Information & Ethics committee  No, any of the health-related information comes from surveys. It does not come from protected health information. In the U.S. we have a law called the health information portability and accountability act, HIPAA, which regulates prescription information and patient-doctor information.

Information & Ethics committee  The type of data you just described, such as what he purchases at the liquor store and so forth, would not be the type of data that Acxiom has. We have general demographic information that describes the household characteristics: is this a couple living there? Do they have children?

Information & Ethics committee  Thank you.

Information & Ethics committee  The data in the U.S. comes from three primary sources. It comes from public records, but for something like golf or tennis, it would typically come from a consumer survey in which they have indicated that this is an interest of theirs. Or it would come from a subscription to a golf or tennis magazine, or purchases from a golf or tennis catalogue.

Information & Ethics committee  We provide data to any client—HSBC or any other client—under contract, and that contract specifically says what they can do with the data. In the case of our U.S. clients, they can use the data for marketing purposes. They typically do not receive all of those data points. They are interested in certain data points for their particular marketing purposes, and not all data points are applicable to all industries.

Information & Ethics committee  We do provide some data to Google and Facebook. As I said earlier, we indicate through surveys and other non-social media services or sites that people have an interest in social media, a high or low interest, and what kinds of social media, such as Twitter or other chat rooms, as opposed to, say, a Facebook-type of social media.

Information & Ethics committee  No, they typically get the names. The data is delivered to the clients in two ways. They can buy a list from us that is a selected list based on certain criteria that they specify. In other words, a drug company might want a list of people with an interest in allergies or who suffer from allergies, because they want to promote a particular new product to them.

Information & Ethics committee  Let me maybe clarify the 1,500 data points.That is the maximum number of data points that we attempt to collect. I don't know that we have all 1,500 elements on any one individual. About half of those are actual interests and activities that consumers are involved in and, of course, while I may play golf, I typically may not also play tennis or boat or have other hobbies.

Information & Ethics committee  We have alleviated all of the ones that we're aware of, but I will reiterate that it is a continuing, iterative process, which is why we do audits ourselves. We do all kinds of data loss prevention, as well as firewall and on-site security checks daily, so that as the threats evolve, which they do over time, we're always at least one step ahead, if not further ahead, of the bad guys.

Information & Ethics committee  Well, “flawless” is a word that I'm not sure applies to security these days, unfortunately, but we take every precaution we can. As I said, we're constantly checking it and we have the added value of having our clients come and check us as well.

Information & Ethics committee  Well, if we did, if some of our sources provided us data on Canadian citizens, then we would screen them out when the data came to us to put into our products. Each of our products in each country is built for that country, so that we can be sure we're complying with appropriate laws relative to citizens' data.

Information & Ethics committee  Yes. If we bought a list from someone that had both Canadian and U.S. data in it, we would exclude all of the Canadian data when we built our U.S. product.

Information & Ethics committee  Yes. Let me start with Canada, because it's pretty simple, and then I'm happy to describe what we do in the U.S., which is far more complex. In Canada, we match name and address and telephone number, because these are telephone directory listings and we have a phone number for every record.

Information & Ethics committee  It's primarily U.S. Our largest data centres are in the U.S., but we do have data centres in the U.K. that service our European operations. We have data centres in Australia and China that service our Asian operations. The data centre for all of the processing we do for Canada is based out of one of two locations in the U.S.

Information & Ethics committee  The software is commercially available software from IBM, from Oracle, from SAS, and others.