I suspect that, until recently, few Americans had any idea of the incredible amount of data that companies like Equifax, Experian, Acxiom, ChoicePoint and InfoUSA maintain on them. If not for new California legislation forcing disclosure of information theft, most Americans would have gone on believing that cookies or buying something online were the biggest threats to their privacy. Of course, this is all going to change.
On February 16, ChoicePoint, one of the country's leading providers of data, credit information and employment verification, announced that the personal data on over 35,000 California residents had been stolen. With California being the only state requiring its citizens be notified in the event of a breach, suspicions began to rise that other state's citizens may have been affected as well.
Over the next few days, pressure from privacy groups and legislators forced ChoicePoint to disclose that as many as 145,000 people had their records stolen. The Los Angeles task force overseeing the investigation estimates that as many as 700 people have had their identities stolen already. On top of that, various experts are estimating than as many as 500,000 people could be affected in one form or another. Attorneys general across dozens of states, as well as the FBI and countless national politicians, are now on a mission the data industry has rarely seen.
Assuming that consumer outcry and political action will be loud and long lasting, it seems very likely that this decades-old industry will find itself heavily scrutinized and legislated. As email marketers, any changes to the data industry will most likely have a far-reaching impact on us. First, if the legislators get too excited, their new laws may impact not just data aggregators, but also the way marketers store the information on their own customers. Second, a good portion of email appends, as well as rented lists originate from these companies. The difficulty in obtaining this information, as well as its cost, is likely to go up a lot. Third, this is the same industry that has recently been on an acquisition binge within the email service provider industry. Harte Hanks bought PostFuture; InfoUSA/YesMail bought ClickAction and @once (and possibly Digital Impact); and Acxiom bought SmartDM. As these acquiring companies see their core business model come under legislative assault, the impact on their email divisions may well introduce significant challenges like rising costs, draconian data management policies or even neglecting their new acquisitions as they focus resources on their primary business.
The ultimate impact of the ChoicePoint data theft is impossible to predict, but I feel certain that it will raise the awareness among consumers about how their personal information is collected and sold by companies whose names they've never even heard of. This awareness will likely result in a rash of state and federal legislation that may well impact anyone dealing with customer data, including all of us.