Black Eye for Data Industry

February hasn’t been a kind month to direct marketing. The biggest blow came when ChoicePoint acknowledged last week that thieves apparently used previously stolen identities to create legitimate-looking businesses so they could access ChoicePoint’s data, including people’s names, addresses, Social Security numbers and credit reports. The thieves operated for more than a year before the breach was discovered, and at least 750 consumers were defrauded.

At first, only 35,000 Californians were notified that their information may have been accessed because of a state law requiring companies to disclose such incidents. But that number jumped to 145,000 a few days later, and the scope has increased to other states. Other state and national lawmakers are now calling for similar data laws. However, the consumer backlash to this hasn’t even started yet so it’s unclear how far this will go. Pam Dixon of the World Privacy Forum called it “the Exxon Valdez of privacy.” Speaking at a security conference last week, the director of the U.S. Secret Service said Internet fraud could threaten our economy. If that’s the case, California state Sen. Liz Figueroa will be introducing the Lockbox Act of 2005 any day now to cut off the exchange of data worldwide.

The other data error seems pretty minor now, though not to the consumers involved, I’m sure. A rented mailing list used by several charities mistakenly included the religious affiliations “Jewish,” “Catholic” and “Hindu” along with the consumers’ names and addresses on the outer envelopes. The error was traced to United Farm Workers’ database and a processing error by service bureau Triplex.

In both data breaches, the organizations apologized to consumers. UFW sent letters to the people who received the mailings as well as the affected charities, while ChoicePoint mailed 145,000 letters to people whose identities may have been compromised. Yet, if your identity has been stolen, nothing has been fixed. It’s your job to clear your name.

To the consumer the damage is already done. Did anyone who received that Alliance for Retired Americans mailing with “Jewish” next to their name send in a donation? Probably not. Do those new identity theft victims think this dissemination of their data is a good thing? Not at the moment. No, the consumer will just think even less of direct marketing in general. Remember Direct Marketing Association president/CEO John Greco’s campaign to highlight the good marketing in the industry? Let’s leave out these examples.

Related Posts