This study confirmed that business execs at major Asian companies are selling customer data thanks to 70,000-word terms and conditions no one ever reads

Healthcare and financial services companies were the top two industries guilty of selling sensitive customer data, business execs admitted.

In a recent survey conducted for software company CA Technologies by analyst firm Frost & Sullivan, 40 per cent of business executives in the Asia-Pacific region admitted that they sold sensitive consumer data, often without the knowledge of their cybersecurity colleagues.

Some of this data – taken from fitness devices, search engines, and even DNA tests – contain sensitive personal information about the consumer that lets anyone reading it identify who it belongs to, and possibly even their relatives.

This is especially alarming in the case of healthcare and financial services companies, which were the top two industries where executives said the terms of service policies allowed the sale of customer data.

 The study said that it’s possible insurance providers are even using this data to calculate insurance premiums and decide if the company will sell particular policies to particular customers.


Data confirming that sensitive consumer data has been sold.
Global State of Digital Trust Survey and Index 2018

The survey covered 265 business executives working at companies who earn at least S$137 million (US$100 million) in annual revenue.

When asked about the sale of customer data, these execs often mentioned the business’ policies, the research report revealed.

Often, customers must agree to these policies before they can access any services.

The report continued: “T&C policies written by lawyers are lengthy and potentially confusing, even for university-educated consumers.

“Further, many [execs] candidly admitted that consumers have no idea what they were agreeing to.”

Ironically, these execs are the same ones who said their data protection policies were easy to understand.

The report added that companies also use data from paying customers for “revenue enhancement initiatives”.

“While it might be said that there is an almost wilful ignorance among consumers about the exchange of data for free or freemium online services, it might also be said that organisations monetising the data of paying customers wilfully hide those facts in 7,000-plus word T&C policies,” the report added.