Versium Analytics – You Probably Don’t Know Them, They Might Know All about You Though

Versium is a data technology company that has a database they call ATLAS.  In that database are, in their words, “…billions of records with billions of real life attributes on consumers and businesses.” The data include, in summary:

    • Emails: 3.6 Billion Records / 400 Million Unique Emails
    • Social Profile Data: 132 Million Records
    • Demographic Data: 240 Million Records
    • Interests Data: 240 Million Records
    • Mobile Phone Numbers: 90 Million Records
    • Land Line Numbers: 120 Million Records
    • Vehicle Data: 240 Million Records
    • Address History Trail: 1.6 Billion Records

A more complete and unbelievable list of the consumer information they claim to have in their database is at the end of this post.

Version sells access to this information and provides analysis tools to use with it.  Of course this is concerning, but it looks much worse when you review Versium’s Privacy Policy.  Consider the following excerpts (my comments inserted in brackets):

Collection of Information

Versium aggregates its data from various sources and in some cases collects data itself. Versium uses commercially reasonable efforts [What are those efforts?] to ensure that its data suppliers comply with all state and federal laws when it comes to data privacy but it has limited visibility in terms of how all data is gathered from [I think they mean by rather than from.] its data suppliers. In cases where Versium collects the data itself, Versium only gathers data that is visible and available through general public access means. [This conflicts with the collection practices described in the following paragraph.]

Versium reserves the right to perform statistical analyses of visitor’s behavior and characteristics in order to measure interest in and use of the various areas of the site. Versium may provide aggregated data from these analyses to third parties. [While it doesn’t say so, it would appear that they are referring to de-identified information.  However, in the following section there are references to visitor information that suggest they are talking about personal information that is not de-identified.  This is either bad drafting, or deceptive.] Also, visitors should be aware that Versium may sometimes permit third parties to offer subscription and/or registration-based services through the Versium web site.

Opt Out Policy

Upon request, Versium will allow any visitor to “opt out” or correct information contained in its database. [How do you know if you are in their database?  If you do find out your information is in their database, what about the data they already shared with others?]  Versium will use reasonable efforts to update and correct personal information which is erroneous to the extent such activities will not compromise privacy [Wouldn’t privacy be the reason to opt-out?  What does this mean?] or security interests [What does this mean?] and upon verification of the person making the request.  [What is the verification process?]

Versium will upon request, and verification of the person making the request, use reasonable efforts to delete the visitor’s personal information from its database. [This is where it seems clear that they are not de-identifying information collected from visitors to their website.  Otherwise this whole paragraph would be redundant – except for the last sentence as noted below ]  Visitors should be aware that it might be impossible to completely delete erroneous information or a visitor’s personal information without some residual information remaining in its database because of backups and records of deletions. [Does this disclaimer apply to the information described in the previous paragraph?  You would think so.]

 One last and very important excerpt:

Your California Privacy Rights

Under California law, organizations are required to provide residents of the State of California a choice in the use of certain personal information by third parties for marketing purposes. If you are a California resident interested in exercising your third party disclosure choices please send us a request to opt-out to:

In the post Monday, we discussed the California law referred to above (which unfortunately the legislature failed to make more stringent).  This is one reason why what happens in California is important.  When California gets it right there are consequences. We need to have other states follow their lead on this.  Of course, this also begs the question why Versium can do this for Californians, but not for residents of other states.

For readers outside the U.S., this is also an example of why what you’re doing is important.  Any assertion of privacy rights anywhere can have a beneficial effect elsewhere – big or small.

This is the larger description of the personal information that Versium says is in its database:

This entry was posted in Big Data, Privacy and tagged , . Bookmark the permalink.