Verizon (VZ) has agreed to pay a $7.4 million fine over its "use of personal consumer information for marketing purposes," according to a Federal Communications Commission press release. In addition, Verizon had to agree to a three-year compliance plan.
Corporations have, for many decades, collected and used massive bodies of information to more effectively market to consumers. The information includes purchase histories; demographic, economic, and credit information; and anything else that might give a company an edge in getting people to spend more.
As the FCC consent decree explains, telecommunications companies are required by law to either get permission from consumers to use personal information, like destinations of numbers called, lengths of calls, and how many calls someone makes, for marketing additional services to them. The permission can be active, in which a consumer has to opt in, or passive, in which a company informs the consumers of the use of the information and then gives them a mechanism to opt out.
As early as 2006, Verizon had failed to generate opt-out messages for about 2 million of its customers. According to a company representative who spoke with CBS MoneyWatch, the omission was a computer problem. Verizon itself discovered the issue and self-reported to the FCC. The affected consumers were also landline customers, not wireless, as some reports have suggested. Here is a statement the company sent:
The issue here was that a notice required by FCC rules inadvertently was not provided to certain of Verizon's wireline customers before they received marketing materials from Verizon for other Verizon services that might be of interest to them. It did not involve a data breach or an unauthorized disclosure of customer information to third parties. Verizon takes seriously its obligation to comply with all FCC rules, and once we discovered the issue with the notices we informed the FCC, fixed the problem and implemented a number of measures to ensure it does not recur.
Verizon is under stricter controls than most companies because it is in a heavily-regulated industry. But consumers who worry about people or organizations using their data should consider broader corporate activity.
Analyzing consumer data reaches back to the 1940s and 1950s. Companies like Acxiom collect large stores of consumer data and provide "information to companies, non-profits, political organizations and government agencies" to help improve the relevancy of advertising and promotions. Companies rent one another mailing lists. There's a whole area of computer technology called "ad tech" that focuses on collecting the online behavior of consumers and using that to direct ads toward them.
Even with the occasional eruptions of concern over a Facebook (FB) or Twitter (TWTR) putting user data to work for advertisers, consumers are largely unaware of how much data companies from grocery stores to retailers collect. The next time you hear about a data breach and the personal information that was lost, you might ask why the company wanted to store it all in the first place.