J
John Fitzsimons
From another newsgroup :
Web firms Pick Profits over Privac
-------------------------------------------- Policies can conceal sale
of customer data By Jonathan Krim --THE WASHINGTON POST July 1-- To
parents interested in buying the popular Hooked on Phonics
learn-to-read programs, the company made a firm promise on its Web
site: It would never sell or rent their personal information to other
marketers.
BUT THAT PLEDGE was empty. In the pages of a marketing trade
publication, Gateway Learning Corp., the product’s California-based
parent company, was advertising to rent the list of Hooked on Phonics
buyers to other marketers. At a price of $95 per 1,000 names,
companies could arrange to have unsolicited advertising sent to
105,936 people who bought Hooked on Phonics in the past year. Included
in the information made available to other marketers: ages of the
buyers’ children. After inquiries from The Washington Post, the
company changed its privacy policy and is no longer promising to keep
such data from being offered to others. A company spokeswoman said the
firm was simply slow to update its policy. Previous customers would be
notified of the change and offered the chance to remove themselves
from the list, she said.
• Federal Trade Commission seeks more power to fight junk e-mail •
Anti-spam bill gains ground in the Senate
Hooked on Phonics is one example of retailers, marketers and an array
of service providers expanding their collection and use of consumers’
e-mail addresses and other personal information, despite broad
assurances to protect individual privacy and honor consumers’ choices
about how much marketing they want to receive.
FISHING FOR VICTIMS Many firms use tactics designed to hide their
intent to gather and profit from the data they collect, information
that grows in value as more and more people use the Internet for
information and shopping. “Companies continually troll for, and
exploit, personally identifiable information,” said Joseph Turow, a
media professor at the University of Pennsylvania who specializes in
mass marketing. “Some Web sites unabashedly collect all the
information they can about visitors and market [it] as aggressively as
they can to advertisers and other marketers.” But these techniques
have drawn scant attention as the flood of unwanted commercial e-mail
has reached tidal-wave proportions. Instead, retailers, advertisers
and Internet service providers such as Microsoft Corp., America Online
and Yahoo Inc. have so far successfully lobbied government regulators
to put the spotlight on deceptive practices of the most unsavory
purveyors of scams and pornography. ‘Some Web sites unabashedly
collect all the information they can about visitors and market [it] as
aggressively as they can to advertisers and other marketers.’ — JOSEPH
TUROW media professor, University of Pennsylvania
Mallory Duncan, senior vice president and general counsel of the
National Retail Federation, argues that mainstream corporations can
police their own marketing practices. “The concern with spam is not
with the Gap coupon you receive,” said Duncan, who represents the
largest lobbying and trade group for store owners. “It’s the huge
amount of porn and other things that were unsolicited.”
FROM JESUS TO CHRISTOPHER REEVE With the onslaught of spam, almost all
companies promise not to sell consumer data. But many don’t mention
that such information is rented. This means that the list owner won’t
release the data to an outside marketer, but it will send messages to
the list on the outsider’s behalf. Targeted lists available for rent
number in the thousands, including those from magazines, professional
organizations and even political interest groups such as Republicans
for Jesus. Recently, for example, the Christopher Reeve Paralysis
Foundation advertised that its list of donors, including postal
addresses, was for rent. A charity spokeswoman said that the rental
list includes data only from donors who gave through direct-mail
appeals, not online. But she acknowledged that those people were
provided no privacy information; the charity’s Web site says it will
never sell or share e-mail addresses of donors. Direct-mail donors
will now be given a chance to remove their names from the donor list,
the spokeswoman said, adding that the organization’s lists are offered
only to “like-minded” groups. Sometimes, consumers may not be aware
they are handing over information to vendors working behind the scenes
at certain Web sites. Take CartManager, a Provo, Utah, company that is
one of many providers of “shopping cart” software used by online
retailers. Merchants use the service to manage their transactions.
Customers select items, put them in virtual shopping carts, and
provide appropriate billing and shipping information to complete the
order. The company, which handles transactions for dozens of small Web
retailers, last month offered for rent its list of 781,000 postal and
e-mail addresses of consumers who “regularly buy online.”
CartManager’s privacy policy states that it might share such
information. But a consumer might not even notice the fine print
stating that a retailer’s shopping cart is “powered by” CartManager,
let alone look at the firm’s privacy policy. The transaction is done
through the Web site of the retailer, whose privacy policy is more
likely to be scrutinized by concerned consumers. CartManager
executives did not respond to requests seeking comment.
In some cases, marketers are open about their intent, if people take
the time to read the privacy policies on Web sites closely. Some sites
essentially exist to collect e-mail addresses and other personal data
to allow future marketing. To entice people to hand over the data,
they offer discounts on products or entry into sweepstakes. But in a
research study Turow supervised for the University of Pennsylvania, 57
percent of 1,200 adults who use the Internet at home thought that if a
Web site merely has a privacy policy, their information would not be
shared with others. To expand their databases even further, some
marketers employ a controversial technique known as “e-mail append.”
List brokers, who buy and sell consumer data for companies, take names
and physical addresses in one firm’s database and look for
corresponding e-mail addresses in outside lists that might contain
enough information to match them up. Columnist Jay Gibson explained
the process in a recent edition of Opt-In News, an online publication
for marketers. For example, a pizza restaurant cannot send e-mails
about new services to a customer who orders over the phone because an
e-mail address is not provided, Gibson wrote. “But they can take my
name, physical address and telephone number, submit this information
to an e-mail append service, and acquire it.”
‘WEED THOSE PEOPLE OUT’ ‘The whole industry that we’re involved with
relies on . . . integrity and a self-policing environment. But there
are a lot of people out there that don’t play by the rules.’ — PAUL
CHACHKO CEO, Datagence Paul Chachko, chief executive of Datagence, a
firm that provides e-mail append, said the service can be performed
properly by reconfirming with all consumers on the lists that they
wish to receive marketing messages. “The whole industry that we’re
involved with relies on . . . integrity and a self-policing
environment,” Chachko said. “But there are a lot of people out there
that don’t play by the rules. We’ve got to weed those people out.”
Marketing executives say they have instituted strict self-policing
guidelines, including ensuring that consumers have the ability to “opt
out” of receiving future advertising marketing messages.
But opting out is not always easy.
Bluefly Inc., an online retailer, has an extensive privacy policy. “We
take this matter very seriously, and have instituted many policies and
procedures to insure that none of your privacy rights as stated herein
are ever violated,” the policy says. The policy tells users that
anytime they e-mail the company, they consent to receive messages from
the company. But to be removed from future messages, users must e-mail
the company. A spokesman said the company would not send marketing
messages to people who e-mailed requesting to be removed from future
advertising.
CITIBANK’S APPROACH ‘We continually review our performance, and
believe our procedures have been extremely effective in providing for
the privacy preferences of our customers.’ — CITIBANK in a statement
concerning online marketing Citibank’s parent, Citigroup Inc.,
requires customers of any of its hundreds of affiliates to tell each
one that it wants to stop receiving marketing messages. Citibank has
been the object of more than 30 complaints to the Federal Trade
Commission over the past year by consumers charging that the company
has failed to honor their requests to remove their names from lists,
or made it nearly impossible to do so. An FTC spokeswoman said the
agency has not acted on the complaints, adding that it has received
more than 1,000 similar complaints about a range of companies. In a
statement, Citibank said, “We continually review our performance, and
believe our procedures have been extremely effective in providing for
the privacy preferences of our customers.” Marketing and retailing
executives want any anti-spam legislation to treat affiliates as
separate entities, on the theory that customers of different products
don’t always pay attention to corporate relationships among companies.
Microsoft, which like many Internet providers markets to its members,
recently proposed a system in which industry would agree to an
electronic seal-of-approval process that e-mail networks could
recognize and allow legitimate marketing through. Among the criteria
for such a seal would be that requests of users to be removed from
marketing lists would be honored. But privacy advocates and anti-spam
groups are dubious about industry governing itself. Instead, they want
computer users to be free of commercial e-mail unless they
specifically request it, a system known as “opt-in.” Marketing and
Internet industry lobbyists have successfully warded off this
approach, while at the same time co-opting the phrase. In marketing
parlance, opt-in means that consumers have not specifically asked to
be removed from mailing lists.
OPTING-IN BY ACCIDENT ‘Some companies, like psycho ex-boyfriends, tend
to see relationships where they don’t exist.’ --CHRIS MURRAY
legislative counsel, Consumers Union
Thus, nearly all available e-mail lists are advertised as opt-in
lists. But according to some in the industry, opt-in is at best a
sliding scale. “If you forget to check a box [asking to be eliminated]
from further marketing, that’s technically opt-in,” said Sherri Jones,
a vice president at TKL Interactive, a Southern California marketing
firm. She said her firm sends e-mails to all list members asking them
to confirm that they want to receive further advertising, a process
known as “double opt-in.” Jones said that to regain credibility, her
industry must move to a true opt-in system, in which no marketing
occurs before a user requests it. “The opt-in procedure puts the
control of the transaction in the hands of the consumer,” she said,
separating herself from her industry’s trade groups. “That’s a
dramatic paradigm shift that I think a lot of old-school marketers are
resisting.” Industry officials counter that if they don’t have the
right to approach consumers at least once, people will be deprived of
potentially valuable offers that they would otherwise not hear about.
Marketers also insist that they maintain the right to send messages to
customers with which they have “existing business relationships.”
Consumer groups say that this makes sense if that means a customer has
recently purchased a product, but it should not apply if he or she
merely requests information. “Some companies, like psycho
ex-boyfriends, tend to see relationships where they don’t exist,” said
Chris Murray, legislative counsel for Consumers Union.
© 2003 The Washington Post Company
Web firms Pick Profits over Privac
-------------------------------------------- Policies can conceal sale
of customer data By Jonathan Krim --THE WASHINGTON POST July 1-- To
parents interested in buying the popular Hooked on Phonics
learn-to-read programs, the company made a firm promise on its Web
site: It would never sell or rent their personal information to other
marketers.
BUT THAT PLEDGE was empty. In the pages of a marketing trade
publication, Gateway Learning Corp., the product’s California-based
parent company, was advertising to rent the list of Hooked on Phonics
buyers to other marketers. At a price of $95 per 1,000 names,
companies could arrange to have unsolicited advertising sent to
105,936 people who bought Hooked on Phonics in the past year. Included
in the information made available to other marketers: ages of the
buyers’ children. After inquiries from The Washington Post, the
company changed its privacy policy and is no longer promising to keep
such data from being offered to others. A company spokeswoman said the
firm was simply slow to update its policy. Previous customers would be
notified of the change and offered the chance to remove themselves
from the list, she said.
• Federal Trade Commission seeks more power to fight junk e-mail •
Anti-spam bill gains ground in the Senate
Hooked on Phonics is one example of retailers, marketers and an array
of service providers expanding their collection and use of consumers’
e-mail addresses and other personal information, despite broad
assurances to protect individual privacy and honor consumers’ choices
about how much marketing they want to receive.
FISHING FOR VICTIMS Many firms use tactics designed to hide their
intent to gather and profit from the data they collect, information
that grows in value as more and more people use the Internet for
information and shopping. “Companies continually troll for, and
exploit, personally identifiable information,” said Joseph Turow, a
media professor at the University of Pennsylvania who specializes in
mass marketing. “Some Web sites unabashedly collect all the
information they can about visitors and market [it] as aggressively as
they can to advertisers and other marketers.” But these techniques
have drawn scant attention as the flood of unwanted commercial e-mail
has reached tidal-wave proportions. Instead, retailers, advertisers
and Internet service providers such as Microsoft Corp., America Online
and Yahoo Inc. have so far successfully lobbied government regulators
to put the spotlight on deceptive practices of the most unsavory
purveyors of scams and pornography. ‘Some Web sites unabashedly
collect all the information they can about visitors and market [it] as
aggressively as they can to advertisers and other marketers.’ — JOSEPH
TUROW media professor, University of Pennsylvania
Mallory Duncan, senior vice president and general counsel of the
National Retail Federation, argues that mainstream corporations can
police their own marketing practices. “The concern with spam is not
with the Gap coupon you receive,” said Duncan, who represents the
largest lobbying and trade group for store owners. “It’s the huge
amount of porn and other things that were unsolicited.”
FROM JESUS TO CHRISTOPHER REEVE With the onslaught of spam, almost all
companies promise not to sell consumer data. But many don’t mention
that such information is rented. This means that the list owner won’t
release the data to an outside marketer, but it will send messages to
the list on the outsider’s behalf. Targeted lists available for rent
number in the thousands, including those from magazines, professional
organizations and even political interest groups such as Republicans
for Jesus. Recently, for example, the Christopher Reeve Paralysis
Foundation advertised that its list of donors, including postal
addresses, was for rent. A charity spokeswoman said that the rental
list includes data only from donors who gave through direct-mail
appeals, not online. But she acknowledged that those people were
provided no privacy information; the charity’s Web site says it will
never sell or share e-mail addresses of donors. Direct-mail donors
will now be given a chance to remove their names from the donor list,
the spokeswoman said, adding that the organization’s lists are offered
only to “like-minded” groups. Sometimes, consumers may not be aware
they are handing over information to vendors working behind the scenes
at certain Web sites. Take CartManager, a Provo, Utah, company that is
one of many providers of “shopping cart” software used by online
retailers. Merchants use the service to manage their transactions.
Customers select items, put them in virtual shopping carts, and
provide appropriate billing and shipping information to complete the
order. The company, which handles transactions for dozens of small Web
retailers, last month offered for rent its list of 781,000 postal and
e-mail addresses of consumers who “regularly buy online.”
CartManager’s privacy policy states that it might share such
information. But a consumer might not even notice the fine print
stating that a retailer’s shopping cart is “powered by” CartManager,
let alone look at the firm’s privacy policy. The transaction is done
through the Web site of the retailer, whose privacy policy is more
likely to be scrutinized by concerned consumers. CartManager
executives did not respond to requests seeking comment.
In some cases, marketers are open about their intent, if people take
the time to read the privacy policies on Web sites closely. Some sites
essentially exist to collect e-mail addresses and other personal data
to allow future marketing. To entice people to hand over the data,
they offer discounts on products or entry into sweepstakes. But in a
research study Turow supervised for the University of Pennsylvania, 57
percent of 1,200 adults who use the Internet at home thought that if a
Web site merely has a privacy policy, their information would not be
shared with others. To expand their databases even further, some
marketers employ a controversial technique known as “e-mail append.”
List brokers, who buy and sell consumer data for companies, take names
and physical addresses in one firm’s database and look for
corresponding e-mail addresses in outside lists that might contain
enough information to match them up. Columnist Jay Gibson explained
the process in a recent edition of Opt-In News, an online publication
for marketers. For example, a pizza restaurant cannot send e-mails
about new services to a customer who orders over the phone because an
e-mail address is not provided, Gibson wrote. “But they can take my
name, physical address and telephone number, submit this information
to an e-mail append service, and acquire it.”
‘WEED THOSE PEOPLE OUT’ ‘The whole industry that we’re involved with
relies on . . . integrity and a self-policing environment. But there
are a lot of people out there that don’t play by the rules.’ — PAUL
CHACHKO CEO, Datagence Paul Chachko, chief executive of Datagence, a
firm that provides e-mail append, said the service can be performed
properly by reconfirming with all consumers on the lists that they
wish to receive marketing messages. “The whole industry that we’re
involved with relies on . . . integrity and a self-policing
environment,” Chachko said. “But there are a lot of people out there
that don’t play by the rules. We’ve got to weed those people out.”
Marketing executives say they have instituted strict self-policing
guidelines, including ensuring that consumers have the ability to “opt
out” of receiving future advertising marketing messages.
But opting out is not always easy.
Bluefly Inc., an online retailer, has an extensive privacy policy. “We
take this matter very seriously, and have instituted many policies and
procedures to insure that none of your privacy rights as stated herein
are ever violated,” the policy says. The policy tells users that
anytime they e-mail the company, they consent to receive messages from
the company. But to be removed from future messages, users must e-mail
the company. A spokesman said the company would not send marketing
messages to people who e-mailed requesting to be removed from future
advertising.
CITIBANK’S APPROACH ‘We continually review our performance, and
believe our procedures have been extremely effective in providing for
the privacy preferences of our customers.’ — CITIBANK in a statement
concerning online marketing Citibank’s parent, Citigroup Inc.,
requires customers of any of its hundreds of affiliates to tell each
one that it wants to stop receiving marketing messages. Citibank has
been the object of more than 30 complaints to the Federal Trade
Commission over the past year by consumers charging that the company
has failed to honor their requests to remove their names from lists,
or made it nearly impossible to do so. An FTC spokeswoman said the
agency has not acted on the complaints, adding that it has received
more than 1,000 similar complaints about a range of companies. In a
statement, Citibank said, “We continually review our performance, and
believe our procedures have been extremely effective in providing for
the privacy preferences of our customers.” Marketing and retailing
executives want any anti-spam legislation to treat affiliates as
separate entities, on the theory that customers of different products
don’t always pay attention to corporate relationships among companies.
Microsoft, which like many Internet providers markets to its members,
recently proposed a system in which industry would agree to an
electronic seal-of-approval process that e-mail networks could
recognize and allow legitimate marketing through. Among the criteria
for such a seal would be that requests of users to be removed from
marketing lists would be honored. But privacy advocates and anti-spam
groups are dubious about industry governing itself. Instead, they want
computer users to be free of commercial e-mail unless they
specifically request it, a system known as “opt-in.” Marketing and
Internet industry lobbyists have successfully warded off this
approach, while at the same time co-opting the phrase. In marketing
parlance, opt-in means that consumers have not specifically asked to
be removed from mailing lists.
OPTING-IN BY ACCIDENT ‘Some companies, like psycho ex-boyfriends, tend
to see relationships where they don’t exist.’ --CHRIS MURRAY
legislative counsel, Consumers Union
Thus, nearly all available e-mail lists are advertised as opt-in
lists. But according to some in the industry, opt-in is at best a
sliding scale. “If you forget to check a box [asking to be eliminated]
from further marketing, that’s technically opt-in,” said Sherri Jones,
a vice president at TKL Interactive, a Southern California marketing
firm. She said her firm sends e-mails to all list members asking them
to confirm that they want to receive further advertising, a process
known as “double opt-in.” Jones said that to regain credibility, her
industry must move to a true opt-in system, in which no marketing
occurs before a user requests it. “The opt-in procedure puts the
control of the transaction in the hands of the consumer,” she said,
separating herself from her industry’s trade groups. “That’s a
dramatic paradigm shift that I think a lot of old-school marketers are
resisting.” Industry officials counter that if they don’t have the
right to approach consumers at least once, people will be deprived of
potentially valuable offers that they would otherwise not hear about.
Marketers also insist that they maintain the right to send messages to
customers with which they have “existing business relationships.”
Consumer groups say that this makes sense if that means a customer has
recently purchased a product, but it should not apply if he or she
merely requests information. “Some companies, like psycho
ex-boyfriends, tend to see relationships where they don’t exist,” said
Chris Murray, legislative counsel for Consumers Union.
© 2003 The Washington Post Company