Why there was no privacy in death

January 28, 2014 5:45 PM EST

Today, National Data Privacy Day, is a good time to reflect on the fact that Americans continue to have an uneasy relationship with the data that businesses and governments gather about them.

Almost every day it seems there's another revelation about what marketers, social media, or the government know about people's lives. But the most shocking development of late came last week with the news that OfficeMax had sent a mailing to the family of a recently deceased teenager, addressing it to "Mike Seay/Daughter Killed in Car Crash/Or Current Business."

While it's terrible that such data would ever make it onto a mailing label, no one should be surprised to hear that the data broker that provided the mailing list to OfficeMax had that type of data stored somewhere. This is not news. In fact, data brokers have been capturing this sort of information for decades. The largest data brokers have thousands of fields of data about every American, most of it having to do with demographics. The data gets pulled from publicly available criminal records, judgements, liens, property deed records, bankruptcy filings, and the Social Security Administration's Death Master File. It includes consumer data such as magazine subscriptions, and Web-based data ranging from news stories to social network profiles. Are you married? Do you have children? Own an SUV? What are your hobbies and interests? Marketers want to know as much as they can about their customers and prospective customers, so data brokers buy up that data in bulk and structure it in a way that allows marketers to send coupons and other offers to highly targeted groups of people who are the most likely to want them.

Why would data brokers want to capture death data? One rather unsavory reason that might spring to mind would be to market products to people who have suffered negative life events -- need a lawyer? But there's another reason why marketers want to have access to this information.

"Data brokers have been asked to make sure that their lists don't include people who would be gravely offended by certain offers," and they do this by creating fields with what's called "suppression information," says Jules Polonetsky, executive director and co-chair with the Future of Privacy Forum. This ties into efforts to provide what's called "life cycle marketing," where offers are targeted at groups such as expectant parents or new teen drivers. For example, if a woman is pregnant and signs up for a free parenting magazine in the doctor's office, news of her pregnancy will enter the marketing ecosystem. But if she miscarries, no marketer wants to be sending her coupons for free diapers. One might argue as to whether life cycle marketing should be initiated in the first place, but if marketers are going to start tracking life events they need to know when to stop. And right now, marketers aren't always very good at that.

So how did OfficeMax's list provider screw up so badly? "It was probably because of the accidental inclusion of suppression information," Polonesky says.

There are two ways that the error might have occurred, says Chris Babel, CEO at Truste, a company that consults with businesses in data privacy management. Accidental inclusion of the suppressed field from the database seems unlikely, since other offended consumers would have come forward by now. "If there aren't a lot of other examples with OfficeMax, it may have just been a data entry error," he says.

If so, it was beyond a doubt the worst case data entry error nightmare the office supplies retailer ever could have imagined, and the company's vague statement that the error was "a result of a mailing list rented through a third-party provider" left both the public and the victim with a sense of unease.

"Why would they have that type of information? Why would they need that? What purpose does it serve anybody to know that? And how much other types of other information do they have if they have that on me, or anyone else? And how do they use that, what do they use that for?" Seay asked in an interview with NBC Chicago.

The best step OfficeMax could take would have been to provide both Seay and the public with open and honest answers as quickly as possible. In the post-PRISM era, consumers are suspicious. They want transparency into what data is being gathered, why, and at least some control over data about them, including how it's used and whether it's accurate. Opening that dialog would go a long way toward reassuring consumers and earning their trust.