Consumer profiling: Data brokers know more about you than your mom or Google

Most people don’t understand how much data brokers know about them, or that it’s more than Google, the government or their family might know about them. To help folks better understand how their personal information is categorized and sold, the FTC studied the following nine data brokers: Acxiom, CoreLogic, Datalogix, eBureau, ID Analytics, Intelius, PeekYou, Rapleaf and Recorded Future. “Just one of the data brokers studied holds information on more than 1.4 billion consumer transactions and 700 billion data elements and another adds more than 3 billion new data points to its database each month.”

FTC Chairwoman Edith Ramirez explained, “The extent of consumer profiling today means that data brokers often know as much – or even more – about us than our family and friends, including our online and in-store purchases, our political and religious affiliations, our income and socioeconomic status, and more. It’s time to bring transparency and accountability to bear on this industry on behalf of consumers, many of whom are unaware that data brokers even exist.”

In the report, “Data Brokers: A Call for Transparency and Accountability” (pdf), you’ll find the “identifying” data you probably suspect will be there like name, address history, phone number, email address and even longitude and latitude. These brokers also have “sensitive identifying data” like your social security number, your driver’s license number, and birth dates for you and each person in your household.

Demographic data is there, such as age, height, weight, gender, marital status, congressional district, country of origin, race & ethnicity, ethnic and religious affiliations, religion (by surname at the household level), language (and which language if it is a foreign language household), and/or if it is a household with Hispanic or Latino origin. Other demographics collected include the presence of elderly parents, children, a grandparent, or a veteran in the household. Then there’s occupation, white or blue collar employment, and even a “work at home flag.”

Court and public records are collected and sold as well as 14 pieces of data about your vehicle – car, truck, boat or bike – from VIN to propensity to purchase new or used. These brokers know how much you paid for your house, or your rent amount, the amount of your home loan and interest rate, and your heating and cooling bills. From the number of baths to the type of roof, the home and neighborhood data collected is broken down into 23 separate pieces of data.

The data brokers offer products in the three broad categories of people search, marketing, and risk mitigation. In 2012, the nine data brokers in this study generated a combined total of about $426 million in annual revenue. Since data brokers “sell both the actual and derived data elements to their clients,” it’s important to realize how deep the rabbit hole goes.

Here’s the list of General Interest Data: Apparel Preferences, Attendance at Sporting Events, Charitable Giving, Gambling – Casinos, Gambling – State Lotteries, Thrifty Elders,  Life Events (e.g., Retirement, Newlywed, Expectant Parent), Magazine and Catalog Subscriptions, Media Channels Used, Participation in Outdoor Activities (e.g., Golf, Motorcycling, Skiing, Camping), Participation in Sweepstakes or Contests, Pets, Dog Owner, Political Leanings, Assimilation Code, Preferred Celebrities,  Preferred Movie Genres, Preferred Music Genres, Reading and Listening Preferences,  Donor (e.g., Religious, Political, Health Causes), Financial Newsletter Subscriber, Upscale Retail Card Holder, Affluent Baby Boomer, Working-Class Moms, Working Woman, African-American Professional, Membership Clubs – Self-Help, Membership Clubs – Wines, Exercise – Sporty Living, Winter Activity Enthusiast, Participant – Motorcycling, Outdoor/Hunting & Shooting, Biker/Hell’s Angels, Santa Fe/Native American Lifestyle, New Age/Organic Lifestyle, Is a Member of over 5 Shopping Sites, Media Channel Usage – Daytime TV, Bible Lifestyle, Leans Left, Political Conservative, Political Liberal,  and Activism & Social Issues.

Health data covers 15 specific points, but that seems a bit misleading since just “one” bulleted point states: “Purchase History or Reported Interest in Health Topics including: Allergies, Arthritis, Medicine Preferences, Cholesterol, Diabetes, Dieting, Body Shaping, Alternative Medicine, Beauty/Physical Enhancement, Disabilities, Homeopathic Remedies, Organic Focus, Orthopedics, and Senior Needs.”

Financial data is broken down into 21 specific data elements; are you starting to “see” how easily billions of data elements are collected and sold? Go to page 97 in the report (pdf) to see more specifics, but here’s the list of 18 data elements for social media and technology data, as well as the 29 elements of purchase behavior data.

The FTC wants Congress to require the data broker industry to be more transparent and give consumers more control over the personal data that is collected. You can check out the summary of what the FTC is recommending for data brokers that provide people search, risk mitigation and marketing products. Or look at the study examples of how the brokers take your data, some of it very sensitive, and make assumptions about you before selling that along with your consumer profile. It’s fairly unpleasant and way past time for data brokers to be under the legislation gun.

Like this? Here’s more posts:

• Hacking hotels, shells, cellphones, cars and more mischief coming to Black Hat
• Microsoft knew about ‘new’ Internet Explorer zero-day for 7 months but won’t patch
• Yikes, ICS-CERT reminds public utilities about dangers of remote access without firewall
• New NSA Chief expects attacks attempting to damage, destroy critical infrastructure
• Huge demand for NSA-proof email: ProtonMail uses a month’s server capacity in 3 days
• Smart toilet spying on health is a hoax, but is there privacy in a public potty?
• No reasonable expectation of privacy when third parties cross the creepy line?
• Over 70% of energy and financial firms say cyberattacks coming within 12 months
• Microsoft shares 2 cybersecurity papers to protect infrastructure and supply chain

Follow me on Twitter @PrivacyFanatic