Data Analytics Company Agrees to Pay $400,000 to Settle New Jersey Allegations

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Lorraine McCarthy  

Nov. 22 --A Tennessee-based data aggregation and analytics company has agreed to pay $400,000 to settle New Jersey administrative enforcement action claims that the company engaged in “history sniffing’’ to track the websites consumers visited without their knowledge or consent, New Jersey Acting Attorney General John J. Hoffman (R) announced Nov. 21 (In re Dataium, LLC, N.J. Dep't of Law and Public Safety Div. of Consumer Affairs, docket number unavailable, consent order 11/15/13).

The state also claimed that Dataium LLC of Nashville, Tenn., sold 400,000 consumers' personal identifying information to a third-party data analytics company for $2,500 without notifying those consumers or obtaining their consent, according to a Nov. 21 statement by Hoffman, the New Jersey Division of Law and the New Jersey Division of Consumer Affairs.

Under the terms of the no fault administrative consent order, Dataium agreed to a payment of $400,000, of which $99,000 is payable over the next two years and $301,000 is suspended unless Dataium fails to honor all terms of the settlement. The suspended payment obligation will be vacated after five years if Dataium continues to comply with the terms of the settlement and doesn't violate the New Jersey Consumer Fraud Act.

Dataium denies the allegations and cooperated fully with the state's investigation, according to the consent order.

Notice and Choice

The company also agreed to implement a privacy program designed to protect the confidentiality of the consumer information it collects.

The agreement requires Dataium to: create a program of comprehensive privacy controls and procedures to protect the privacy of consumer information; post one or more pages within its website explaining the types of consumer information it collects and how it is used; and inform consumers about how to opt out, limit or otherwise control the data Dataium collects about them.

New Jersey's “bedrock of consumer privacy rests on notice and choice,’’ New Jersey Division of Law Director Christopher S. Porrino said in the statement announcing the settlement. “At the very least, Dataium should have notified consumers and disclosed their data transfer practices.’’

According to the statement, history sniffing involves the use of a JavaScript code that scans the browsing history of a website user from the web browser. Web browsers display website links in a different color after a user visits the website, enabling the sniffer to determine which websites a user has visited based on the color of the link.

Dataium aggregates and analyzes billions of Internet-based consumer car-shopping sessions to help its automotive industry clients understand consumer demands and trends, the statement said.

The state said it determined that Dataium engaged in history sniffing from November 2010 through November 2012, when it allegedly tracked more than 181,000 user visits to car dealership websites, popular search engines and news articles, all while collecting the browsing history of individual browser users without their knowledge or consent.

Information Sold

The state also determined that Dataium had sold information including the names, phone numbers, e-mail addresses and vehicle preferences of 400,000 consumers without their knowledge to Acxiom Corp., one of the world's largest data analytic companies.

The transaction was part of a data supplier “test agreement’’ between the two companies, ostensibly to determine “the value of marrying online behavior from Dataium with offline behavior from Axciom,’’ according to the state.

Dataium has maintained consistently that it didn't engage in any practice that violated any state or federal law, Dataium managing director Angie Sherrell told Bloomberg BNA Nov. 21.

“We will move immediately to more prominently disclose how we collect and use data, and will continue to provide all visitors with the ability to control the amount of data-sharing all the way to completely opting out,’’ Sherrell said.

“The availability, analysis and use of so-called 'big data’ is part of a larger national conversation about how we share and use information to benefit the consumer,’’ Sherrell said. “Dataium aspires to be an industry leader in best practices that provides safeguards for the consumer, transparency and value for our clients.’’


To contact the reporter on this story: Lorraine McCarthy in Philadelphia at

To contact the editor responsible for this story: Katie W. Johnson at

Full text of the consent order is available at

Request Bloomberg Law: Privacy & Data Security