Continue in 2 seconds

Business Intelligence and the Myth of Privacy

  • September 01 2002, 1:00am EDT

A friend of mine, Brian, recently moved to my neighborhood. Very excitedly, he told me about how he was able to get a great deal on a mortgage because he borrowed the money from the bank holding his checking accounts. Brian had saved enough money to apply some of the proceeds from the sale of his previous home toward a vacation in Europe ­ the tickets were free because he used frequent flyer miles accumulated from using an affinity card associated with his favorite airline.

Brian loves living in my area because he and his wife can manage the cost of living much better than in his previous neighborhood, especially because all the supermarkets have "bonus cards" that provide additional discounts on many food item purchases. They also love shopping at the local warehouse club because there are a lot of rebate offers on the products they buy there. By using his credit card to buy groceries, Brian has quickly accumulated additional frequent flyer miles.

Yet, Brian is subject to the marketing tsunami that affects us all. He is inundated with junk mail offers of new credit cards. His family's dinner is interrupted by telemarketing phone calls. His morning at work is consumed by the chore of sifting through a flood of spam e-mails peddling discount life insurance and human growth hormone. "Where is my privacy protection?" Brian asks.

Fear of Invasion

Brian is not a real person; however, his behavior strongly resembles reasonable behavior for a large percentage of the population. As reflected by Brian's question, there is a growing fear that some monolithic organizations sneak around collecting our deepest, darkest secrets and are using computers to invade our privacy.

According to the Federal Trade Commission (FTC), "Advances in computer technology have made it possible for detailed information about people to be compiled and shared more easily and cheaply than ever." At the FTC's Privacy Initiatives Web site (, there is a warning about allowing the misuse of personal information. The truth is that as business intelligence professionals, we are somewhat responsible for collecting customer information and manipulating that information for marketing purposes, but are we really guilty of "invasion of privacy?"

Let's take a second look at Brian's behavior:

  • The purchase of his home must be registered with the public agencies because real estate transactions are recorded in public records.
  • Publicly available information from the Census Bureau describes fine details about the area into which Brian has moved.
  • The widely available regional cluster databases can accurately describe the demographics and psychographics of people that live in his neighborhood.
  • His use of cross-marketed products from his financial institution provides a lot of information about his finances and lifestyle to his bank – information that is likely to be shared with all bank subsidiaries as well as affiliated third parties.
  • Brian's use of an affinity credit card, along with his selection of a destination for his vacation (as well as his choice of how and when to apply his frequent flyer miles) are also registered as personal preference entries in some database.
  • Their choice to use a supermarket bonus card not only registers the kinds of foods that Brian and his wife buy, but also allows one to infer their preferred shopping time, their weekly food budget, the number of children they have, when they have company, etc.
  • Each time they complete a rebate slip, they provide feedback to the vendor regarding the purchase patterns of their products and specific information about who buys what products and when.

Any of the activities in which Brian is engaged potentially generate usable information that could be construed as "personal information." In reality, the data that feeds the marketing machine the consumers fear so much is most likely supplied by those very same consumers!

The Value of "Personal" Information and the Cost of Privacy

This demonstrates an interesting model of information valuation in that the consumer is being compensated in some way in return for providing information. For example, in return for the supermarket's ability to track every food item purchase, the consumer is rewarded with incremental "coupon savings." In return for supplying information about the purchase of a product, the company will pay you a $5 rebate. In return for providing information about flight preferences and transactions, the airlines provide free air travel. There are second-order consumer benefits that are rarely articulated well, such as a better ability to provide products targeted only to those consumers who might be interested in those products or more efficient placement of products on supermarket shelves.

On the other hand, most organizations that collect data allow the consumer to prevent any misuse of that data by "opting-out." However, opting out is an "active" process requiring the consumer to take the action which, in turn, generates some cost, perhaps in terms of time and energy spent (which can be lengthy, if waiting on hold). In other words, there is an incurred cost associated with managing personal information.

The public relations problem stems from the perception that due to the availability of fast computational resources along with knowledge discovery applications, companies are sifting through mounds of data, eking out the smallest bits of private information. In reality, under the right circumstances (i.e., we all are obeying the law), companies are using provided personal information in a way that is consistent with the consumers' directives. Unfortunately, the onus for directing the prevention of personal information usage is placed on the consumer through the opt-out process.

The "Privacy" Statement

So what about all those privacy statements that we get in the mail each year? Under the Gramm-Leach-Bliley Act, any financial institution that collects non-public personal information must provide, both at the time of establishing a relationship and on an annual basis, a "clear and conspicuous disclosure to such consumer in writing or in electronic form ... of that financial institution's policies and practices" with respect to disclosing nonpublic personal information to affiliates and nonaffiliated third parties.

However, the issuing of a privacy statement does not imply that your data is being treated as private data! These statements actually are the opposite – they tell the consumer how the information is not being kept private. For example, one bank's privacy statement says, "... we may share any of the personal information that we collect about you among companies within the family." Later in the statement's text is an enumeration of 30 different companies within the family, including auto leasing, insurance, investment advisors, credit card and real estate advisors, among others.

Not only that, this privacy statement also says that the bank "may disclose any of the personal information that we have collected about you to other financial institutions with whom we have joint marketing agreements and companies that perform services, including marketing services, for us or for us and the financial institutions with whom we have joint marketing agreements."

This essentially opens the door for sharing a consumer's personal data with just about anyone. As long as the consumer does not actively opt out of participation, it is likely that personal information is being widely broadcast!

The Good News for Business Intelligence

There are a lot of benefits in society to the (limited) dissemination of personal information such as the ability to track criminals, detect fraud, provide channels for improved customer relationship management or even track terrorists. As business intelligence professionals, we have a twofold opportunity with respect to the privacy issue. The first is to raise awareness regarding the consumer's value proposition with respect to data provision, leading to raised awareness about both the legality and the propriety of BI analysis and information use. The second is to build better BI applications. For example, if these darn computers are so smart, why are companies trying to sell long distance service to my two-year old? Or why do representatives of the company we use for our home alarm system keep calling us and asking if we want an introductory system?

All joking aside, junk mail and marketing calls are viewed as annoyances and invasions only because companies are not able to analyze that information as well as the populace thinks. When we can build better BI applications and use them properly, the perception of invasion will likely change.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access