As one of three credit bureaus in the United States, Equifax keeps financial data on every adult in America, plus people in 16 other countries. But the company knows much more than just what goes into an old-fashioned credit score.
It maintains information about people who share the same phone number or address, "non-obvious" relationships between individuals, loans for dental work, magazine subscriptions, rental history, real estate assets, investment wealth, retail purchasing, the type of federal tax return someone files, marital status, employment, utility payments, cable TV accounts, criminal records, debt-to-income ratios, changes of address, motor vehicle files, post office boxes, inferences about someone's capacity to pay bills, predictions about someone's propensity to pay, links to past and potential fraud crimes--and more.
This pile of more than 800 billion records is sliced, diced, analyzed and indexed into 26 petabytes of data. That's more data than the FBI's Investigative Data Warehouse, said to be the single biggest repository at the agency, with its relatively measly 1 billion unique documents. In all, Equifax has data on 500 million consumers and 81 million businesses worldwide.
Says Equifax CIO Dave Webb: "We know more about you than you would care for us to know."
In his wry British way, Webb alludes to the power of information and his push to derive ever more lucrative products and services from Equifax's vast stores of it. Webb says Equifax can make money off IT innovation--that is, his staff's ability to manipulate massive amounts of data better and faster than competitors can.
The company has launched scores of new IT-based products in the past few years, chasing two ideas: cutting risk and improving marketing for its 46,000 business customers. Equifax can, among other things, check an immigrant's employment status, verify a doctor's credentials, assess an Internet user's social influence and monitor a child's budding credit portfolio. Big data. Big Brother. Big bucks.
But like other companies in various industries hoping to spin in-house data into revenue, Equifax has to maneuver through tricky economic, political and cultural changes. The recession forces businesses to seek out reliable data on which to base decisions (opportunity), but they have less money to spend (problem). Congress enacted tough regulations to try to control mortgage companies (opportunity), while President Obama's new Consumer Financial Protection Bureau says it's going to monitor credit bureaus (problem). People are freer with personal data than ever before (opportunity), but they don't like it when companies get too personal (problem).
Rivals Experian and TransUnion also are remaking themselves into analytics companies. "Decision analytics is the growth engine for these companies," says Elizabeth Mason, an analyst at Outsell, a company that studies the information industry. "Yet it's a shifting landscape. We don't know yet what the public's tolerance is for companies mining all of this data really well."
Privacy? What Privacy?
Business isn't just about building a better mousetrap. It's about finding out why people don't like mice and what they're willing to do about it. In the past, companies might have gathered consumers in a room to quiz them. Now they pay millions of dollars to collect, buy and analyze data about those consumers, to market the best mousetraps to the right customers.
And why not? People give up personal information in return for convenience. They hand over data about their Web activity for the chance to win a cruise. They let online game companies vacuum up personal tidbits from their Facebook accounts.
Equifax itself coaxes consumers to give up personal information online. A contest to win World Series tickets and $3,000 asked Facebook users to submit a photo and short essay on what they would do with the money.
Consumers share knowingly and unknowingly, through surveys, location-based services, searches, online resumes, photos, check boxes, check-ins, tweets and clicks. People have no time to read gobbledygook privacy policies; they simply click "I Agree."
"The majority of consumers have no clue about the breadth of the information about them, where their information is residing and who has access to it," says John Ulzheimer, president of The Ulzheimer Group, a credit reporting and identity-theft consultancy.
How the norms have shifted. Until the mid-1990s, the conventional wisdom about privacy protection was, in essence, that information collected for one purpose shouldn't be used for another. The idea is rooted in a 1973 federal guideline, "Code of Fair Information Practices," which advocated consumer control and consent as core principles.
After the Web opened up, we moved away from the notion of separating and guarding individual pieces of data to protect privacy. Now the prevailing goal seems to be to collect and combine nearly as much personal information as possible in the quest for profit.
There's a growing movement against that trend, though, that CIOs should monitor. What people don't like is when companies combine personal data to reveal more than any single piece of information can, says Lee Rainie, director of the Pew Research Center's Internet and American Life Project. "They are nervous, concerned that material might hurt them," he says.
Still, he notes, people fail to lock down their data out of ignorance or neglect, or sometimes because it's simply not possible.
To protect consumers from themselves and from overreaching companies, lawmakers are getting involved. In March, the Federal Trade Commission recommended that businesses make privacy protection their "default setting." Companies are asked to issue clearer explanations about what happens to consumer data and simplify the choices people are given for how their information is used. "Implementing these best practices will enhance trust and stimulate commerce," the FTC says. Congress, meanwhile, is writing "Do Not Track" and other privacy bills.
For now, as data-based products grow more profitable, the boundaries consist of regulations, laws and the judgment of companies policing themselves.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.