It’s Not Just the NSA: What Do Marketing Companies Know About You?

You do a certain amount of business online.  You belong to a number of social networks.  You shop at major retailers who have loyalty or rewards programs.  You have all sorts of fun apps on your smartphone.  Your smartphone knows your geographic location to within a few inches.  You have a collection of wearable devices that keep track of your footsteps, your travels, your heartbeat, temperature, and respiration, that record everything you see in front of you.  What happens with this informational trove?  Ever wonder what sort of information these commercial companies want to know about you and more importantly, do know and have stored away on some potentially hackable database somewhere?

In a recent article from TechRepublic that looked into this issue, here is what they found:

“Here is the type of data that brokers collect, according to the FTC report:

  • Identifying data: name, address, etc.
  • Sensitive identifying data: Social Security number, driver’s license number, etc.
  • Demographic data: age, gender, race, languages spoken, employment, religion, etc.
  • Court and public record data: bankruptcies, criminal convictions, marriage licenses, voting registration, etc.
  • Social media and technology data: purchases, level of usage, Facebook and Twitter usage, number of friends in social networks, online influence, etc.
  • Home and neighborhood data: dwelling type, home loan, interest rate, etc.
  • General interest data: apparel preferences, attendance at sporting events, gambling, magazine subscriptions, media channels used, pets, preferred movie and music genres, etc.
  • Financial data: ability to afford products, credit card user, credit worthiness, financially challenged, discretionary income level, net worth, tax return transcripts, etc.
  • Vehicle data: brand preferences, propensity to purchase new or used vehicle, motorcycle owner, intent to purchase vehicle, etc.
  • Travel data: highest price paid for travel purchase, cruises booked, preferred vacation destination, date of last travel purchase, etc.
  • Purchase behavior data: amount spent on goods, buying activity, method of payment, buying channel preference (internet, mail, phone), shooting game purchases, guns and ammunition purchases, purchase of plus-sized clothing, average days between orders, novelty Elvis purchases, etc.
  • Health data: tobacco usage, allergies, prescription purchases, brand name medicine preference, contact lenses user, weight loss supplements, reported interest in various health topics, etc.”

In 2012 the nine largest data brokers, the businesses that collect your data, parse it, store it, and resell it, make over $426 million dollars selling this information to other companies you are looking to target their marketing at you.

For me, the issue isn’t the nuisance of direct mail, targeted browser advertising, or marketing email; it is the danger that this information about you and me and all of us is stored on database servers that may not be particularly well secured, and your personal information could end up in the hands of cyber-criminals, and result in identity theft or worse.

Usually I like to end my articles with a practical suggestion of something useful you can do to protect yourself.  Unfortunately, for many of us, this cat is way out of the bag, and there is no “UNDO” button to reverse this information flow.  You just need to be aware that is is the current state of affairs.  The concept of privacy has pretty much been blown away by the computer and the Internet.  The best you can do is be aware that the potential for loss exists, and to watch for anything unusual in your business, personal, or financial affairs that could indicate an identity theft is underway or has taken place.


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.