Senator takes aim at e-commerce data-sharing effort
A MASSIVE EFFORT by dozens of e-commerce companies to share dossiers containing consumer buying habits and other personal information came under fire Wednesday when an Alabama senator raised privacy concerns about the effort in a letter to the Federal Trade Commission.
In his letter to FTC Chairman Robert Pitofsky, Republican Sen. Richard C. Shelby criticized the lack of clear-cut privacy protections being put in place to govern the use of personal consumer data once software developers and companies begin to implement the information-sharing standard developed by the Customer Profile Exchange Network.
Known more informally as CPexchange, the group of 70-plus companies -- including IBM; MicroStrategy, in Vienna, Va.; and First Union, in Charlotte, N.C. -- is trying to create a standard method to pool data on potentially millions of consumers. The CPexchange initiative was announced last fall, and an initial version of its standard became available in October.
"While this effort is intended to enhance commercial activity, I am troubled that insufficient attention has been given to the negative ramifications that the use of this exchange will have on the privacy of American consumers," Shelby wrote. In a statement on the letter, Shelby said, "I am greatly concerned with escalating efforts to exploit personal information in pursuit of a dollar."
A spokesman for the FTC said it is withholding comment on Shelby's request until it can be reviewed in detail. The spokesman gave no timeline for when or if action might be taken.
Officials at IBM and First Union could not be reached for comment Thursday. A MicroStrategy spokesman declined to comment on the detailed privacy issues surrounding the CPexchange standard because he said the vendor of data analysis software is not playing an active role in its development. But he added that privacy and trust is "of the utmost importance" to MicroStrategy.
The vast majority of companies currently rely on automated information systems to keep track of their customers' buying patterns in an effort to better understand and anticipate consumer likes and dislikes. These systems also include tools for analyzing and storing data on where customers live; their age, gender, marital status; and when they are most likely to be home to receive telemarketing calls.
But customer information at most companies is stored in various locations, on different types of computer systems, and in different formats, all of which make it difficult, if not impossible, for sales, marketing, and support staffs to quickly access the most up-to-date information. The same problems have hindered business-to-business relationships, such as those between retailers and their suppliers. The CPexchange is being designed to fix these problems by creating a uniform system to exchange information.
Eric Schmitt, an analyst at Forrester Research in Cambridge, Mass., said that although there is a strong business case for such a system, privacy issues can turn it into a double-edged sword for many companies.
"It's all about how you put the data to work," Schmitt said. He said the companies involved will have to expend a substantial amount of resources to make sure the information is used in an appropriate manner once the standard is in place.
Wayne Madsen, a senior fellow at the Washington-based Electronic Privacy Information Center, said Shelby is on to something with his concerns about CPexchange.
"I just wish he woould have the same concerns about the government's increasing desire to store personal information for law enforcement and national security purposes," Madsen said. "But it is encouraging that he is taking a skeptical view of e-business and privacy."
James Grady, an associate analyst at Giga Information Group in Cambridge, Mass., said consumers should be concerned any time organizations or companies agree to trade information. "Privacy is a gray area, it is not black and white," he said. Consumers should question what information the companies collect, what they do with it, and with whom they share that information, he said.
One trend that has appeared in the past two to four months, according to Grady, is an increase in the number of companies that promise consumers that their personal information will only be shared with so-called authorized trading partners.
"It looks like companies are trying to be more selective about who they share consumer information with because it seems like they are finally getting called on it," Grady said. "I'm certainly seeing more and more dot-coms and brick-and-mortar companies that are very concerned about privacy and are definitely pushing in the opposite direction [of the CPexchange]," Grady said.
"The rest of the world has to recognize where the real responsibility for privacy sits, which is in the organizations that have the relationships with the customers," Schmitt said. "Consumers have to exact a higher standard out of the companies that they are doing business with. Something along the lines of a privacy bill of rights is needed."