WRAL Investigates

For secretive companies, your health data means big money

Posted May 19

— For the last few months, Kaori Isaacson has been shopping as she normally does at stores like Harris Teeter, CVS and Rite Aid, scanning her loyalty cards for sale prices in the process.

Just a few weeks ago, she announced to family and friends that she was pregnant.

But thanks to those loyalty cards and other efforts to track data on consumers like her, strangers could have found out she was expecting long before even her closest relatives.

Isaacson's name was one of thousands WRAL reporters were able to purchase in an investigation into data mining companies. The lists, compiled and sold to everyone from corporate marketers to politicians, include names, addresses and health information gleaned from purchasing patterns.

Experts say there is little protection for ordinary consumers, many of whom don't know data about their battles with diabetes, high blood pressure, cancer and even depression are being sold for just pennies per person.

"It is actually shocking and scary that somebody can buy my information," Isaacson said.

What WRAL tracks

Like most websites, WRAL.com uses files called "cookies" to recognize users' devices without their personally identifiable information.

But the site's privacy policy has rules on how this data is used.

"We try to deliver information, including advertising, that is relevant to our audience based on data we gather about their use of our site. However, we do not share any personally identifiable information about our users with any third party, without first receiving permission directly from the user," William Ammerman, director of sales and marketing for WRAL.com, said. "For example, we might share a contest winner’s information with the sponsor of the contest, but only after receiving permission from the contest participants."

A lot of what data mining companies compile starts with long privacy policies most consumers don't read when they sign up for online services from retailers, social media applications or banks. Many of these policies grant companies the right to sell consumer information for almost any purpose.

Although federal law protects medical information patients provide to doctors, pharmacists and health insurance companies, what consumers buy or search online might indicate certain health conditions.

That data, although not always accurate, can be incredibly valuable to groups looking to get their products or messages out to the right people.

"Consumers are helpless," Sarah Ludington, a Campbell University law professor who specializes in free speech and privacy, said. "They have almost no legal mechanism for keeping control of their information or for getting an effective remedy if their data has been misused."

Ludington began researching data mining techniques back in 2006. Since then, a U.S. Senate Commerce Committee investigation found data brokers collect a "huge volume of detailed information on hundreds of millions of consumers" and "operate behind a veil of secrecy." The Federal Trade Commission is also looking into the issue.

But Ludington said in all that time, there's been very little progress toward any sort of regulation over the data mining industry.

"Nothing's changed. That's what surprises me the most," Ludington said. "There isn't yet a meaningful law that protects consumer privacy."

Disable browser cookies

Cookies provide some additional functionality for website users, but they can also be used to track data about browsing habits. For instructions on how to disable them, select your browser below.

More often than not, Ludington said decisions about how to use this data – and decisions about what to disclose to consumers – are left up to secretive companies with little oversight.

"This is the problem of having no laws. The company that possesses all that information, it's up to them whether they want to let consumers see it or not," Ludington said. "And most of them have said 'no.'"

Ludington said consumers can take steps to protect their information by avoiding online surveys, adjusting privacy settings on their Web browsers and being more aware about using loyalty cards at retailers.

"Think twice when you use your customer loyalty card whether there's anything you don't want people to remember," Ludington said.

That's likely what landed 61-year-old Marilyn Bruner on a list of supposedly pregnant women.

The devoted caretaker of a brightly colored cockatoo named Maggie, Bruner had to think hard before realizing the baby food she buys is probably what led data miners to their incorrect conclusion.

"Maybe that's why they think I'm pregnant," Bruner said. "I buy it for the bird."

32 Comments

This story is closed for comments. Comments on WRAL.com news stories are accepted and moderated between the hours of 8 a.m. and 8 p.m. Monday through Friday.

Oldest First
View all
  • 68_dodge_polara May 20, 3:23 p.m.

    Can't wait for them to cross the HIPAA line and earn a few violations.

    — Posted by davidgnews

    believe they already have, but it's being swept under a very thick rug

    — Posted by scubagirl2

    I can guarantee you one thing: HIPAA will be openly violated, repeatedly and with total... View More

    — Posted by Wood Chipper

    Done.
    “The Administration will . . . 2. Address unnecessary legal barriers, particularly... View More

    — Posted by 68_dodge_polara

    The purpose behind the government mandating that all health care providers transition to Epic software is so that the government will only have to have a single standard way to easily access our health information. We have allowed this to happen because we have been asleep and the media fails us.

    More information about this gem
    http://www.chicagonow.com/publius-forum/2012/01/obamas-electronic-medical-records-requirements-already-causing-job-loss/

  • 68_dodge_polara May 20, 3:11 p.m.

    Can't wait for them to cross the HIPAA line and earn a few violations.

    — Posted by davidgnews

    believe they already have, but it's being swept under a very thick rug

    — Posted by scubagirl2

    I can guarantee you one thing: HIPAA will be openly violated, repeatedly and with total... View More

    — Posted by Wood Chipper

    Done.
    “The Administration will . . . 2. Address unnecessary legal barriers, particularly relating to [HIPAA], that may prevent states from making information available to the background check system.”

    http://www.jdsupra.com/legalnews/hipaa-gun-control-and-president-obama-21987/

  • Wood Chipper May 20, 2:51 p.m.

    Can't wait for them to cross the HIPAA line and earn a few violations.

    — Posted by davidgnews

    believe they already have, but it's being swept under a very thick rug

    — Posted by scubagirl2

    I can guarantee you one thing: HIPAA will be openly violated, repeatedly and with total impunity, by the very organization that created HIPAA... The federal Government.

  • scubagirl2 May 20, 2:11 p.m.

    Can't wait for them to cross the HIPAA line and earn a few violations.

    — Posted by davidgnews

    believe they already have, but it's being swept under a very thick rug

  • scubagirl2 May 20, 2:08 p.m.

    Pales in comparison to your private data that google scoops up and sells.

    They snoop your... View More

    — Posted by glarg

    Use your Android phone much and it does get scary. It knows what days I go into the office, when... View More

    — Posted by AliceBToklas

    and that is why I try to stay away from Google as much as possible and have nothing on/in the cloud

  • iopsyc May 20, 2:08 p.m.

    And I KNOW the Social Security Administration sells data too. They claim they don't, but as soon... View More

    — Posted by Well I. D'Clare

    If someone can nail this on the SSA they need to get hung out to dry (the SSA).

    As for the... View More

    — Posted by AliceBToklas

    I heard some people "forget" their cards at home and use their phone number to get the discounts instead...867-5309. Tommy Tutone would be proud.

  • scubagirl2 May 20, 2:06 p.m.

    And I KNOW the Social Security Administration sells data too. They claim they don't, but as soon... View More

    — Posted by Well I. D'Clare

    Actually I am of retirement age but have NOT elected to do so yet and I still get tons of stuff about retirement and all things related.

  • miseem May 20, 2:05 p.m.

    "...electing the liar-in-chief..."
    NoMoreOfThat May 20, 8:39 a.m.

    ummm... didn't we elect the... View More

    — Posted by sixnitepkg

    Thanks, sixnitepack, for reminding us where the REAL trouble started!

    — Posted by Plum Tuckered

    While your claims about Bush are laughable and uninformed, I'm more entertained by the fact that... View More

    — Posted by Wood Chipper

    What are they uninformed about? Opinions without facts are just that - opinions. Yours is no better than anyone else's.

  • miseem May 20, 1:59 p.m.

    Don't expect your government to protect your data - they USE it to their advantage:
    "The Obama... View More

    — Posted by privilegesrevoked

    Of course, the GOP would not think of doing anything like that.

  • davidgnews May 20, 1:51 p.m.

    Can't wait for them to cross the HIPAA line and earn a few violations.

More...