By Aritra Sarkhel & Neha Alawadhi, ET Bureau | Updated: Feb 28, 2017, 06.56 AM IST
BENGALURU/NEW
DELHI: If data is the new oil, then there is a gigantic oil spill all around
you. Your personal data — be it your residential address, your phone number,
email id, details of what you bought online, age, marital status, income and
profession — is all up for sale. Most of this personal data is sold for less
than a rupee per person — the cost of a chewing gum.
Over
one month, ET approached companies called ‘data brokers’ — who hawk their
services on online listings and sell personal information — posing as a
prospective buyer. For anywhere between Rs 10,000 and Rs 15,000, we were
offered personal data of up to 1 lakh people in Bengaluru, Hyderabad and Delhi.
The lists up for sale are creative and granular. One data
broker said he could get lists of high net worth individuals, salaried people,
credit card holders, car owners and retired women in any given vicinity.
Some brokers sent free samples: excel sheets
with personal data of people in Bengaluru, split by address and income
profiles. ET called a dozen people from these lists to verify their details.
“It’s scary to say the least,” said Hyderabad-based Rajashekar, whose data like
name, address and credit card ownership was procured from a Gurgaon-based data
broker who sold ET a sample database of nearly 3,000 people with Axis Bank and
HDFC Bank credit cards. The price tag: Rs 1,000.
The
database had details like name, address, phone number and the classification of
the card (debit, credit or a premium card). The broker also said that a
database of 1.7 lakh people from Delhi, NCR and Bengaluru can be made available
for Rs 7,000.
“It should be deemed as a crime. Without my
permission, how can someone trade information related to me?” said
Bengaluru-based Nagaraj BK, who was appalled that details of his purchase of a
gas stove on eBay were procured by ET as part of a free sample.
Similarly,
Bengaluru-based Shruti’s purchase of luggage on Amazon, along with her phone
number, was part of a free list of 115 online purchases made from the city.
When contacted to check if the purchase listed was accurate, Shruti was
offended and scared and even wondered if her Amazon account had been breached.
In
response to ET’s queries, eBay said it takes data security and privacy of
buyers and sellers on its platform very seriously. An Amazon spokesperson said
the company was not aware of any data leak or any data being sold from their
end, adding that any such case brought to their notice will be dealt with
strictly to ensure customer data protection.
HDFC
Bank and Axis Bank both said they work on educating customers about the
importance of protecting private or personal details, as well as safe banking
practices. “We can’t confirm the authenticity of the data shared with you by
the data brokers and would urge people to highlight to us if they come across
instances like this for us to take it up with the relevant authorities,” an
Axis Bank spokesperson said.
The
obvious question to ask is: where are these brokers getting the data from?
“Most of the data is sold to us by mobile service providers, agents from
hospitals and banks, loan agents, car dealers,” Rajesh, an executive from an
NCR-based data broker, told ET.
To be
sure, data broking isn’t illegal but it does work in a grey zone. A 2014 US
Federal Trade Commission report identified data brokers as companies that
“obtain and share vast amount of consumer information, typically behind the
scenes, without consumer knowledge.”
“Globally, data broking is an approximately
$200-billion industry. Marketing products generate over 50% revenue, followed
by risk mitigation, which constitutes approximately 45% of the revenue, and,
finally, people search constitutes the remainder,” says Kannan Sivasubramanian,
VP of research firm Aranca.
The FTC
report cited earlier said “data brokers operate with a fundamental lack of
transparency,” and asked US lawmakers to consider enacting legislation to give
consumers greater control over the immense amount of personal information about
them collected and shared by data brokers. India’s IT Act does not specifically
address the issue of data brokerage and privacy.
“When you sign up for free discounts, fill out
questionnaires, or your clickstream in general, you are giving up all the data
voluntarily and agreeing to privacy policies that allow you to do so,” said
Mishi Choudhary, executive director of non-profit legal services organisation
Software Freedom Law Centre.
The
most obvious kind of misuse is of financial data. The Reserve Bank of India
registered 8,689 cases of frauds involving credit cards, ATM/debit cards and
internet banking up till December 2016. This number was 16,468 in 2015-16. Many
of these frauds are perpetrated by scamsters by using freely available personal
data to win the confidence of customers to get them to share critical data like
CVVs or one-time passwords (OTPs).
However, data brokerage is still at a very nascent stage in
India. The market is dominated by larger international players such as Epsilon,
Equifax and Experian that offer more sophisticated data sets.
John Young, US-based Epsilon’s chief analytics
officer, told ET that the data they collect comprise customers’ previous
transactions from PoS (point-of-sale) systems, thirdparty data such as
demographic and lifestyle information.
“Increasingly, data from social media sites –
much of it unstructured data, such as tweets – is collected for analytics that
can help deepen the understanding of consumers,” Young told ET in an email
response.
Data collected by agencies such US-based Equifax
Credit Information Company, who carry out consumer credit reporting, is an
example of data contributed by banks and other financial institutions.
“All the data in credit bureau is contributed to
directly from our member financial institutions in a standard format. We do not
collect any additional information from users directly,” Manu Sehgal, business
development leader, emerging markets, told ET
Read more at:
No comments:
Post a Comment