1997 ASIS Mid-Year Meeting Preview Creeping Peoplebases: Database Developments and Privacy Loss by Barbara Flood and

William Lutz 1997 ASIS The increasing use of databases with information about specic individuals is eroding personal privacy. There is generalized awareness of what is happening to privacy. Privacy is constantly in the media and personal privacy is a hot topic on the Net. There are even entrepreneurs who advise individuals and organizations on how to minimize intrusions. Nevertheless, the subject tends to be ignored because it is unpleasant and little understood. We intend to suggest the extent to which marketing of disaggregated information enables data purchasers to compile composite pictures of individuals to sell to other businesses. This is not Big Brother in the sense of government; this is business at the millennium.

Sources of Data
Almost every transaction results in data, whether the transaction is in the for-prot, not-for-prot or governmental sectors. There are identifying features and details of the transaction. Each of these is innocuous in itself, but each is an element contributing to the sum of personal privacy. These features and details enter some database, now in machinereadable form. The database itself may be sold or elds manipulated to generate new databases. The various sources sell data and databases across sectors. There is a gradual but escalating erosion of privacy. The process is best understood by following the ow in an example.

Development of Peoplebases: An Example

Peoplebases is the term we use for databases that contain information about individuals such that the data can be accessed under the name, some indicator or code that species or gets to the individuals. Some of this information gets into the public domain as in the following example. Each time a person signs up for telephone service, the information goes into the utility's billing database (among other databases, no doubt). This database contains name, address and phone number and other data. Name, address and telephone number are published in a telephone directory. This directory becomes the basis for a crisscross directory, in which all listings are by address, which is then merged with census tract information to form a directory for direct marketers who can target an area according to demographic variables (age, income, number of children in the household and the like). The telephone directory is also the basis of other products. A directory may be merged to form one or more CD-ROMs, which in turn are used by numerous other companies, such as genealogical data companies. Note that this directory information is in the public domain even though the directory has a copyright. Frequent names, such as Flood and Lutz, then become the basis for a merged publication of all Flood and Lutz names, addresses and telephone numbers in the United States. This is prefaced with heraldic information and standard boilerplate genealogical information. A mailer about the product is then sent to all Floods and Lutzes listed. A certain percentage presumably purchase the product. Telephone companies are not the only utilities that collate information for marketing and sales purposes. In the case of municipal utilities, occupancy information may be determined. It is then a simple matter to cross-refer to tax information and determine empty and abandoned properties for sale as tax title liens or pre-foreclosure procedures.

Telephone usage information not only becomes the basis for billing, but has also been subpoenaed in various law cases. In general these data have been covered by privacy laws, but the data are there. The availability of the data has led to both public and private new products. The familiar 911 system enables emergency personnel to determine the address and telephone number of each call. More recently the same technology has been used as a commercial product, Caller ID. This in turn led to other products such as Caller ID blocking (except for 800 and 900 numbers). Caller ID is a boon for direct marketers. When a direct marketer gets a phone inquiry, the marketing rm knows not only the telephone number, but also other identifying information about the caller. Responses to the familiar merchandise catalog provide an example. If clothing is purchased, using the all too convenient 800 number, the catalog company gains information as well as cash. The information given casually is permission to enter the data supplied by the user: item, sizes, amount, name, address, telephone number and credit card number. If a gift is sent, there is information on the name and address of that individual. At Christmas, the catalog company may send an order form with a convenient reminder of the people (names and addresses) remembered in the previous year. All you have to do is ll in the item number, etc. These may be sent or phoned back to the company. At the same time, each name on the list has in turn been sent catalogs. Before each transaction, the purchaser's credit status is checked with the credit card company, specically the one to be charged for the merchandise.

Credit Card Companies and Credit Bureaus

The credit card company receives information from the merchandiser about the purchases, as well as from other merchants where the purchaser has used the card, to generate a monthly bill. The company

now has a purchase prole, as well as information about the purchaser's payment choice (pay in full, on time, or carry a balance). These data in turn are sold to one or more of the credit bureaus, such as Experian (formerly TRW), Equifax or Trans Union. The credit bureaus gather data from credit card companies as well as other sources to provide more and more complex proles of individuals. Credit bureau information may be accessed by prospective employers, landlords and others. Many consider the combination of data held to be an invasion of privacy.

Proliferation
Every credit card company gathers a great deal of information, beginning with the initial application for the card, which often requires, in addition to identifying information, employment, income, social security number and other data. This information, along with expenditure records, can be disaggregated to form more specialized lists. Here are some examples: People who tend to spend large amounts. These are grouped so that luxury vendors may target them. Such lists are also of interest to not-for-prots to solicit donations. Lists divided by item type, such as people who tend to buy toys or camping equipment. Size information. tall, short, fat, thin, etc., can be targeted by specialized vendors.

All kinds of information become a source of offers of goods and information by mail, phone, fax and Net. Peoplebases have been mined in new and creative ways, creating innovative products. These products in turn have generated new uses.

The types of mailing lists now available are extraordinarily specic. They exemplify more and more rened marketing or narrowcasting. If done well, this marketing should generate a greater response rate (higher percentage of returns). If done poorly, the marketing effort will die. However, the market eats away at personal privacy, rather than controlling it. The individual seems unaware that each item of information has been signed away more or less voluntarily. A driver's license may require a birth date, but not a social security number; a bank may require the latter.

Person Proles
Each interaction with a government agency, for prot or not-for-prot company, whether by mail, electronically or in person, generates information about an individual. These data become accumulated into a Person Prole. Over time the prole becomes more and more rened and detailed. As we all know, as long as information is in machinereadable form, the information doesn't have to reside in a single place, but can be distributed and cumulated as needed. Information about an individual's preferences and interests can be gathered and aggregated from a wide array of sources. Although some of the information might be in the public domain (such as name, birth date, address and telephone number) or permission might have been given for the use of each item, many of us would still consider the aggregation of the data a matter of personal privacy. \We have argued elsewhere that people are giving up personal privacy in exchange for the convenience of receiving more narrowcast information and offers of goods and services. We believe the privacy/convenience trade-off is a fundamental aspect that bears investigation.

Nevertheless, people have not given permission for the cumulations. People are unknowingly ceding personal privacy. Person Proles are proliferating and becoming more and more detailed.

Where Will It End?

Consider the following scenario possible with current technology: scanning information (i.e., items purchased) in a grocery or supermarket tied to charge card information. How might an HMO provider respond to automated information about certain purchasers of potato chips? At what point do we have an encroachment of personal privacy? Corporations have security, including proprietary rights and trade secrets; governments have secrecy as well as defense; what do individuals have? Barbara Flood is consulting psychologist with the Association for Retarded Citizens/Philadelphia Developmental Disability Corp. William E. Lutz is with the department of administration and nance, Camden, New Jersey.