Clarke defines profiling two ways:
- Abstract Profiling. This involves the extraction from a large volume of data of an "abstract profile" of a class of person, such as a drug trafficker or a young person likely to attempt suicide. This is followed by the comparison of a database of personal data about large numbers of people, in order to identify "suspects" or "prospects."
- Personal Profiling. This is the accumulation, acquisition and cross-referencing of data about individuals, sometimes combined with geo-demographic data; followed by its use for various micromarketing purposes.
Clarke focuses on the second method, giving two example of financial institutions' use of profiles. One is for the purpose of "Applicant Qualification," where data about applicants for loans is gathered from a variety of sources, and procedures are applied to the assembled data, in order to assess whether the lending institution will advance the loan sought. Clarke terms this "negative" profiling, as it is primarily a means of disqualifying a person.
The other is more familiar to most firms, "consumer marketing." This is the collection and use of data about consumers, gathered from a variety of sources, being used to select targets for promotional activities, and to select the most appropriate alternative promotional materials and channels for each consumer. Clarke terms this "positive," as it is primarily used for drawing an opportunity to a selected consumer's notice.
Increasingly, he finds, such detailed profiling, for both positive and negative purposes, is "flying in the teeth of the gale of public concern about privacy-invasive practices, and snowballing efforts by advocates and policy-makers to impose regulation on private sector use of personal data." To head off government intervention, he urges companies using data mining in the service of consumer profiling to "seriously consider the nature of their relationships with their customers, and adopt a strategic stance concerning customer privacy."
Many consumer-rights advocates in America agree. Wired News magazine recently concluded that, despite repeated warnings from federal regulators, the online community has done a poor job regulating itself when it comes to protecting the privacy of individual users. Wired's James Glave, who tracks data security issues, warns that the lack of commonly-held data privacy standards may invite federally-imposed consumer privacy protection laws.
Glave and David Hoye, writing for the Arizona Republic recently, suggest that companies who collect data in the form of registrations and other surveys provide concrete assurances that data is kept confidential unless the consumer authorizes them to sell the information.
Otherwise, the government might come up with its own data privacy plan.