People who use social networking sites such as Facebook and MySpace are not known for their reticence — many put just about any personal information imaginable out there.
The risks to such openness are clear — from inviting tailored phishing attacks to appalling potential employers with one’s late-night party habits — but many users who are tech-savvy appear willing to brave them. The risks they don’t know about though, however, are a different matter.
Increasingly, there are signs that companies — from financial service firms to affiliate marketers — are targeting social media for new purposes. Roger Thompson, chief research scientist with AVG, for example, believes his credit card company has incorporated data from his Facebook account into his credit card file. He told of an incident in which he had to verify information about himself for security purposes, and one of the questions was about his daughter-in-law — information that the bank didn’t get from him and is only publicly available on Facebook, he wrote in a blog post.
Some credit card companies and financial service companies reportedly are developing algorithms based on an account applicant’s online friends — the theory being that deadbeats tend to associate with one another. Other stories focus on shady affiliate marketers weaseling their way onto a member’s account and then sending sales pitches and product recommendations to their networks, supposedly from them.
These practices are not necessarily mainstream — but the general trend is clear: Companies are recognizing the treasure trove of data sitting on social networks, and are beginning to experiment with it.
“2009 was a watershed year for social networks, with the numbers of people joining or expanding their use of these sites,” Dallas Lawrence, chair of the digital and social media practice group at Levick Strategic Communications, told the E-Commerce Times.
“The next stage, I believe, will be companies taking all this information [and] combining it with new search tools in order to sort through the trillions of data points available,” Lawrence said.
The industry driving much of this activity is, not surprisingly, advertising, said Craig Wills, a professor of computer science at Worcester Polytechnic Institute.
The ability for online ad and data collection companies to track users online can come as a shock to the average Internet user, he told the E-Commerce Times. However, by and large, these companies are rarely able to connect a specific individual with the online surfing habits they so eagerly collect.
That changes when someone visits their social media site, Wills explained. “Ad companies can connect the dots once you go to your site. Now they know not only what sites someone in my demographic category visits — but, specifically, who is visiting them.”
Until recently, in other words, they were able to collect only data that was anonymous and aggregated. The social networking sites provided the missing link — establishing who is reading what news at CNN, for example, or who’s buying what at Amazon.
Advertisers could conceivably track who’s surfing which medical sites or who’s looking for bankruptcy attorneys. This sort of information could wind up being very valuable to the online advertising industry, which is banking on a growth spurt in local and hyper-local online advertising.
The next step will be to start using friends’ data, Wills said, noting that the one-off examples of companies leveraging friends’ data for, say, credit scoring, may well be outliers for a wider trend in a few years.
“Certainly, Facebook’s recent changes in privacy point to that — now all of your friends are visible to anyone in the world,” he noted.
Social media data is increasingly finding its way into the courtroom, much to people’s surprise and dismay, Misha Kerr, an intellectual property attorney with the law firm of Arnstein & Lehr, told the E-Commerce Times.
She told of a client who attended a house party in Florida during Spring break, only to discover that it was actually a filming party for an adult Web site. She hadn’t signed any releases for her images to be used, but they wound up on a porn Web site, nonetheless.
Kerr’s client sued for violation of privacy and damage to her reputation. The defendant countered with photos the client had posted to her social network that were risque, with the argument her reputation couldn’t have been damaged too severely, given what she voluntarily posted.
“The moral of that story is what you think is a private page is not private, and you never know who has access to it,” Kerr said.
Just as these data mining activities are new, so is the notion that consumers might have some rights over their data, according to Elise Dieterich, partner, Sullivan & Worcester.
“Merchants and Web site operators who make customer information available to marketers and data brokers should proceed with caution,” she told the E-Commerce Times.
“With data breaches on the rise, so too are class-action lawsuits alleging that consumers are entitled to money damages when their personal information has been misused, as well as regulatory enforcement actions that impose penalties on businesses that don’t keep their privacy promises,” noted Dieterich.
There are least two bills moving through Congress that address these issues, she said. “The U.S. House of Representatives on December 8, 2009, approved the Data Accountability and Trust Act, H.R. 2221, which would regulate data brokers and empower consumers to access and correct data compiled about them, much as they can now do with credit reports.”
The bill also makes it unlawful to collect data under false pretenses, Dieterich added.
Pending in the Senate is the Personal Data Privacy and Security Act of 2009, S. 1490. It also would regulate data brokers and provide consumers access to their records.
“In addition, the Senate bill addresses government use of commercial data,” said Dieterich. “The Federal Trade Commission is investigating the problem and, in the absence of Congressional action, likely will tighten the rules on data brokers.”
In the meantime, she said, consumers should operate under the assumption that personal information put out on the Web has a life far, far beyond the site where it originally may have been submitted or posted.