Search This Blog

Friday, May 30, 2008


Junk mail data broker, Acxiom, has just announced that it will introduce a new service, FactCheck-X Authenticate, to business clients based on unique biographically based questions asked of online customers that are designed to qualify them with the company they are contacting. This could be logging into your stock portfolio, accessing your bank statements, or perhaps even looking at your medical records. In an article on, “businesses are more secure and customers can experience a better online authentication experience.” I doubt the latter, and here’s the reason why.

In 2005—and if anyone finds a later report please let me know—the non-profit Privacy Activism did a study to determine the accuracy of biographical information in two major data brokers, Acxiom and ChoicePoint. Acxiom’s authentication, above, is based on biographical data. It was discovered that even in the most basic information like name, address, phone number, Social Security number, errors were found in 67 percent of Acxiom’s reports. If this has been corrected, I welcome factual substantiation that it has. provides insight into some of those biographical questions inquiring consumer minds might be faced with.

• In what subdivision do you live?

• Where does your brother Mike live?

• Select a state which you were previously licensed to drive.

• How many fireplaces are in your current residence?

OK, what if both Mike and I just moved? Will Acxiom allow for this mistake, and then ask where the former residences were? The fact that they are asking anything about my driver’s license bothers me, but I guess telling them about my fireplace won’t hurt.

Jennifer Barrett, Acxiom’s chief privacy officer, won’t reveal specific sources of your biographical data, but adds that it did come from “public document files and private sources.” She also cites the Patriot Act as a crutch for doing this, which immediately throws up warning flags and reminders of NSA’s warrantless spying. Lee Tien of non-profit Electronic Frontier Foundation sees no advantage to the service. Others can find out many of these facts about you, and her opinion is that a random, newly assigned PIN would be safer.

I did a post in February of this year where it is shown how your name and personal information are eternalized—similar to your name and date of passing on your tombstone—in data broker databanks across this country and throughout the world. The major companies responsible for collecting your private information and archiving it forever are Experian, TransUnion, Equafax, ChoicePoint, and of course Acxiom. The first three are also credit bureaus, holding your most precious credit data as well.

In March of 2007, another post was done on Acxiom’s new connection to May Company stores, which were eventually converted to Macy’s. Acxiom was enhancing the Macy’s list—including Bloomingdale’s, also a part of Federated Stores—with customer personal data, among which is your age, income, plus a number of other demographic characteristics, then purchase and lifestyle behavior like health interests, religion, credit cards held, politics, cell phone owners, investments, reading and vacation habits, and wine drinkers. If you are a Macy’s or Bloomingdale’s card holder—there are over 3.6 million—go to this site to see what all they know about you.

So the next time you shop at Macy’s or Bloomingdale’s online, they might ask you if you have arthritis, or if you like baseball, if you are on a diet, what shape your houseplants are in, or how was your recent skiing trip? If you can’t answer the questions, don’t be surprised if they hesitate to sell you a collar for your cat, which they already know you own.

Thursday, May 29, 2008


This is the first in a series of posts on the 2008 presidential candidates’ positions on privacy. With identity theft the number one consumer threat to Americans today, you would expect at least the Democrats to be coming out full-bore with promises to secure our sensitive data. The Dems used to be the party of the people, protectors of individual rights, but that has gone by the wayside in favor of just winning elections. I even contacted the Obama campaign at the national and local levels because of his cry for “change.” There was no response. But then this is about John McCain.

Although it seems apparent that this candidate plans to carry out many of the policies of the Bush administration, he did stray recently by stating that he didn’t believe Congress should immunize the phone companies for liability in the NSA warrantless wiretapping. See Electronic Frontier Foundation.

According to Michael Arrington, a blogger and former corporate attorney, McCain’s reply to a question re. the government’s role in preventing identity theft and protecting online privacy: "I think the best solution is continued consumer education and business innovation to try [to] come up with further safeguards." This is from an interview Arrington had with McCain back in late 2007, and reported by Tech Policy Central.

Along the same lines in the Los Angeles Times blog, a McCain representative speaking on behalf of the candidate at the Computers, Freedom and Privacy conference held earlier this month, indicated that “McCain preferred a more market-oriented approach to technology issues.” Although directed primarily at the Internet, it is further substantiation that the Republican will act like a Republican, favoring big business over the consumer. The latter my comments.

If you go to McCain’s presidential election site, you won’t find any commitments to protecting your privacy. There is a page of “Issues” that lists fourteen topics, from the economy to the space program, but nothing that says he will address the ID theft problem and individual privacy in general. Earlier in an MSNBC article, the candidate states that he will talk about consumer issues during the course of his campaign.

In another recent blog by Lindsay Byerstein, Majikthise, she feels that McCain could be entertaining an advocacy of executive power even more extreme than the Bush doctrine. This stems from the presidential contender’s comment at Wake Forest University recently that “activist” federal judges were usurping the power of state legislatures. Byerstein wonders whether McCain is recommending that the Executive branch now assume full responsibility for interpreting the Constitution. She quotes Jeffrey Toobin, attorney and legal expert for The New Yorker and CNN who compares McCain’s position with Bush who expressed contempt for judges who “legislate from the bench.”

In Toobin’s The New Yorker piece, he observes the candidate’s reference to “penumbras” and “emanations” used by the Supreme Court as a way of skirting “clear and rigorous constitutional reasoning.” Not accidental, the use of the two terms penumbras and emanations says Toobin; the same words coming from William O. Douglas in 1965 in a ruling that a state could not deny married couples access to birth control. In the court case, Griswold v. Connecticut, it was also the first time the Supreme Court recognized a constitutional right to privacy.

Wednesday, May 28, 2008


If you haven’t already heard of it, OpenID is a shared identity service that lets Internet users log into a number of web sites with only one digital identity. This eliminates the need for a user name and password for each site. In a Washington Post article by Brian Krebs, “The key to your online identity [in OpenID] is the use of a Web or blog address, such as”

An OpenID is obviously no more than a URL, which simplifies things if you already own one. Then you have to pick a provider like Live Journal, Vox, VeriSign or MyOpenID. By using your online identity at a site accepting OpenID, you then have to confirm your identity credentials, and you’re in.

From what I can tell by visiting the four providers mentioned, the most personal data you give up to join is date of birth. You may be asked for additional private information later as a member when participating in company promotions or sweepstakes. And this data could be shared with outsiders. But the only site asking for a full name—almost completing the formula that could trigger identity theft along with date of birth—Is Vox, and they also want your gender. MyOpenID and VeriSign offer passwords along with normal industry standards for security. Vox and LiveJournal add to that SSL encryption to protect some data transmissions.

Bill Gates said Microsoft would throw their support behind OpenID, but, then, MS attempted to control online IDs with MSN Passport a few years ago which never caught on outside the company. Yahoo and Google also tried their own versions. Maybe it took a new set of entrepreneurs to get things rolling, because it is reported that there are over 160-million OpenID-enabled URIs (Uniform Resource Identifier), and nearly ten-thousand sites supporting this kind of login.

There are mixed reviews with advocates feeling OpenID can both prevent and open the floodgates to phishers and scam artists. But I think we have long since accepted the fact that if sensitive information that can lead to ID theft is available out there, the bad guys will find a way to harvest it. Prove me wrong, but I don’t think this is any different. There is another site from the WP article that provides more depth to the technology of OpenID that I am linking to here.

The upside is plainly convenience. The downside—and you’ve heard this many times from me—is that the OpenID is yet another process of creating a community of databases with at least four players already collecting your personal data. Since this new-found brainchild from geekdom will open the way to every portal on the Internet with which you have an association, and potentially could expose your complete world of private information, don’t you think you should demand some major controls over its security?

I’m not crying wolf before he’s in the henhouse, but at the least I would like to hear more from this new industry about what their plans are to protect your sensitive data, and just what safeguards will be put in place to combat a potential disaster of data loss when it happens. And we know it will…eventually.

Tuesday, May 27, 2008


According to a “Letter to the Editor” in my local newspaper, youth voters are predicting a revolution in the election process, and all signs point to a culmination of this promise in November of 2008. The young lady refers to a “reigning generation” that laments dropping a lousy situation in their laps, but she complains that the same group never asked for her or her peers’ input on the issues. Further, the younger constituents have only had the experience of two presidents to help them establish their opinions in the political process, and neither has been what they consider presidential role-models.

In the past, the youth vote has had poor turnout at the polls leading some candidates to believe they don’t deserve much effort. But a recent article in Readers Digest claims there is a new group, ages 18 to 29 called the “Millennials,” that is finding its voice, and plans to use it in the November 2008 election. They profess to be leaving you “Apathetics” behind, and do something about their future. They also accounted for 28 percent of the identity theft victim complaints in 2007, indicating to me there must be concerns for the protection of their names and personal data.

While Millennials are more liberal than their parents, they aren’t as interested in universal health care as simply reducing health care costs. They support gay marriage, but have become more religious in recent years. They voted first in 2000 when they directed their attention to John McCain because of his call for “shared sacrifice and community service.” The Arizona Senator may not be able to expect that same support in 2008. In 2004, Millennials cast almost as many votes as those age 65 plus.

In another piece on the Millennial revolution in the Zero Beta blog, 80 percent feel the economy is very important, followed by 61 percent who felt the environment was the major issue. According to one report, 40 percent of the “M” crowd is Independents, 35 percent Democrats and 25 percent Republicans. And they aren’t poor or uneducated; they are middle class, educated and savvy. But Zero Beta says the Millennials need incentives to get them to the polls, and they haven’t had them in recent years…not until now.

RD found that there was “widespread disillusionment” with the Bush administration, and apparently not a full endorsement of the Democrats by the M folk. They are firmly against the Iraq war, and want to see a sense of morality and good deeds return to the White House. Christina Gagnier of puts it this way: “…we’re entrepreneurial, not for the traditional purpose of making money but for doing social good.” The White House and congressional leaders could do well by adhering to those values.

I am always looking for a grass-roots base for support in my concept that individuals should be granted control over their names and private information, and be compensated when it is sold as incentive to take on this new responsibility. On the latter, the M crowd is the perfect age group to share in this supplemental compensation to their retirement of an average of $607 each month.

Time will tell just what the Millennials want in their next President, but hopefully one of the qualities is that he or she endorses an agenda for them to take back the rights to their privacy.

Monday, May 26, 2008


If you watch American Idol (I don’t), you know that the voting that crowned David Cook the current “Idol” was a record 97.5 million votes cast. Of that, 82,875,000 were age 18 and over. I will get into some other interesting age demographics later. But this is a commendable accomplishment for an event that is entertainment only, and which has no real bearing on the future of this country. Or does it?

In the 2004 Presidential election, 64 percent of the 197 million citizens age 18 and older (126 million) voted. But of the 72 percent that took the time to register (142 million), 89 percent indicated they voted. Big difference in those percentages, proving that to get out the vote, you have to get people to register first. Duh! Independents totaled 26 percent of the voting population; Democrats and Republicans were 37 percent each. So what’s the problem, you say? Looks like the apathetic way American voters have always approached their elections, and that, I tell you, is the problem.

Here are the statistics to prove it. The 97.5 million Idol votes in 2008 were 23.5 million more (31.8%) than the 74 million in 2007, when another very popular contestant by the name of Jordin Sparks won. Now compare that with Presidential voting in 2000, where the turnout was 60 percent, only increasing to 64 percent in 2004, an increase of only 6.7 percent. Keep in mind that in both 2000 and 2004, there were critical issues at stake to this country, and concerned Americans should have rushed to the polls in droves. But they didn’t. So they ended up getting what they deserved.

Back to my earlier point reflecting on how American Idol mirrors the pitiful state in which this country finds itself. Don’t get me wrong; I am not blaming the TV show for the state of our affairs. That’s our own doing. What I am saying is that if the American public can become so focused on a purely entertainment media event, why can’t we use this same enthusiasm in exercising our right to vote? The answer is that Idol provides release, and Presidential elections only give us decisions to make that will determine how the country is run. And of course they are tough decisions, but if you want to be a voice in the political process, you had damn well better get to the polls in Noverber.

Here are the demos promised earlier: Of the American Idol votes in 2008, 84 percent were age 18 and over; 34 percent were 50 plus; 11 percent 65 plus. The 25 to 49 age group was largest at 43 percent. Don’t know what you were thinking, but that blows me away. I had visualized the demographics as pre-teen to around age 35, but not 63 percent of the Idol voters over age 35.

This tells me that a TV show like American Idol can capture a large percentage of the public’s attention, drive them to the polls to record their votes, increase participation in subsequent years, while duplicating the same event on an annual basis. And it is this statement in comparison to Americans’ presidential voting habits that is a sad commentary on our values.

The answer has not been found in the two-party system we have today. Republicans have doomed the ethics of the voting system to a number of years necessary to repair itself. But Democrats have allowed them to do it, and have offered nothing as a fix.

If you recall earlier, Independents now represent 27 percent of the voting public, and growing by the day. If you want to help restore this country to a representation of the people over big business and lobbyists, take a look at the Independent movement as a possibility. I am convinced it is the only answer to renewed protection of our names and personal data, and the privacy of this country’s citizens in general. Check out the Web site for Independents: Committee for a Unified Independent Party (CUIP). I did and found a home as an Independent.

Thursday, May 22, 2008


Our American way of life dates back to the 17th century, and is based on individual rights including life, liberty and the pursuit of happiness. The one thing that separates one person from another is a unique personality that comprises habits and lifestyle characteristics. The given, and legal, way we differentiate between the population is with names and personal data. No one could experience the American Dream without them but alas, we have sorely lost control over this most precious of possessions. And this is where the story begins today on how to help solve a bleak retirement outlook.

That is the subject of a recent article on MSN’s Money Central. With only a few Americans contributing to their retirement accounts—and in small amounts when they do—the article determines that the outlook is definitely bleak. Only 14% gave to themselves in 2006. In another discouraging statistic, just 60 percent of workers between 21 and 64 (58 million) work for companies that have retirement plans. The outcome is that half of all working Americans do not have the means to live comfortably when their ability to perform in the marketplace is over. Washington: we have a problem.

Before the total picture became so dismal, I blogged on this several times suggesting how those that depended on Social Security could supplement their income with junk mail. Today it has become a necessity for all. To understand the predicament, it has been estimated that a 65-year-old couple retiring in 2007 would require $215,000 just for medical expenses over 20 years, not including the unreal costs of nursing homes, assisted-living facilities or home health care. And it is sure to get worse.

Today if you retire, nearly 40 percent of your receive your income from Social security, just over 19 percent from pensions and annuities. Then there are 23.7 percent who get it from earnings, 15.4 percent from assets like IRAs. But in low income households, 87.6 percent of their retirement comes from Social Security. As the article suggests, if you are in that group that has hesitated to plan for the future, now might be the time to change your habits.

So even if you can look forward to some retirement income, chances are that it won’t be enough, and it will have to be supplemented. So how do you do that? I just happen to have an answer. You can add to what you will have available in retirement using your junk mail purchases. If you are still in your teens, you could have an additional monthly income averaging $607 monthly. Nothing to do but shop through junk mail, and have a portion of the revenue made from selling your name and personal data put away for you to tap at age 65. To learn how this is done, see the posts here, here and here.

Basically, it involves placing one-half of the $4 billion made each year from the sale of consumers’ names and private information. Why not? Without you, and millions of others like you, the junk mail list industry would have nothing to sell. Place this money in an interest-bearing account and at maturity it could amount to an average $607 each month for the individual. The latter is figured at simple interest, and with more aggressive methods of investing, could be much higher.

What could be simpler?

Wednesday, May 21, 2008


The day has finally arrived. On Monday, Google launched its personal health records (PHRs) information service, which combines their search capabilities with consumers’ personal health records online, according to a Reuters’ article on MSNBC. Microsoft also recently introduced its own version, HealthVault. Google will warehouse participants’ basic medical history, and will collect additional data relating to their condition. There will be links to doctors including their specialties, U.S. pharmacies, medical testing labs, and doctors’ groups. There will be a “virtual pillbox” for notification to take prescriptions, and there will be a warning for potential drug reactions. Users can schedule appointments with their caregiver, refill medications, and get diagnostic results online.

It’s all wrapped up in a neat package, but Reuters says “while medical providers are covered by U.S. privacy laws, there is little in the way of established privacy, security and data usage standards for electronic personal health records despite decades of industry effort.” However, in yesterday’s post Jay Cline reported in Computerworld, “free-standing PHRs are subject to consumer-protection laws that prohibit false statements and impose security requirements.”

Confused? Go to My PHR, a site sponsored by the American Health Information Management Association (AHIMA), scroll down to “Access and Privacy Laws.” Click on the sixth question. Here’s the Google Health site. And I haven’t overlooked Microsoft; did two posts on them in October of 2007 here and here.

There are other players. Dossia Founders Group consortium of large employers providing independent, lifelong health records for employees, their dependents, retirees and others. This is another database of health records where participation is voluntary, but the individuals do have complete control over who sees the information. Next, WebMD Health Record, the forth database of health information we’ve covered, available free, which works in coordination with WebMD Health Manager.

Finally, and the fifth database to be introduced in the market so far, Revolution Health, run by former AOL CEO Steve Case, with notable board directors like former secretary of state, Colin Powell, and former Hewlett Packard CEO Carly Fiorina. Fiorina was leaving HP at about the time the company was embroiled in the pretexting controversy involving the illicit collecting of board member telephone records in an investigation over who leaked confidential company information.

So we have now arrived at the number of at least five personal health record databases being created where personal data will be housed along with our private health information. Two companies, Microsoft and Google, are at least capable of, if not already at some level of encryption of their data. The other three I am not sure about. If ever there was the need for safe encryption, it is certainly demanded in a depository of the ultimate in personal sensitive data

However, what is missing in this new technology is major control over its security, and the promise that it won’t become a marketable commodity like the junk mail industry’s mailing list business which already chronicles our lives in databases and sells it on the open market in the amount of over $4 billion each year. The question, of course, is will we get that promise, and from whom?

Tuesday, May 20, 2008


In yesterday post, I quoted from a Computerworld article by Jay Cline that believes the needs of the medical community for personal health data will outweigh the privacy concerns within five years. Don’t know where the timing comes from, but my guess is it will happen sooner.

Cline hits all the right buttons on construction of the database, like limiting it to one location, simplification of files and patient access among them. But he lost me when he implied that there may be no limit to what might be included in the database. Like I pointed out yesterday, the junk mail data brokers started with small collections of information on consumers several years ago, and today there is very little they don’t know about American households. The problem with this is that they share it with government agencies almost at will, and sell it to the tune of $4 billion annually. A practice that has proven itself highly conducive to identity theft.

What really frosts me is a statement by the author that is tragically true: paraphrased, it indicates that the U.S. would have to look to European Union standards to meet the standards that privacy advocates would certainly ask for in this kind of program. They are:

• Consumer total awareness of what is in personal health records (PHRs)

• Complete user access

• Data integrity (common sense but sorely lacking in U.S.)

• Best available security.

• Voluntary participation

• Control over individual health information

• Strict enforcement for violators

This is perhaps one of the saddest commentaries on congressional leaders that have been totally inept in passing privacy legislation to protect their constituents.

Advocates are concerned what a user, other than the consumer whose data it is, might do with the information. Good point, and the way to solve this issue is to limit outside use to only that approved by the individual, unless under emergency conditions. Then, only the caregivers involved should be able access it.

Cline offers a coalition in healthcare similar to the retail industry’s Payment Card Industry Data Security Council. However, TJX (TJ Maxx, Marshalls) was in compliance with PCI standards when it lost 94 million credit and debit card holders’ account numbers to hackers trolling one of the TJX store’s parking lot with wireless equipment.

I am not for big government, but there are some things that are better handled at the federal level. Like the Federal Trade Commission’s Do-Not-Call registry with over 150 million people signed up. It is one of the FTC’s most outstanding success stories and could be repeated in the personal health records controversy (PHRs), possibly best in coordination with an agency like the National Institute of Health. The article does mention that PHRs are subject to consumer protection laws. That could bridge the gap until consumers are granted control over their names and private information, which should include their medical data.

Next post: What companies are competing for the personal health data, and how does the Health Insurance Portability and Accountability Act of 1996 (HIPAA) fit in the scheme of things?

Monday, May 19, 2008


The jury is still out but the heat is still on to collect and computerize our personal health records (PHRs). One opinion has it that benefits will “eclipse” privacy concerns. And with certain reservations, I agree. As staunch as I am for individual rights to control our names and private information, if you are in the hospital emergency room with a family member, you want them to receive the best possible care, and most agree that can happen only if the caregivers know the patient’s personal health history.

Jay Cline’s opinion piece in Computerworld, “Benefits of personal health records will eclipse privacy concerns,” makes a good case, concluding that the debate will be over in five years, but many privacy advocates who actually anticipate the inevitability, still want to see better control. Over both the PHR providers and by the individual concerned. Cline says there will be six prevailing stipulations of this kind of database.

• A single repository combing multiple sources.
• Simplified, easily searchable files.
• Doctor’s trust
• Understandable to the patient.
• Patient can add and flag incorrect information
• Patient controls who sees what

But when he gets to what will be included in the database, he makes the statement that, “The sky is really the limit…” And to me that is really scary, because that is how the junk mail companies like ChoicePoint, Experian, Acxiom, Equifax, TransUnion and other data brokers started years ago. With your name and address, and a few other items like age, income, education and occupation. That eventually expanded into what we read, drink and smoke, and whether or not we gamble. Who we vote for, what our religion is, our surfing habits online, the charities we favor, how we invest, and of course the precursor to today’s subject, what ailments we have and what medications we take. Yes, it’s all out there and for sale.

Promised data to the PHRs contains the following: prescriptions; drug allergies; immunizations; illnesses and hospitalizations; test and clinical records; living wills and other info you can see by going to the Computerworld article in the above link. I did a series of five posts you might want to refer to on this issue: “Medical Identity Theft Also Needs Your Attention…And Now.” It provides the background on what can happen when the bad guys steal your medical identity, and why it is so important for this private information to be protected.

In another of my posts, “Warning Out on Health Data Storage Sites,” there is a report issued by the World Privacy Forum in February of 2008 about the hazards of giving up your personal health records. The catch, according to the WPF, is that most of these companies are not subject to federal regulations relating to consumer privacy and security. It is for that very reason that I feel the right solution is only one database—as Cline specifies—operated by a non-commercial entity, with its own set of privacy rules backed by federal enforcement.

Next post: How the U.S. must take its privacy guidelines, even in healthcare, from the European Union.

Friday, May 16, 2008


Any way you look at it, it’s junk. I’m talking about the tons of unwanted mail that overwhelms many Americans each year. The average household receives 800 pieces of junk mail annually, much of it not welcome to the people receiving it.

But, before reading further, check out the launching of the latest effort in the Do-Not-Mail war: This is a well-planned and calculating campaign to convince a lethargic Congress that some people are fed up with junk mail. I have been swapping comments with its founder, Rezzie Dannt, for over a week now on Center for Media and Democracy’s

The nucleus of the Junk Mail Revolt is to load up Washington with this unwanted advertising, and dump it on the desks of out of touch Congressional leaders. Like the movie, Miracle on 34th Street, where the post office piled up letters of kids addressed to Santa Claus on the judge’s desk to prove Edmund Gwenn, who was on trial as a fraud, was the real thing.

Here’s what the “Revolt” wants you to do: First, sign up on their Web site; second get a box and start collecting your junk mail; third, wait for instructions on what to do next and when. JMR also asks you to help enlist others in the fight, link to their Web site, sign a petition, and a host of other things that are easy to do but very effective if you want to join the revolt. You can see it all on their “Support” button.

Yesterday’s blog was an update on the Do-Not-Mail issue, which follows another one done on April 3, which was more environmentally focused. Two of the primary concerns in this issue are choice and waste damage to the environment. The Revolt is preference driven offering those who want to stop receiving junk mail the right to be heard, and providing an avenue to keep it out of the trash by limiting it only to those who want it.

JMR hopes to establish a Do-Not-Mail registry similar to the Federal Trade Commission’s Do-Not-Call. And I think that is a good idea. The question is whether the public is fed up enough with junk mail—compared to how they felt about junk telephone calls during dinner and shower time—to support this legislation. The Revolt says yes: in 2007 a “Zogby poll found that 89% of Americans would support a Do Not Mail registry that allows people to opt out of unwanted paper junk mail.” Unlike the ineffective Mail Preference Service of the Direct Marketing Assn., an FTC Do-Not-Mail list could be another huge success.

But there are obstacles. One in particular was covered in yesterday’s blog, where I noted that we have, “a Congress that pretty much does what the lobbyists tell them to do—and I can assure you from my 35 years in the junk mail industry there is a strong lobby—so we could probably expect a law that is pro-business, leaving the consumer at their proverbial spot at the end of the line.”

That’s all the more reason you should get behind the Junk Mail Revolt if you don’t want the stuff, and give them your full support.

Thursday, May 15, 2008


After two weeks of my taking care of things in addition to protecting your name and personal data, the “Do-Not-Mail” issue jumped back into the news on May 5. In the Center for Media and Democracy’s PR site, Anne Landman has done the constituents of “Leave my mailbox alone” a great favor. She examines the subject from all directions, and narrows it down to some alternatives that she feels are appropriate. Of course I could not resist commenting on her piece by espousing my concept that the answer is for consumers to be granted control over their names and private information.

My last blog on the issue was April 3, which started with the whining of junk mailers over the DNM idea, and proceeded to refute some facts and statements made by opponents of a do-not-mail law. There are arguments on both sides. For example, the junk mail industry is concerned that legislation could be passed that stops all junk mail, regardless, which would be bad. There are those who want it, just like another similar issue, smokers, afraid they would be banned from the world. It didn’t happen, and “limiting” junk mail will not sink an industry, nor put the U.S. Postal Service out of business.

Landman reminds us of some pros and cons of this kind of federal law that are worth reviewing. As already stated, the doomsday argument is not valid, and since it would probably be run by the Federal Trade Commission, and if the Do-Not-Call registry is any example, a DNM registry would be equally successful. But Landman reminds us of the pitfalls of a Congress that pretty much does what the lobbyists tell them to do—and I can assure you from my 35 years in the junk mail industry there is a strong lobby—so we could probably expect a law that is pro-business, leaving the consumer at their proverbial spot at the end of the line.

Next, the author brings up one of the real laughables in junk mail; the Direct Marketing Assn.’s “Mail Preference Service,” which is supposed to relieve its roster of most unwanted mail. The key word here is “most,” since it only applies to the DMA membership and those numbers are small compared to the total number of junk mailers, which means even saying most is an exaggeration. On top of that some of the largest junk mailers are not even in the DMA, like the Herrington catalog. I even caught a former colleague recommending to his clients to use the MPS list, reasoning since they weren’t getting much mail, their response would be good. He was right.

Another of Landman’s sore spots is the way corporate America displays its privacy notices in type size that requires bi-focals within bi-focals. We’re told they “might” share your name with other companies, the same wording you see on most every catalog mailed. However, they never come right out and say they will sell you names and personal data for an industry total in the list business of $4 billion a year. And there is always a “gotcha” when they offer freebies which usually means you have to turn over sensitive data to get it. Land refers to this as “address harvesting schemes.”

Her alternatives to a Do-Not-Mail list are: a paid postcard or toll-free number for opting out of a list; the post office could just quit delivering mail to “occupant;” or just adhere to the Rowan v. U.S. Post office law upheld by the Supreme Court that allows consumers to say they don’t want certain mail.

I still like my concept better. Grant consumers control over their names and personal data, and compensate them when it is sold as an incentive to assume
this new responsibility.

Tomorrow: the Junk Mail Revolt.

Thursday, May 01, 2008


First, one of the biggest recently, by Hannaford Bros., a grocery chain based in Maine, that sports the largest personal data breach of 2008; the loss of 4.2 million credit and debit card numbers. See my Apr. 2 post. It took place while shoppers were swiping their cards in checkout lines. But it was only numbers, not connected with the owner’s name and address, so no chance of ID theft, right? Wrong! There have been 1,800 cases of fraud so far, and the company actually expected more. So what happened? Gartner research analyst, Avivah Litan, commenting in a Computerworld Apr. 28 article, thinks it involved a “rogue insider.” Based on my 35 years in junk mail database marketing, it is possible that someone in the company was involved. The blog, says the fraud could have been performed “directly in the Hannaford system.” Based on the fact that Hannaford CEO, Ronald Hodge, states that the food chain does not keep any personally identifiable information on the customer, someone or something had to put the numbers back together with a name and address in order for the 1,800 individuals to be victimized.

Moving on to another case, this one definitely insider driven, a former Verizon Wireless employee who worked in telesales was charged with stealing the personal information of an unknown number of Verizon customers while he worked there from November, 2003 to January, 2005. The personal data taken included name/address, Social Security number, and/or Verizon account number. In the Breach Blog, Evan Francen says this position, along with customer service personnel, have a high rate of turnover. Obviously these people need access to the sensitive data to perform transactions connected with the accounts, but until two years ago, workers were able to see the full Social Security number, along with name and address. I am curious if Verizon still asks for SS#s to open an account, and if they do, someone is still viewing the full number, which is why privacy advocates say Social Security numbers should not be required for things other than the most weighty matters like medical and financial. Francen notes that Verizon has 69,000 employees and 65.7 million customers so their collection of personal data must be humongous. You will never prevent dishonest insiders from taking what they want, but we could solve this problem from the other end by giving consumers control over their names and private information.

And then there’s the case of two LendingTree vice presidents who are accused with stealing passwords to the personal financial information of customers seeking loans from LendingTree. The Los Angeles Times says the two former executives swiped this information and gave it to competitors. The five competitors receiving the information are named in the lawsuit but not the two former V.P.s. That sounds a bit strange, but apparently lendingTree has its reasons. Same company, on another front, LendingTree is “politely requesting” Alex Stenback, who does the Behind the Mortgage blog, to remove a comment that the company considers defamatory. Won’t expand on this because it might go into litigation and I don’t want to hurt Stenbeck’s chances to defend his 1st Amendment rights. I suggest you go to for the details. My point in bringing up this incident, and the other two above, is to emphasize that the practice of employees stealing the personal customer information being collected by the company they work for is alive and very well. You won’t change the nature of those who turn greedy, and apparently we can’t stop data breaches, so the only answer is to let the individual take back control of their sensitive data.