Back to www.cdt.org                    
  IMAGE MAP
CDT's data privacy page
Considering Consumer Privacy

Consumer Access to Marketing Data: Let's Look Before We Leap

Tony Hadley, Vice President, Government Affairs
Experian

Consumer Access to Marketing Data: Let's Look Before We Leap [pdf]

Few would argue that the fair information practices principles of notice, choice, access and security are important consumer rights concepts.[1] Unfortunately, these principles are usually recited without considering their true complexity. Practical approaches Ð whether statutory or self-regulatory Ð recognize that each of these principles must be applied in unique ways appropriate for the purpose for which the information is used.

The application of each principle must strike a balance between the value gained by consumers, businesses and society and the costs associated with each. Sometimes that balance prohibits application of one or more of the fair information principles. For example, under the Fair Credit Reporting Act (FCRA), the nation's oldest privacy statute, consumers do not have a choice about being included in the national credit reporting system. If choice were an option, those who are lax on paying their bills would probably choose not to have that information disclosed to potential lenders. That choice would result in increased lending risk for creditors and increased credit costs for consumers. In effect, there would be fewer financial service products for consumers.

This paper examines some of the practical approaches to providing consumers with access to information. Some access regimes have developed solely within the marketplace. Federal or state laws require others. Some of these approaches are distinctly different from a full-file access standard, where consumers can view, dispute and request correction of all personally identifiable information an organization maintains about them. While each approach is different, the convergence of technology, consumers' demand and the ability of the marketplace to absorb the cost of access define every application of the access principle.

The principle of consumer access, arguably the most complex issue in the debate about consumer privacy, must be applied carefully. The principle of access raises significant privacy, data security and cost considerations for consumers, business and society. Unfortunately, perhaps because of the complexity of this issue, many legislative proposals dispense with the access principle simply by citing the obscure standard that reasonable access should be provided upon the consumer's request. While sounding sensible on its face, such an undefined standard delegates too much authority to regulators and the courts to develop public policy about consumer access.

Allowing consumer access, by nature of the process, makes the data less secure. As a result, appropriate authentication and verification systems need to be implemented. Providing access also means that information held by an organization must be integrated and compiled into personal, comprehensive, name-driven profiles that raise new privacy issues. Finally, the costs associated with data integration, new security systems for authentication, and customer service staff necessary to administer disclosure, dispute and correction systems are enormously expensive.

When Should Access Be Provided?

The primary purpose for access is to assure that information a company maintains about an individual is accurate.[2] For example, if a company's use of inaccurate or fraudulent information could bring harm to an individual through over-billing, or be used to make a decision that could deny a consumer a benefit or service such as credit, insurance or employment, then access should be provided. In these cases, it is in the best interest of both the consumer and the business to assure that the personal information about a consumer is correct.

However, access for the sake of curiosity is not justified when the costs to society and the threat to personal privacy are significant. In such instances, access should be discouraged if the information ultimately cannot be used to harm an individual or deny a benefit or service.

Fair information practices principles provide consumers with the right to know what personal information is collected about them, how that information is collected and how that information is used. In most cases, robust notice, combined with the consumer's right to revoke consent (opt-out), is a practical substitute for access, particularly with regard to non-sensitive information used only for marketing purposes.

Experian's Access Policies

Experian is the steward of some of the world's largest databases of consumer information. We provide information for many purposes, all of which are regulated by federal and state law, according to industry self-regulatory standards, or in accordance with Experian's global information values. Experian approaches the issue of access with expertise, knowledge and judgement derived from practical experience.

For example, Experian provides tens of thousands of consumers with access to their credit history each day. Federal and state laws require Experian and other consumer reporting agencies to do so because of the unique and sensitive nature of this information.

However, Experian exceeds the letter of the law because technology and consumer demand have reached a point where access benefits not only consumers but also our society's credit system. For example, the Internet greatly facilitates an individual consumer's access to his or her personal credit information. Consumers' identities can be authenticated instantly, enabling them to immediately view their consumer credit information and identify and dispute potentially erroneous information.

Experian takes a much different approach to consumer access regarding its databases of information used for marketing purposes. Experian provides consumers, upon request, with a thorough description of the types and categories of information it collects. We also provide consumers with a notice that information is used only for marketing purposes. If, after understanding these information collection practices and uses, a person does not want to participate Experian promptly suppresses their name from future use. In this respect, robust notice and the opportunity not to participate in marketing offers is a practical substitute for access because it allows consumer participation without imposing costs that cannot realistically be absorbed by the marketplace.

Other Models of Consumer Access

Today, even without a legal mandate, almost every company provides consumers with ready access to current account information. This type of targeted access to personal information reflects business' interest in accurate, up-to-date records for billing purposes, as well as a customer-focused response to consumer demand. Many Internet-based companies offer access not only to account and billing information but also to customer-supplied information used, pursuant to notice and choice to the consumer, to predict consumer preferences.

The Washington State Legislature passed a law in 2001 requiring consumer access to records related to identity fraud.[3] Financial institutions, retailers and other corporations that hold personally-identifiable information linked to an incident of identity theft must provide a consumer, upon request, with copies of all documents that were used or could have been used to perpetrate identity fraud in the consumer's name. U.S. Senator Maria Cantwell has proposed a similar requirement in S.1742, which is currently under consideration. The disclosure requirement is generally directed to credit application and billing information Ð not unlike account information that is currently made readily available to customers of an organization as a routine customer service.

With certain exceptions, beginning October 16, 2003, individuals will have the right of access to inspect and obtain a copy of protected health information about the individual in a designated record set, for as long as the record is maintained in the designated record set[4]. Health care providers and other covered entities must provide access, generally within 30-60 days.

In essence, then, access is important when a consumer is subject to actual harm, such as identity theft, or when there is an overwhelming potential for harm, as in the case with sensitive medical information.

Should Full-File Access Be Extended to Commercial Marketing Databases?

The default language used in many legislative proposals is that organizations should provide reasonable access to personally identifiable information. This standard, which is based on the European model of data protection, is vague, unpredictable and provides business and consumers with little guidance to implement workable access procedures. This general standard would allow regulators and the courts to establish full file access procedures similar to those required under the FCRA for all data regardless of use.

Marketing databases often are compared erroneously to credit reporting databases. However, the data, data uses, and structures of marketing databases compared with those of credit reporting databases are entirely different. To suggest an access and dispute process for marketing databases like that established for credit reporting is unrealistic.

The information in a credit reporting database is used to make critical lending, insurance, housing and employment decisions about specific individuals. The data, therefore, must be as precise as possible. Because the information is specific to an individual's actual transactions, and is of such a crucial nature, credit files are compiled as discreet personal profiles. Consumers need to know and have the ability to play a role in ensuring the accuracy of the information. While consumer reporting agencies store data and manage the use of credit data, the source of the information is the institution that completed the transaction with the consumer. Therefore, the institution contributing the information also is obligated to correct and update any inaccuracies in the information it reports.

The nature of marketing databases makes such a disclosure and dispute process very impractical, if not impossible. Unlike lenders, who need to know precise details about an individual's repayment history, marketers need only to understand the general characteristics of their overall markets.

Although marketing databases maintain information about individuals, marketers typically use these databases to make the best guess about which households might be interested in responding to a solicitation for a specific good or service. They want to deliver these direct marketing advertisements to the right household at the right time. Identifying certain characteristics of households enhances this best guess. Because marketers contact broad groups of consumers who may be interested in a product or service, there is less need for information in marketing databases to be precise. The level of precision and accuracy of credit reporting databases simply is not present in marketing databases. In fact, much of the information in marketing databases is derived from computer models, is estimated, or is presented in ranges, making a dispute process impractical, if not impossible.

Providing a disclosure to consumers would be of little benefit, but such access likely would pose a greater threat to privacy than currently exists. The nature of information in marketing databases would require that identification authentication depend largely on name and address, which is widely available in public sources, such as telephone directories. This limitation would greatly constrain the ability of businesses to validate consumer identities for disclosure purposes. Access requirements, therefore, should be constructed by balancing the benefits to consumers against the security risks to them and the costs to companies that hold the data.

Allowing access to marketing databases would be enormously expensive. Existing database architecture would have to be redesigned and disparate databases linked together to form name-driven profiles, creating the very databases that most want to avoid. Large customer service staffs would have to be hired and stringent security safeguards put in place. While that expense is justified and necessary with regard to information governed by the FCRA, it is of questionable value for data collected only for marketing purposes.

A consumer's current ability to opt out of having their name shared for direct marketing purposes satisfies the underlying concern about privacy without imposing undue and unnecessary costs to businesses and risks to consumers that would result from access requirements.

Conclusion

Congress and the State legislatures have clearly articulated that consumers should have access to sensitive information such as credit and health information. The State of Washington has addressed the issue of access as it relates to retail and financial account information by providing consumers the right to view and delete information that is the result of identity fraud.

Even without legal requirements, though, most businesses readily provide easy consumer access to account information, both as a service to customers and to ensure accuracy of the information. Many Internet-based companies also provide access to account information they use to predict customer preferences.

Now lawmakers are considering whether to mandate that companies provide access to general marketing information that is widely available in the commercial marketplace. This information is used solely for the purpose of predicting to what offers for goods and services a household might be most likely to respond. Due to its nature, marketing information, which is largely based on publicly available, inferred or modeled information, has no commercial viability for the purpose of making substantive decisions about credit, insurance, employment or other such activities. In fact, the Fair Credit Reporting Act already regulates information used for these purposes.

The real question, then, is whether it is necessary for law to insist that consumers have access to private databases used solely for marketing purposes. Is legally mandated access to marketing databases in the public interest, particularly when compared with the privacy, security and cost issues raised by the access requirement?

In summary, lawmakers and regulators would be wise to continue a legislative policy of requiring access only to sensitive information, and to leave further development of how access should be provided to non-sensitive information Ð like information used for marketing Ð to the marketplace and technology.

Notes

[1] Privacy Online: Fair Information Practices in the Electronic Marketplace: A Report to Congress, Federal Trade Commission, May 2000, p. 3.

[2] Final Report of the Federal Trade Commission Advisory Committee on Online Access and Security, Federal Trade Commission, May 15, 2000, p. 4.

[3] Revised Codes of Washington, Chapter 9.35.

[4] 45 CFR § 164.524(a).

Free Speech | Data Privacy | Government Surveillance | Cryptography | Domain Names | International | Bandwidth | Security | Internet Standards, Technology and Policy Project | Terrorism | Authentication | Right to Know | Spam
Navigation bar
Our Mission / Get Involved / Staff / Publications / Links / Search CDT / Jobs / Action!
Previous Headlines | Legislative Tracking | CDT's Privacy Policy
  The Center For Democracy & Technology
1634 Eye Street NW, Suite 1100
Washington, DC 20006
(v) 202.637.9800
(f) 202.637.0968
Contact CDT

Copyright © 2005 by Center for Democracy and Technology.
The content throughout this Web site that originates with CDT can be freely copied and used as long as you make no substantive changes and clearly give us credit. Details.
CDT Mission Get Involved Staff Policy Posts Resource Library Search the Site Jobs Take Action