item/UPC level detail. Most of that data used to be aggregated in order to reduce the size of the data set to a manageable size, but the recent big data trend has been towards keeping and analyzing all of the detail.

      The only way to avoid being tracked is to avoid loyalty programs, and refuse to give phone # or ZIP codes when asked for it. The name swiped from your credit card, your ZIP code, and your purchase can pin point the buyer with very high accuracy. Your phone # is as good as a SSN in identifying you individually. If you are embarrassed to say "no" when asked for this information (which they count on), then make one up.

      Anonymous for obvious reasons.

    2. Re:Ingenous claims? by Anonymous Coward · · Score: 0

      Just so you know, item-level details do not go up for credit processing at all, the POS has to be doing that.

      (level 2 and level 3 processing is expensive, and level 3 doesn't even work right unless you're using a corporate card or such)

      Anonymous for similar reasons.

  12. In Europe , that would be criminal by gweihir · · Score: 4, Informative

    If you cannot tell people exactly what data you have collected about them, you are not allowed to collect that data. Penalties up to 2 years imprisonment apply. (Well, it is Europe, so I doubt anybody has been sent to prison yet for breach of data privacy laws, but still....) And they would also have to delete any and all data on request from the people that data is about. Cannot do it? Sorry, your business Model is criminal.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    1. Re:In Europe , that would be criminal by Anonymous Coward · · Score: 0

      In Europe the penalty usually is a request to change habits.
      Punishment for willful wrongdoing is so 1800. Instead one has to be 'forward looking' to what is the best way to deal with the situation once the deed is done.

  13. Which stores allow this? by tepples · · Score: 1

    Send a cheque or postal order with the order or in settlement of the account.

    The last time I checked, eBay specifically forbade using a cheque or postal order to pay for an item that a buyer has bought. Which existing major online stores do allow using a cheque or postal order?

    1. Re:Which stores allow this? by Anonymous Coward · · Score: 0

      Check again. eBay US and UK do not specifically forbid these as far as I know: the only requirement is that a sellect accepts at least PayPal. Other payment methods are offered at the seller's discretion.

    2. Re:Which stores allow this? by tepples · · Score: 1

      [On eBay,] Other payment methods are offered at the seller's discretion.

      My former employer used to get dinged for stating in item descriptions that other payment methods were available.

    3. Re:Which stores allow this? by Anonymous Coward · · Score: 0

      Hmm, I looked again and eBay UK and IE are as I said, but eBay.com only allows sellers to accept checks and postal orders in certain circumstances (link, appears to be mostly heavy items, appliances, vehicles and 'adult items').

      Which is a bit rubbish, I think.

      And sending in Rainbow to round up infringers is surely excessive.

  14. Let me help you by Anonymous Coward · · Score: 1

    We're trying to get a reasonably complete picture of your household and what the individuals who live there like to do

    My name is Anonymous Coward. We here in the Coward family like to live our lives knowing companies like yours do not have any information about us other than, of course, the fact that we don't like companies like yours do not have any information about us.

    Now that you know this, please update your database accordingly.

  15. This is why I surf using a proxy : by Anonymous Coward · · Score: 0

    So parasites like Acxiom cannot profit from
    invading my personal privacy.

    At a minimum, all users can and should delete both "normal"
    cookies and Flash cookies.

    Screw these people who pry into the lives of others ( Das Leben
    des Anderen, sound familiar ? ). They deserve nothing but derision.

  16. UK Data protection act by Anonymous Coward · · Score: 1

    What if you get a UK dual citizenship, can you apply the Data Protection Act VS the US company while being in the US?

  17. Insider's View by Anonymous Coward · · Score: 1

    I interned at Acxiom during my senior year of undergrad so I thought I'd give another view and share a funny story.

    If I remember correctly, their revenue is broken down roughly like the following:
    60% - data analysis of 3rd party data, even big name tech companies (Google, Microsoft, Apple, etc) will send them data to analyze because its cheaper and/or easier
    30% - data storage, they store 3rd party data on tape in a fire and water safe bunkers (no joke)
    10% - random crap

    These are the guys responsible not for sending you junk snail mail, but figuring out which junk snail mail to send to you and to make sure you don't get duplicates too often. They are also responsible for scraping yellow and white pages for information. In fact, I know the guy they paid bookoodles of money to develop the white page scraping algorithm. Previously they were shipping off yellow and white pages to 3rd world Asian countries so they could be manually entered.

    I'm sure some of the people working there are quite skilled (such as my white page friend); however, the majority of their developers seem to be completely incompetent. Their internal structure is extremely convoluted with little inter-team cooperation or [good] management oversight. Additionally, they lack a set of developer standards requiring PQA, QA, version control, unit testing, etc.

    Both of these factors coupled with a company that's willing to hire mediocre developers leads to the following:
    Compiled code is running on one or more severs and absolutely no one has any clue what it does - the guy that wrote it doesn't work here anymore. We can't stop it from running, however, since it might be used by one or more of our customers
    No one knows were the source code lives. If that code ever needs to be updated then we're just going to have to rewrite it
    That source code is versioned, if the source is accidentally deleted then we're just going to have to rewrite it
    No's sure which of our servers are owned by us or one of the other billion teams
    No one can read this code because it's a hacked together perl script that someone specifically wrote in an obfuscated manner to ensure job security (I'm not joking).
    Additionally, you’d sometimes find code written in an a language that no one there knew how to use because it was written 25 years go. OH! PASCAL!

    My intern project while I was there was more or less an automated system to clean up after other developers. Every night it would do the following:

    1. Search several servers and compile a list of "useful" files. Determining "useful" is both "interesting" and necessary. Their servers had gigs of useless input and output files, but no one would clean them up for fear of breaking something. The strategy for my program was to ignore them, but not delete them.
    2. Some of their severs’ files could be accessed through file shares, but the majority had to be SSH’d into. The servers had no consistent security setup so adding in the capability for my program to successfully communicate with all of them in an extensible, secure way that could be encapsulated with a single simple interface was a joy.
    3. Once we had a list of files, my program would try to weed out duplicates across servers and folders (mkfile is a fun one) and try to match up executables to source code (again, mkfile is a fun one)
    4. Once we'd played match maker, it would try to automatically version all of the files in a semi-sane manner. The SVN server had an absolutely bonkers structure that was rivaled by only the chaos of their internal structure.
    5. Once finished, it would generate a basic styled HTML page giving a report of what it had done, it's success rate, and some metrics about what kind of files were out there in the wild wes

    1. Re:Insider's View by kermidge · · Score: 1

      Oh, man, that is a story scary and funny and instructive at the same time. Hope you've got a better kind of gig now.

  18. cleveland kidnapping? by hibji · · Score: 1

    I wonder if Ariel Castro could have been found by mining this data? Yeah, I know it sucks, but the data is already out there. Maybe it could be put to good use.

    1. Re:cleveland kidnapping? by Anonymous Coward · · Score: 0

      No -- it's needle and haystack stuff. It may be clear after the fact, but predicting is a different problem. How do you predict these sorts of things without breaking down doors of people that are not mainstream consumers? If you model their behavior, you are likely to find hundreds or thousands of innocent people with similar outward behavior.

  19. WTF? by Anonymous Coward · · Score: 0

    From TFA: "Author Dan Tynan has been writing about Internet privacy for the last 3,247 years. He wrote a book on the topic."

    Was that book written before or after the fall of Babylon?

  20. Re:Please, no Karma for my Knowledge by kermidge · · Score: 1

    Massively off-topic, thoroughly weird (even for /. - whatever you're taking, stop; whatever you should be taking, please resume, or some kind of thing) yet some-weirdly-how, right. That's even more weird.