Fun_People Archive
19 May
American Express - More service than you want?

Content-Type: text/plain
Mime-Version: 1.0 (NeXT Mail 3.3 v118.2)
From: Peter Langston <psl>
Date: Tue, 19 May 98 19:09:15 -0700
To: Fun_People
Precedence: bulk
Subject: American Express - More service than you want?

X-Lib-of-Cong-ISSN: 1098-7649
Forwarded-by: Nev Dull <nev@bostic.com>
Forwarded-by: Phil Agre <pagre@weber.ucsd.edu>

[For information on Privacy Forum see http://www.vortex.com . -psl]

From: privacy@vortex.com (PRIVACY Forum)

PRIVACY Forum Digest      Wednesday, 13 May 1998      Volume 07 : Issue 09

----------------------------------------------------------------------

From:    lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: American Express Selling Customer Purchase Data


Greetings.  You hand over your American Express (AMEX) card to a merchant,
and later walk away with your goodies.  Not only have you just made a
convenient purchase, but apparently you've also participated in a largescale
marketing plan, where your purchase profiles will be cross-referenced
through an external database and sold to outside parties for commercial use.

Surprised?  You don't recall giving permission for this sort of use of your
purchase data?  You're not alone.  It's another example of business "data
creep"--data that was collected for one purpose, being used for various
different purposes, often without the knowledge or explicit permission of
the customer party involved.

It was recently reported that AMEX has entered into an agreement with
KnowledgeBase Marketing to provide detailed purchase profiles to small
businesses for marketing purposes.

KnowledgeBase Marketing states that it gathers information from public
sources, and reports indicate that the information can include everything
from the value of your home to the ages of your children.  AMEX would
apparently be combining in your purchase profiles--reportedly not the
specific purchases you made--but rather the detailed types of purchases.
Perhaps you make frequent trips to Europe or buy lots of cat food.  Your
purchase history can be profiled down to very specific categories and
targeted in a precise manner.

While AMEX has stated that customers can choose to remove themselves
("opt-out") of the plan by writing to them, initial reports indicate that
AMEX has not been planning to explicitly inform customers about this
database/marketing effort or their options in regard to this plan.

My reading of AMEX's policies about such issues on their web site suggests
that this marketing plan would not explicitly violate the letter of those
principles.  As long as AMEX customers have been notified (presumably
somewhere deep in the routine customer disclosure documents) that they can
write in to opt-out from (unspecified) marketing plans, AMEX apparently
considers them to be "on notice" for all future outside marketing efforts.

However, by not being more explicit about notifying customers regarding
specific marketing plans and partners, it would appear that AMEX is
definitely not interested in making the opt-out option (writing a letter)
particularly popular.  And of course, it would apparently be unthinkable
for AMEX to ask customers in advance if they wanted to participate in
particular marketing efforts ("opt-in").

I've been attempting to get more information about this AMEX plan and their
policies in this regard.  However, my efforts to reach the AMEX Vice
President who has been quoted about this marketing plan, have so far been
unsuccessful.

For a point of comparison, I contacted Visa International regarding their
policies when it comes to customer information and received a prompt
response.  Visa International says that they themselves do not sell
cardholder information to merchants, though individual members (e.g. card
issuing banks) set their own policies regarding such matters, since the
members themselves manage their relationships with their cardholders.

This whole issue tends to again call into question the repeated claims from
the marketing industry that "self-regulation" is sufficient to protect
consumers, and that legislation to shield consumers from abuse of their
purchase and other personal data is unnecessary.  The best intentions of
some business entities can be swamped by the more exploitive data management
practices of less enlightened enterprises.

So just say "charge it!"
prev [=] prev © 1998 Peter Langston []