Information Sold from Lead Forms

Lead forms were designed to provide a company with information about a potential customer so that when the two connect, the company can provide exceptional customer service to a person that they know is more qualified and more-than-likely ready to purchase. If a company is unable to convert that customer into a sale or if the company’s business model is not to actually sell a product or service, but rather to sell the customer’s information to another party or multiple parties that do sell the good or service, the customer may realize quickly that the personal information they provided in the lead form is now in the hands of a number of other unknown companies.

You’re a smart consumer, perusing the latest articles and news blasts about cyber threats. The latest software is hard at work on your laptop, tablet and phone, blocking malware and other invasive online dangers. And, you’ve purchased and installed protection for your multiple devices. But what about the seemingly harmless act of providing information on Internet forms? These web-to-lead forms only require a few basic facts, right?

They may ask you to provide information for quotes for products and services; e.g. insurance, mortgages, credit cards, tech support. Companies may want to offer you coupons or “thank you” gifts. They could request input for improving customer interactions. You could enroll in online bill payments. And, many websites require you to provide personal or business information (dating, games, apps, etc.).

When used properly, web-to-lead information is extremely effective and useful. Over the last few decades, this communication format has exploded in popularity, allowing individuals, businesses and organizations to collect information about potential (and existing) contacts. Sales professionals use these web-to-lead forms to create quotes to provide consumers with the products and services they need. These web-to-forms enable you to provide essential information through websites, conveniently, accurately and quickly. By the way, shorter forms (no more than two required fields) are actually considered more effective for attracting prospective customers.

But when it comes to consumers’ safety and security, that’s not as important. Sure, there may be professionals, who only want to provide consumers with the best experiences. But all it takes is one person accessing your basic web-to-lead form for improper reasons. They can then sell your web-to-lead information to third parties, potentially multiple times. This can be very irritating, with telemarketers calling you at any time, email filling up with spam, regardless of filters, and mailboxes overflowing.

Your purchased web-to-lead information may also be manipulated and used for more harmful purposes. You could end up owing money for purchases you haven’t made. Your web-to-lead forms could be involved in criminal activities. And then there’s healthcare; with access to prescription information and health histories, you and your family could even face physical risks.

The bottom line is that while providing information via web-to-lead forms can be very valuable and useful, it can be also expose you to danger. Fortunately, there are steps consumers can take to minimize these threats, while continuing with web-to-lead transactions.

The issue with data brokers?

The Internet has enabled life-changing discoveries, from global infrastructures to the tiniest genetic modifications. But as with most achievements, it must be handled responsibly and carefully. As the nation, and the world, now relies on its computers and personal devices, speed and convenience become more important, while is left behind. This is definitely the case with web-to-lead information, where we regularly provide our names, phone numbers, email and mailing addresses. But they can demand more specific, invasive data, including: age, gender, occupation, religion, ethnicity, political affiliations, income and driver’s license and Social Security numbers.

Yes, this information gathering could be completely professional and innocent, and the majority of lead generators are doing good work. No, the real problem occurs when these companies sell your web-to-lead information to third parties, known as “data brokers,” once or multiple times. Once your web-to-lead form is sold, these companies can search for other data about you across the Internet to “fill out” your profile. You’re then sold off, and once the data brokers set their sights on your profile, the telemarketers get to work.

And don’t think that this harassment will stop after you’ve received the product or service you were shopping for in the first place. According to a March 2014 60 Minutes expose, data brokers have access to huge amounts of sensitive consumer information, and have so for years. They sell these web-to-lead forms to many other third parties, including other companies and even governments. For instance, the largest data broker, Acxiom, states that it typically has 1,500 pieces of information obtained from more than 200 million Americans.

When it comes to your web-to-lead forms, these third parties may not be committing any crimes. As long a customer information privacy policy is provided, and can be accessed on the websites, they’re following the law. These policies must meet the Fair Information Practice Principles guidelines set forth by the Federal Trade Commission (FTC), the agency tasked with consumer protection. Indeed, with the exception of some state and federal laws and organizations (the Better Business Bureau), the industry is basically unregulated. But aside from the FTC, some agencies do get involved with compliance issues, including states’ Attorneys General and the Consumer Financial Protection Bureau (CFPB), which protects consumers in the financial sector.

Having your web-to-lead data sold to data brokers and other third parties can cause irritating, time-consuming problems, including endless phone calls, spam emails and texts and junk mail. And signing up for the National Do Not Call Registry (DNC), whether for calls or emails, won’t really help with web-to-lead forms. When filling out web-to-lead forms, their fine print states that you are permitting their communications. Under the FTC’s Telemarketing Sales Rule (TSR), companies may call consumers with whom they have an “established business relationship,” even those with numbers listed on the Registry.

These telemarketers may not even be live people, but rather robocalls – recorded, human-sounding messages. The FTC reports that they’re actually increasing, as telemarketers take advantage of online resources to send out thousands of calls, for low costs. As many are made overseas, robocallers can disguise the caller ID screen. They can also fool people into thinking they’re legitimate businesses. If you try to speak to a human, this generates more calls. The FTC has declared robocalls an enforcement priority. Consumers are encouraged to write down the telephone number shown on the caller ID and report it to the FTC. Signing up on the DNC may help, as well.

Healthcare is a special concern

When third parties purchase web-to-lead form information, they can manipulate your information. Your credit can be affected, causing you to owe for purchases you haven’t made. This information can also involve you in criminal activities. But it can also impact you and your loved ones’ healthcare. For instance, strangers could access your prescription information or gain knowledge about pre-existing conditions and health histories.

“You can buy from any number of data brokers, by malady, the lists of individuals in America who are afflicted with a particular disease or condition,” stated Tim Sparapani, a data broker advisor to tech companies. Web-to-lead forms may also affect your health insurance. Once data relating to prescription or pre-existing conditions is released, some carriers could try to deny insuring them by avoiding contact from a particular person they know to be unhealthy based on their lead form data.

Beyond the losses of privacy and security, having your health-related information sold can be physically dangerous. People with issues or conditions they’d prefer be kept private, such as sexually transmitted diseases, may avoid visiting their doctor. Patients may also misrepresent or lie about symptoms or conditions, or even take incorrectly prescribed medications, to prevent information from being revealed. Individuals could even harm themselves or others, such as those with mental health issues, by skipping their necessary treatments.

There’s little regulation for healthcare information, but related companies, particularly those collecting patient information, must follow the guidelines of the Health Insurance Portability and Accountability Act (HIPPA). Among this law’s mandates are those for: healthcare fraud and abuse; industrywide standards for healthcare information; and the protection and confidential handling of protected health information. Those companies dealing with online interactions with children (13 years or younger) must also comply with the Children’s Online Privacy Protection Act (COPPA).

Ways to protect yourself

While web-to-lead forms have made it far more convenient to provide necessary information, as you’ve seen, they can lead to many problems if used improperly. But you do have a say in the matter, at least initially. These activities are not a case of being hacked or having your identity stolen. No, you are personally, willingly providing business or personal data to other parties.

So, you need to familiarize yourself with some general practices when filling out Internet forms. Some of these tips are easier, but when you’re providing your private information, it’s worth the additional time and effort. And some of these actually apply to general website security. First, it’s important to have an idea as to who actually owns (and runs) the website you’re on. If you’re providing information for a home security system, make sure that you’re actually on their website when entering your data. Next, you should do some web-surfing – especially message boards or “Comments” sections — and research the company for any complaints about how they handle leads. And, when speaking with salespeople, you need to determine if they’re licensed agents and ask for their license numbers.

It’s a good idea to carefully read the disclosures and fine print on those web-to-lead pages. There needs to be a privacy policy provided; if not, avoid entering your information. The Government Accountability Office (GAO), the agency responsible for the federal government’s auditing, including Congress, performed a study in 2013 for lead generation companies. Both the GAO and the Department of Commerce agreed that due to technological changes and the growing demand for consumer information, Congress needs to strengthen the consumer privacy framework. This would provide consumers with more effective privacy options, but still support commerce and innovation.

As for the companies requiring the web-to-lead information, they should have high-quality, effective encryption in place to safeguard your sensitive data, especially if they work with third-party companies. Encryption involves making data unrecognizable, including that sent over the Internet, files and storage devices. Once encrypted, only authorized parties can access this information.  In terms of encryption methods, many companies, particularly, providing web-to-lead technology make this a priority.

As the industry’s leading cloud-based platform, Salesforce has integrated its web-to-lead platform with the company’s customer relationship management (CRM). Besides ensuring the tracking, management, analysis and forecasting of web-to-lead data, their CRM protects consumers’ security for contact information. The company also provides a setting for Lead Validation Rules, which removes terms identified as spam before they’re added to the system. Salesforce and other tech companies have installed special security features and countermeasures, as well.


Have You Been Hacked?

*Cyber breach data provided by Have I Been Pwned

Enter your email or username to see if your information was compromised.

Have You Been Hacked?