Acxiom exposed: A peek inside one of the world’s largest data brokers

Acxiom knows where you live, where you shop and what you like to do. But it's not quite the evil data monolith you might expect.

Acxiom is one of the largest data brokers in the world, yet few average consumers know much about it. You’re about to find out a bit more. But before I get into that I’d like to correct two errors related to Acxiom that appeared recently in TY4NS.

Contrary to a report published in the Financial Times, which was later repeated by CNET and yours truly, Acxiom is not planning to open the kimono and let us all take a peek inside at the data it has collected about us. According to an Acxiom spokesperson, while the company is looking into the possibility of offering more transparency to consumers, it’s not yet on their radar, in part due to the enormous engineering challenges such disclosure would entail.

Second: A while back I ran an interview with Ray Everett, currently director of advertising privacy at Yahoo, in which I called him the first person to hold the title of Chief Privacy Officer for any organization. Well, turns out I was wrong there too. Ray got tabbed as CPO for the now defunct AllAdvantage in 1999. That’s 8 years after Jennifer Barrett Glasgow doffed that title for Acxiom. (If there any CPOs who’ve held the title longer, please ping me – I’m keeping a scrapbook.)

So I when was offered the opportunity to interview the oldest — err, longest tenured -- privacy officer in the world, I jumped at the chance. But first some background about Acxiom.

Most people know the company as a data broker. Some people know it as an online tracking company. But very few know that Acxiom is also an IT services firm. Given that it’s been gathering data about hundreds of millions of consumers since 1969, storing it on banks of mainframes at its headquarters in Little Rock and elsewhere, that shouldn’t be surprising. According to Gartner, Acxiom is one of the top three mainframe outsource providers in North America.

As of last month, Acxiom is also a cloud services provider. Its PrivateCloud aims to offer secure mainframe computing services for enterprises in the $200 million to $2 billion range, says Acxiom Cloud Leader Jesse Luna.

Data be the day

When it comes to data, Acxiom has two core businesses, Glasgow explained. One revolves around risk management; companies hire Acxiom to verify that people are in fact who they claim to be. The other collects data from a wide range of sources to build personally identifiable profiles which they then rent to marketers. 

So where does all this information come from? I wanted to know. For marketing data Acxiom draws from three primary sources, Glasgow explained. One is public records, such as property ownership or professional licenses. The second is consumer surveys, magazine subscriber lists, catalogs, and warranty cards. The third category is summary reports about retail purchases.

“People often have the wrong idea about the type of data we collect or how granular it is,” she says. “We don’t know that you bought a blue shirt from Lands End. We just know the kinds of products you are interested in. We’re trying to get a reasonably complete picture of your household and what the individuals who live there like to do.”

Does Acxiom collect data from supermarket loyalty cards, I asked? No. Banking data or airline frequent flyer programs? No. Facebook and Twitter? No. Despite the fact social networks are largely public information, Acxiom doesn’t use them as a source.

Voter registration records? Yes, she replied, though many states have restrictions on how they can be used.

How about criminal records? I asked. Yes, she said, but only convictions, not arrests. And then only for the risk products, never for marketing.

Acxiom data can’t be used for employment background checks, credit verification, or insurance underwriting, she adds, because that would make it a consumer reporting company under Fair Credit Report Act. Companies regulated under the FCRA can’t use that data for marketing purposes.

Cookie monsters

For the last few years Acxiom has also been active in the online tracking space. But here too, Glasgow says most people misunderstand how Acxiom uses your data. When you visit a Web site that deposits an Acxiom cookie, it will request data about your offline interests and activities to “enhance” the profile it has of you.

But it will only request this data if the site already knows who you are – ie, you’ve logged in. And once Acxiom provides that data, it erases any links backwards to its master records, Glasgow says.

In other words, the site knows more about your offline habits, but Acxiom doesn’t know anything about your online activities. In any case, she adds, most of Acxiom’s clients have already purchased enhanced offline data about their customers, so it’s largely moot.

So if Acxiom has these massive troves of data, I asked, why does it think I own a Lear Jet? She laughed.

acxiom cluster 600p.png
“Well there are two million people in your category, it’s possible some of them own Lear Jets,” she says. “Marketing data does not require the level of accuracy that risk management data does. Any data is better than no data. The alternative is to just shoot in the dark.” 

Privacy: Still ticking

With all of the doom and gloom about privacy lately, I asked Glasgow if she was optimistic about the future of privacy. 

“When I started in the early 1990s there were no restrictions at all to speak of,” she says. “We still collected a lot of data, but it was all fair game. Companies like ours that collected data realized many years ago we have a responsibility that comes with playing in this space, so we put a lot of self governance in place.”

Starting in the 2000s, we began to see more laws spelling out what people can and can’t do with data – mostly in Canada, Europe, and Asia. While they don’t have legal force here in the States, they do provide companies with guidelines for acceptable behavior, she says.

Today, with data exploding all over the Web and mobile devices, the old models don’t work any more. You can’t just give people notice that data is being collected and offer them an opt out; everything depends on the context in which the data is used, she says.

“For example, you want emergency responders to be able to use the GPS in your car to locate your car when you’re in a wreck on a country road,” she says. “But you may not want your insurance company to use the GPS to know when you’ve been speeding. We have to spend more time and energy defining what the rules are. Sometimes it feels like we’re back in the 1990s when there were no rules.”

So, is privacy dead, or merely on life support?

“I don’t believe this means privacy is dead,” she says. “We are in a very dynamic moment in history in regard to privacy. But if we approach these problems using the old way of thinking, we are doomed to fail.”

Got a question about social media or privacy? TY4NS blogger Dan Tynan may have the answer (and if not, he’ll make something up). Visit his snarky, occasionally NSFW blogeSarcasm or follow him on Twitter: @tynanwrites. For the latest IT news, analysis and how-to’s, follow ITworld on Twitter and Facebook.

Now read this:

Web trackers are totally out of control

Further adventures in data mining, or welcome to my Lear Jet Lifestyle

Four reasons why Do Not Track turned into Do Not Trust

Top 10 Hot Internet of Things Startups
Join the discussion
Be the first to comment on this article. Our Commenting Policies