Posts tagged: Privacy

Catalogs, Correlation, Privacy etc.

Have you ever wondered how and why do you get certain catalogs at home?

Last quarter we had a presentation from the CTO of a company (name withheld intentionally – let’s call it company X) who’s into data mining of consumer data.

Their business model is pretty simple. They take customer data from a bunch of retail stores (e.g. Kohl’s, REI, Sears…), put it together, process it and sell it back to the stores. It’s a co-op arrangement where the stores have gotten together to get a better understanding of their customers.

They take things like age, gender, origin, number of visits, average spending, size, color of clothing etc and categorize them into segments. And then they match each user to a segment(s) to predict their buying behavior. For instance, if you are 24 year old Chinese living in San Mateo, you would like to buy orange polos (since that’s what 24 year old Chinese people living in San Mateo are buying).

This also allows retails stores to customize their catalogs per region as well as per customer. I won’t be surprised if 5 years from now, the catalogs delivered to my home will have pictures of me (and my Facebook friends).

The company X claims that they are able to determine with up to 50% accuracy whether a customer will show up in the store if he/she receives a catalog.

Though the stores compete with each other but agree to this arrangement since they all benefit by combining the data. Stores never get to see each other’s data. Stores don’t get the data back if it’s not their existing customer i.e. if you have never shopped at Kohl’s, but are a life time REI customer, Kohl’s cannot get your data from company X. However, the day you buy a $5 tee at Kohl’s, Kohl’s will be able to find out your spending habits as well as your waist size.

The stores can then use this to estimate ‘Customer Lifetime Value‘ and determine if you are worth sending catalogs (with ads for orange polos).

When talking about consumer privacy, Company X claimed that the consumers can always ask the retail stores or them to stop processing their data. However, they have a transactional model and get paid by the number of customers in their database. And hence they have no reason to encourage/educate the customer on how to do that. No wonder there is no web page or even an email address where the customer can request exemption. Most of the time, the customer has to find the postal address (in fine print), write a letter and then mail it.

Of course, Company X believes they are doing a service to consumers by narrowing their choices (if you are a 24 year old Chinese living in San Mateo, why wouldn’t you want to buy that orange polo).

Not sure where I stand on this and where is the line between helping consumers and manipulating them.

I do believe that it’s only a matter of time when some aggressive company will skip the catalogs and simply start shipping the orange polos. I can only hope they get my size right.

Consumer Privacy

Since last fall, I’ve been going to Denver University for my EMBA program. This quarter a team of us were to present a paper and as it turned out, our topic was privacy. Even though the topic was broader and we were required to cover many other aspects of privacy as – workplace privacy, citizen privacy, privacy laws and statues in the country and so forth, we found it interesting to add in a piece for consumer privacy. As part of our class presentation, we picked a fellow student (hey Toby!) and simply by knowing his name, in less than 5 minutes, we were able to find his:

  • Date of Birth
  • Home Address
  • Phone number
  • Home Price
  • Cars that he drive
  • Previously known home addresses
  • Wife’s name
  • Relatives names
  • Mortgage info
  • Employer Info
  • School Info
  • Pictures of him and his family

Here are some of sites that we used to get this information:

And interestingly enough, while doing so we didn’t break any laws (nor did we spend any money – a lot more is apparently available for $9.95).

ID Theft

Now…in the past few years I have spent decent amount of time going through the use cases around user’s personal information especially date of birth. Should we exchange ‘DOB’ or ‘Age’ or simply the claim that the user is ‘over 21′. I have read and articulated many times, Kim’s Laws of Identity and why user control and consent should be required and why RPs should respect the ‘minimal disclosure for a constrained use’.

However, I’m wondering the practicality of it. The privacy statement at the home page of http://www.birthdatabase.com interestingly states that “Our birthday data is obtained from public records and available to anyone with a simple knowledge of public record access.” If all of my information is publicly available anyway,what’s point of splitting hairs on what part of information should be shared. It’s not like it’s even possible to hide my age from anyone….and do I really care for the control and consent of the information on a per RP basis – information that’s available publicly for everyone.
A while back, Sun’s CEO Scott McNealy made a statement “You have zero privacy anyway, Get over it”. As much as I appreciate the thinking behind some of the identity laws, I can’t help agreeing with the sentiment that argues ‘Get over it’.
Now if the information is indeed protected by law, that changes things. But for everything else, why bother?

Here are some of the slides that were used in our class presentation.

Image | WordPress Themes