Beware the Third-Party (Temporary) Database

They’re out there everywhere, even more so than the humongous, permanent databases like ChoicePoint, Acxiom, Experian, Equifax, TransUnion, etc. They are assembled on a temporary basis for a specific purpose, usually for a mailing to several million households. They can end up in the largest of metropolitan areas or on the rural back roads of any state.

I am talking about third-party databases that are created solely for the purpose of mailing a company’s products or services, and involve a very specific selection technique that often requires the use of personal data. In addition to your name and address, this could include age, income, ethnicity, travel habits, religion and politics, home equity, credit cards carried, reading choices, likelihood of being a drinker or gambler and much, much more. You get the idea.

The most likely places these temporary databases end up are: printing companies, mailing houses, advertising agencies, computer service bureaus, fulfillment operations, list brokers, list managers, and market research firms. And then there are the delivery services: UPS, U.S. Postal Service, Fed Ex, DHL, etc. Earlier this year, UPS lost computer tapes with the private information of 3.9 million CitiFinancial customers. They were in transit to a credit bureau.

I worked for one of the giant database compilers and during my indoctrination period, was sent to the home office for orientation into the company’s various procedures. On the day we visited the data processing department, the thing that stood out was not the impressive amount of computer equipment that was all around us, but it was the massive inventory of computer tapes that were stored in the tape library. Thousands of tapes, row upon row.

My usual curiosity got the best of me and I started asking questions about what was on the tapes. The answer was that many of them contained raw data for input into the master file, but the largest number included transactions of list orders (names and personal data) that had been prepared for junk mail companies. Commenting on a stack of tapes in disarray, the head of the department told me that it was often necessary to ship out hundreds of tapes with the names and private information to themselves (the same company address), just to make room for inventory during those few days of transit.

But the sleeping giants of third-party databases are the computer facilities that perform what is known in junk mail as the “merge/purge.” This is a matching process where millions of names and personal data are fed into the computer simultaneously to eliminate duplicate names. In the process, this procedure also extracts meaningful data that can be used later to draw comparisons and to pry even deeper into the everyday lives of the typical household.

So what happens to these computer tapes after they have fulfilled their job? They are supposed to be returned to the original computer service bureau maintaining the database, or scratched (meaning, erased). In a number of instances they are returned, but in many cases they languish in the third-party locations, mostly forgotten, and eventually just end up on a shelf with minimum or no security.

Third-party use of consumers’ private information by financial institutions is controlled by the Gramm-Leach-Bliley Act, passed in 1999. They are required to notify customers when their data is supplied to third-party vendors. The time has come to expand this approach to all data of a personal nature in order to curb the current identity crisis.

This problem is not just a figment of my imagination. These are either first-hand observations by myself, or they are reported fact from individuals who maintain control over the ordering and shipping of names and personal data, and/or the junk mail companies that receive them.

Your private information continues to remain in perpetual jeopardy, and the only answer is to pass federal legislation that gives you control, and, in the process, pay you for its use. Don't you agree?