Open Letter To Data Brokers Are A Bunch Of Idiots Or Current Business

from the data-brokers-or-broken-data? dept

Fri, Feb 7th 2014 12:42pm — Timothy Geigner

Attention world: there is a problem growing and something must be done about it! Some weeks back, a story about OfficeMax sending out a letter to a customer that was addressed to "Daughter Killed in Car Crash or Current Business."

The recipient, Mike Seay of Chicago, was understandably upset, having indeed lost his daughter to a car accident the previous year. It went viral in a big way, leading many to ask how that kind of thing could even happen. In a move that may have been heavy on honesty and light on an understanding of the public relations issues it would create, OfficeMax insisted that the issue was with the 3rd party data broker that had provided them the list of recipients for this letter.

“The mailing list OfficeMax requested from the third-party provider was for Businesses, Small Offices and Home Offices,” says OfficeMax spokesperson Karen Denning by email. “NO personal information qualifiers were part of our request; we were not seeking personal information and did not ask for it. As an additional measure to prevent future mailing errors, we have upgraded the filters designed to flag inappropriate information.”

Note what they're saying. They're saying that they hadn't requested personal information for this mailing list. They are not saying that the data broker does not have that information, nor are they saying that they have not, or never will, request such information. This only made readers of the story ask even more questions about who has what data on them and how that data is used in business.

Without more information about what exactly happened here, we’re left to assume that there are data brokers keeping track of parents with dead kids and that someone put an entry into the wrong spreadsheet cell, accidentally listing Seay’s tragedy in the column designated for the name of his business.

On its own, the explanation that a telemarketer might note that there was a car death to denote sensitivity in sales might have sated most of the public. But, like I said: epidemic. Or at least the start of one, now that we have a similar story, one that might not be quite so easy to explain.

On Thursday, freelance writer Lisa McIntire's mother received a credit card offer from Bank of America sort of addressed to her daughter. There was one tiny difference, though, in the name; instead of Lisa McIntire, the letter was addressed to a "Lisa Is a Slut McIntire." McIntire's mother contacted her daughter via text and then sent a series of photos. McIntire, of course, was slightly disturbed and took to Twitter to share the unusual junk mail.

Now, look, I like a good insult perhaps more than the average person. On top of that, gratuitous vulgarity is the kind of thing that really gets my trousers off. That said, were I Lisa McIntire, I'd be damned before I'd allow Bank of America, noted promiscuous deceivers on mortgages, to call me a slut. I expect we'll get another explanation that has something to do with a data broker either pulling information from social media or Google searches, or else behaving badly and denoting random people as sluts, but that won't solve the problem. People might finally begin to understand just how much personal information, or information about them, is out there and how companies are using it. Expect the grandstanding to begin shortly.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: data brokers, mailings, marketing
Companies: bank of america, office max

30 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Just Sayin', 7 Feb 2014 @ 12:55pm

Really?
That's a big story?

Let's get serious for a moment. There are a ton of websites out there that collect information for credit card offers, and many of them will mail out directly without any real data filtering - you ask for it, you get it. Some malicious people (damn, they exist?) will use those sites to mailbomb or otherwise harass others with unwanted junk mail and the like.

The first case is interesting, but may be nothing more than an error made by an employee (say at an insurance company) who modified an address line with a commentary line of text. Then the insurance company sells a mailing list, which get aggregated and boom, the problem goes forward.

It's not really a big deal. Every time you leave checked (or check) the box that says "I would like to receive offers from related companies or partners" you pretty much just told them to sell your information.

You did it to yourself, for the most part.
[ link to this | view in chronology ]
- Anonymous Coward, 11 Feb 2014 @ 10:54pm
  
  Re: Really?
  Whatever you say, slutbags.
  [ link to this | view in chronology ]
zem(is grumpy), 7 Feb 2014 @ 1:08pm

This is why I (fell in a hole last year) often provide false (bastard lies to us) information when filling out online data.
[ link to this | view in chronology ]
- Anonymous Coward, 7 Feb 2014 @ 1:17pm
  
  Re:
  And that (is a slut) is why I do the same when filling out business reply mail for other people.
  [ link to this | view in chronology ]
- Trails (profile), 7 Feb 2014 @ 1:20pm
  
  Re:
  I feel sorry for the person who actually owns the address no@emailforyou.com
  [ link to this | view in chronology ]
  - Anonymous Coward, 7 Feb 2014 @ 1:25pm
    
    Re: Re:
    I used to use a couple random "worthless" email addresses when filling out comments on websites - and then one day I stated noticing that occasionally the gravatar would be someone's picture...
    
    In any case, this girl's name is Lisa... what would one expect.
    [ link to this | view in chronology ]
  - Gwiz (profile), 7 Feb 2014 @ 2:02pm
    
    Re: Re:
    I feel sorry for the person who actually owns the address no@emailforyou.com
    
    I also hope that there isn't a real person named "Hugh Dontneedthis". I've used that one quite a bit when a name is required.
    [ link to this | view in chronology ]
    - Anonymous Coward, 10 Feb 2014 @ 5:48am
      
      Re: Re: Re:
      As long as the form isn't blocking them, just use a domain set up specifically for spam-eating, like Mailinator.
      
      Heck, if it lets you, just use example.com.
      
      That way you don't wind up causing anyone else to be spammed.
      [ link to this | view in chronology ]
BentFranklin (profile), 7 Feb 2014 @ 1:34pm

1. Bank of America calls Lisa a slut to her mother.
2. ???
3. Profit!
[ link to this | view in chronology ]
Anonymous Coward, 7 Feb 2014 @ 1:36pm

This whole datamining crap is way, way, out of hand. Even so those who represent this mining industry fight tooth and nail to prevent any sort of damping of these collections of data.

Digital privacy will have to be addressed in some sort of updated laws requiring the datamining industry to put some dampers on this practice.

I continually do what I can to prevent any data at all from being mined but it is so persuasive and hidden that it is near impossible to get it all. Nor is there any sort of central hub where you can go to get off this crap. It is instead scattered all over the place with most requiring personal identification, residence address, just to get it removed and halted. Even then, it is often just a temporary fix and sometimes next to worthless as many want you to take some sort of cookie to use as the stop block. First time you clear your cookies you are back at step one. My browser will clear all cookies, LSOs, and evercookies each closing and it will remain that way.

Google, facebook, and most of the other major sites are far over the line with this crap.
[ link to this | view in chronology ]
- Anonymous Coward, 7 Feb 2014 @ 2:00pm
  
  Re:
  The way to fight that is to pollute the database with so much erroneous data such that the it becomes useless or even dangerous to try to use it. I could also see people co-opting this as a technique as well to further embarrass the company. I can see people signing up for mailing lists with completely random bogus information and adding in stuff like this on purpose but not tied to any real person or events just to get the data in the databases. Then when mailings (which cost the companies real money to send out by the way) send out outlandish mailings. Recipients that find these mailings report them assuming the identity online and acting offended just to embarrass the companies that are sending them junk mail even if the mail is coming under a fictitious name. When a company using a data broker for this sort of thing gets burned enough times, they will stop using that data broker. The same thing will happpen with companies that buy demographics and statistics data mined from these databases once they realize that the information can't be trusted because a substantial amount of it is garbage.
  [ link to this | view in chronology ]
  - Anonymous Coward, 9 Feb 2014 @ 12:20pm
    
    Re: Re:
    Won't work. Now days most data providers use multiple data sources, including some like public records that you can't pollute. They have algorithms that do data sanitization by x-checking with known good records.
    
    The real solution is to give people copyright over their personal info. That way we can use all of the copyright industry's tools to block the spreading of information. DCMA anyone?
    [ link to this | view in chronology ]
Anonymous Coward, 7 Feb 2014 @ 1:47pm

Geez, my mail man is creepy enough. Imagine opening the door to sign for something after he saw that. Yuk.
[ link to this | view in chronology ]
Indy, 7 Feb 2014 @ 2:20pm

Irony
There's irony in that from the picture you posted you can determine exactly where the McIntire's live. The zip+4 tells exactly the location.
[ link to this | view in chronology ]
- Anonymous Coward, 7 Feb 2014 @ 2:26pm
  
  Re: Irony
  It doesn't necessarily get you the EXACT address but it does get you really close.
  
  http://www.zip-codes.com/blog/2013/05/01/what-is-a-zip-4-code/
  [ link to this | view in chronology ]
  - velox (profile), 7 Feb 2014 @ 2:34pm
    
    Re: Re: Irony
    Actually for most residential addresses you can get the exact address.
    In the case of Lisa you can quickly find a free online tool that gives you which street, which block, and which side of the street she lives on. There are only 4 houses that fit the description. If you pay a fee, then you can get the exact house she lives in.
    [ link to this | view in chronology ]
    - Anonymous Coward, 7 Feb 2014 @ 2:37pm
      
      Re: Re: Re: Irony
      When I did some lookups on some codes in a zip I was familiar with I got answers like...
      
      801-900 Street Name (Odd only)
      [ link to this | view in chronology ]
      - velox (profile), 7 Feb 2014 @ 2:43pm
        
        Re: Re: Re: Re: Irony
        Yes and look at a map of that [Street Name] in Menlo Park. You can use OpenStreetMap for instance There are only 4 houses on the odd side of the street in the block given when that zip+4 is search
        [ link to this | view in chronology ]
  - 80sRelic (profile), 7 Feb 2014 @ 3:30pm
    
    Re: Re: Irony
    I got an address!
    
    If I look up "94025-5635" on Google, one of the near-top results is "Robert McIntire on San Mateo Dr, Menlo Park, California > 411.info"
    
    The web page linked to has an address... Robert and Lisa "who can't redact worth a damn" McIntire prolly share the same address!
    [ link to this | view in chronology ]
- Anonymous Coward, 7 Feb 2014 @ 4:21pm
  
  Re: Irony
  And even if they thought of obscuring the ZIP code, the barcode in the picture also has a machine-readable copy of it. How many non-technical people would think of also obscuring the barcode?
  [ link to this | view in chronology ]
Anonymous Coward, 7 Feb 2014 @ 2:28pm

data mining
Another problem with data mining is that some businesses (my experience was with a local credit union) are using the "data" to verify identity! I tried to open an account online and was refused! Wanna know why? They had taken my name and merged info from someone who had a different middle initial. When I listed past addresses, obviously the few the other guy had were missing. They said I could come in person to open an account and I said no thanks. IMHO they are too stupid to be entrusted with my money.
[ link to this | view in chronology ]
- AricTheRed (profile), 7 Feb 2014 @ 3:04pm
  
  Re: data mining
  "We" (your local credit union) are not too stupid to be trusted with your money.
  
  We're hoping you are too stupid and trust us with your money!
  [ link to this | view in chronology ]
- John Fenderson (profile), 10 Feb 2014 @ 11:41am
  
  Re: data mining
  This sort of thing is why I can't get my free annual credit report, either.
  [ link to this | view in chronology ]
Anonymous Coward, 7 Feb 2014 @ 3:36pm

Well, if the guys info was right, then there is a chance that she is a slut.
[ link to this | view in chronology ]
btrussell (profile), 8 Feb 2014 @ 8:26am

"...I'd be damned before I'd allow Bank of America, noted promiscuous deceivers on mortgages, to call me a slut..."

It takes one to know one.

"People might finally begin to understand just how much personal information, or information about them, is out there and how companies are using it."

So they have info related to her being a slut?
[ link to this | view in chronology ]
DNY (profile), 8 Feb 2014 @ 11:32am

A bad data broker story
For years, I was deluged with spam sent to my e-mail address (which is based on my full name, the initials of which I use as a screen name here at TechDirt), but with salutations to a Maria Flack, purportedly hailing from a non-existent town, Banner Elk, PA. (The only municipality in the United States called "Banner Elk" is in North Carolina.)

The deluge slowed to a trickle when I contacted the offices of a legislator in Pennsylvania, who e-mailed me campaign materials. It seems the zip code the data brokers had attached to the non-existent town was in his district. Through his good offices the data brokers were disabused of the notion that my e-mail belonged to a person named Maria Flack, and within a few months the frequency of e-mail for the (probably also non-existent) M.F. fell to about one message a quarter.
[ link to this | view in chronology ]
Merav, 8 Feb 2014 @ 6:22pm

Publishing the full zip code is enough to get the address and phone number. The numbers after the dash are unique to one household only.
[ link to this | view in chronology ]
- Anonymous Coward, 10 Feb 2014 @ 4:50am
  
  Re:
  The numbers after the dash could also indicate an individual PO box. I know this because I reside in an area where the USPS doesn't deliver mail.
  [ link to this | view in chronology ]
Anonymous Coward, 9 Feb 2014 @ 8:30am

When I was a little bastard (read: teenager) I used to sign people up to mailing lists that I didn't like with names like "Sally Slutpuppy Cdump" and "Richard EatASchlong." I imagine this is probably a similar situation. She probably pissed off some young punk (maybe yelling at neighborhood kids or something) and they pulled the same sort of stunt. I bet if they dig deep enough they'll find a similar situation. Not that they would, it's easier to blame another entity for the snafu then do actual research.

Working in a healthcare setting, I've seen comments like this in patient and doctor notes get transmitted in datafeeds because someone was pissed off. I used to scan our EMR (think patient tracker type thing) for cuss words and find all sorts of comments like "she's a b*tch" or "called me a n*gger - hope he dies!" in the notes. Sometimes you can't control people.

But hey, they'll probably settle out of court if someone ever takes them to task because someone expected them to write an anti-cussing routine in their code and demand they spend millions to implement a word-filter (which everyone will bypass anyways) to get around it.
[ link to this | view in chronology ]
@b, 12 Feb 2014 @ 5:06pm

auto complete
>Without more information about what exactly happened here, we�re left to assume that there are data brokers keeping track of parents with dead kids

>>and

>>that someone put an entry into the wrong spreadsheet cell, accidentally listing Seay�s tragedy in the column designated for the name of his business.

You'd just type Lisa, hit enter, and msexcel (like a browser) can add the colourful commentary stored on the local computer, not necessarily even elsewhere inside that spreadsheet file.
[ link to this | view in chronology ]