As those repositories of consumer data continue to slowly, steadily converge, however, the ways in which businesses interact with consumers will need to change if they are to head off the kinds of consumer privacy and trust headaches that have already confronted traditional data aggregators and the online behavioral advertising industry.
"Transparency overall will need to increase as these environments become more complex and intertwined," says Leigh Feldman, chief privacy officer at American Express Co. The financial and travel services company now has privacy professionals aligned with each business unit. "Privacy will be a competitive differentiator for companies over the next five years," he says. And in addition to offering transparency so users understand what's happening with their data, Feldman says it's important to present meaningful choices that let the user decide how their data can be used, and to guarantee customers that their data will be handled in a responsible fashion.
Traditional types of data — such as healthcare information and banking records — and some uses — such as for identity verification, insurance underwriting, employment or to assess creditworthiness — are regulated. But the increasing use of personal data for marketing purposes, gathered both offline and online, has fewer regulatory controls. That's a big data bucket. And inappropriate use of that marketing data — such as for making hiring decisions — can get a company into hot water with regulators.
Businesses face a jigsaw puzzle of laws and regulations that govern certain types of data assets as well as how information may — and may not — be used for some types of decisions, says Tony Hadley, senior vice president of government affairs and public policy at data aggregator Experian. "The overarching regulation of marketing data comes from a mosaic of smaller state and federal laws," he says, as well as from the standards governing ethical practices put forward by the Direct Marketing Association and other professional groups.
One problem, says Metanautix's Adler, is that when companies use marketing data about consumers for purposes other than marketing they can get into trouble. For example, a business that uses information from Facebook or Twitter to make a negative hiring decision — and does not disclose to the applicant that the information was used in that decision — can run afoul of the Fair Credit Reporting Act, which governs how data may be used for employment purposes.
"You cannot use marketing data for credit or employment eligibility. There's a firm firewall between those two uses. If you break it the FTC will come after you," says Hadley. "And if someone is taking consumer data and mining it in such as way as to be abusive to customers, that's something the FTC could clean up under its deceptive trade practices."
Sign up for CIO Asia eNewsletters.