A giant corporation that owns major hotels, mortgage lenders, real-estate companies and tax-accounting services is getting into other business. Yours.
The Cendant Corp. wants to compile a massive database of its customers. The database would include more than 200 pieces of personal information, including credit-card numbers, e-mail addresses, driver’s license numbers and financial information such as income and mortgage balances.
The data would be collected from all of the corporation’s businesses and put into one place to “determine customer buying patterns and behavior,” according to a draft proposal obtained by The Washington Times.
It is legal for the company to collect and compile the information into one data center, and a Cendant spokesman called it a “standard practice among virtually every large company from around the world to use databases to better serve customers.”
But privacy advocates and legislators say the “standard practice” is becoming a dangerous trend, not just an invasion of privacy. For example, insurance companies use the information to weed out unwanted customers by looking at unhealthy buying habits, such as purchases of alcohol, cigarettes and red meat.
The Privacy Act of 1974 prevents the federal government from gathering information on citizens, but it doesn’t stop it from looking at the information gathered by the private sector. Such information also has been used by:
The Drug Enforcement Agency, which has subpoenaed grocery-store customer databases in looking for large purchases of plastic bags to target drug dealers.
The Internal Revenue Service, which has turned to data-mining companies in looking for individuals living lavishly and buying expensive items while underreporting income. All but one direct-marketing company refused to cooperate with the agency. After tests proved inconclusive, the project was abandoned in the 1990s.
Members of Congress and privacy advocates say privacy laws need to be updated to address these growing trends and advances in technology.
“Most Americans consider their personal information their private property,” said Sen. Dianne Feinstein, California Democrat, a sponsor of privacy legislation.
Cendant spokesman Elliot Bloom said he could not comment on the specifics of the “internal, confidential memo,” but that the proposal could be changed or modified in the future.
“We never, ever authorize inappropriate or external use of databases of customers. This is Cendant business and information about customers, and it’s marketing of those customers. We will continue to market to those customers and improve our marketing and do so in the letter of the law, and that is exactly our point of view,” Mr. Bloom said.
“Overall, what we are doing is no more than what any other company is doing to market to customers.”
Cendant owns about 20 companies, including Cendant Mortgage, Jackson Hewitt Tax Services, and real-estate companies Century 21, Coldwell Banker and ERA. Its lodging franchises include Amerihost Inn, Days Inn, Howard Johnson and Ramada Inn. It also owns car-rental companies Avis and Budget, as well as travel services Cheap Tickets, Lodging.com, Cendant Travel and Galileo International, a global-reservation system.
The proposed database would collect personal information provided by all of these companies, plus other private information purchased from another provider, Donnelly, into one system.
Privacy advocates say the internal, confidential proposal gives the public a glimpse of what is happening to their personal information.
“This is what customer-relations management or profiling looks like from the inside. It is presented to individuals [as] a better service and efficiency, when in reality it’s massive databasing,” said Chris Hoofnagle, associate director for the Electronic Privacy Information Center.
“It’s sold as a convenience, but many find it to be creepy,” Mr. Hoofnagle said. “There are no general data-protection laws in the U.S., and as a result, it encourages this type of databasing.”
It might be legal, but it’s “obnoxious,” he said.
The 200-plus pieces information cited in Cendant’s proposal, includes AAA and AARP membership and credit-card numbers, travel-rewards-program information and points, mortgage balance, occupation, household income and a purchasing-power index. It also would include an individual’s e-mail address, marital status, driver’s license number, employer and time-share tours attended.
“It’s a marketing boom, and they will make zillions of dollars buying and selling our information,” said Bill Scannell, spokesman for Don’t Spy On Us.
Direct marketing is a $1.7 billion-dollar-a-year industry, according to the Direct Marketing Association.
“The collection of data without our knowledge or permission is the lifeblood of the direct-marketing industry,” said Robert Bulmash, president of Private Citizen Inc.
“Our every waking moment is being tracked to an extent, not just by this one firm,” Mr. Bulmash said. “And what, is it their business?
“It’s like toxic waste. It might not kill us the day it gets into the ground, but it will harm us some day in the future,” Mr. Bulmash said.
Critics say there already is a dangerous trend of insurance companies using the information to weed out unwanted customers by looking at unhealthy buying habits.
When Robert Rivera slipped and fell in a California grocery store and fractured his kneecap, he sued the store for damages. In turn, the store threatened to use Mr. Rivera’s shopping history against him, specifically, that he made frequent purchases of alcohol and that he “was a lush with poor memory and coordination,” the Seattle Weekly reported. The store denied using the records, which are compiled through the store’s loyalty cards.
Mrs. Feinstein said the profiling information could lead to unfair increases in insurance premiums or outright cancellation of policies, and credit-card denials. The senator sponsored legislation to give consumers control over personal data that is sold by banks and other financial institutions, but the amendment was defeated by the Senate.
Subverting the Privacy Act
Although the Privacy Act prevents the federal government from gathering information on citizens, critics say it hasn’t stopped federal agencies from seeking privately generated data, a practice that continues to grow.
They point to the Pentagon’s Total Information Awareness program, a recent effort to use information culled from private databases to try to catch terrorists. Congress scrapped it because of privacy concerns.
“It’s a way of subverting the Privacy Act restrictions,” said Bob Barr, former Georgia Republican congressman and privacy advocate.
“It’s really the sort of thing that merits a legislative look, either to revisit and revise the Privacy Act or start with some brand-new legislation that reflects the modern tools available to government and private companies,” Mr. Barr said.
The Transportation Security Administration, part of the Homeland Security Department, is looking at technology used by Galileo to develop its Computer Assisted Passenger Pre-Screening program (CAPPS II). Galileo connects 46,000 travel agencies to 683 airlines, 27 car-rental companies, 52,000 hotel properties, 430 tour operators and all major cruise lines throughout the world, according to the company’s Web site.