Thursday, August 26, 2021

Taking Back Your Privacy – from ZoomInfo

By Tony Lee

Note:  I am not a lawyer, there are probably no laws broken here, and I am sure many will say that this is how the sales industry works. However I disagree with the way our data is being collected and sold. If you disagree as well, at least you can take it away from one organization that sells it.

Background

Recently, I was experiencing an uptick in cold calls * to my personal cell phone * from sales reps trying to pitch enterprise technology products. Please note that I understand that Business development (BD) / inside sales is a tough job and I don’t fault the reps themselves for doing their jobs. However, these calls to my cell phone were often occurring during dinner or even late into the evening when time should be spent with family. It was getting as bad as the car warranty calls and you know how frustrating those can become. After asking the last few reps where they received my cell phone number, they said that I was just a record in their SalesForce database and they thought it was an office desk phone. When I asked what fed their SalesForce database, they all said the same thing:  ZoomInfo.


What is ZoomInfo?

According to ZoomInfo, they create “profiles of business people and companies, which we call “Public Profiles,” from different sources. Once we have collected business information about a person or company, we combine multiple mentions of the same person or company into a Public Profile. The resulting directory of Public Profiles is then made available to the users of the site and our customers and strategic partners.”  Source:  https://www.zoominfo.com/b2b/faqs/data/how-does-zoominfo-get-my-info 


In short, ZoomInfo appears to source data from “publicly available” sites (and who knows where else), augments it with purchased data, and then sells that data to populate customer contact databases for sales purposes. I believe this is a serious privacy concern since this is not something that I opted into. And more importantly I certainly did not opt into receiving phone calls from numerous sales reps on my personal cell phone – yet it is happening and ZoomInfo is the distributor of my personal data.


How to tell if ZoomInfo has your data

The easiest way to see if ZoomInfo has your data is to go to Google and search for zoominfo, your name, followed by your company name as shown in the screenshot below.

Ex:  zoominfo <your name> <your company name>

Figure 1:  Searching for yourself in the ZoomInfo database

Then you can click on the Google search result to verify that it is you and see the click bait information that prompts organizations to pay to receive your data such as email address, direct phone number, HQ number, Company, and location -- possibly more.


Figure 2:  Public Profile View -- Click bait for you to purchase full access

As a bonus, if you are curious as to how much information ZoomInfo has about your organization, use this handy Google dork:

inurl:www.zoominfo.com/p/ "at <company name>"

For a bit of irony, let’s use a fantastic organization that may care about this activity for this example -- the Electronic Frontier Foundation (EFF).  “The leading nonprofit defending digital privacy, free speech, and innovation.”

inurl:www.zoominfo.com/p/ "at EFF"

The following result yields 60 hits of people that are currently at the EFF or previously worked at the EFF.  I blurred it out because I respect their privacy. Larger organizations yield thousands or hundreds of thousands of records.




Figure 3:  Google dork example using the EFF

Note that Google omits some results, but you can go to the last page of the Google Search and rerun the search with the omitted results included to see all of the records.

Removing your Information from ZoomInfo

Ok, so ZoomInfo built a public profile on you...  Thankfully, they do provide the ability to remove your information from their database and even notify others (to which they already sold your info) that you want to opt-out.  From what I have seen, the publicly displayed page removal is nearly instantaneous.  Kudos to ZoomInfo there.


Figure 4:  What your public profile looks like after it has been removed.

To start taking back your privacy, go to the following link:


Figure 5:  Info Removal Page

After inserting the email address that they have on file (partially displayed on your public ZoomInfo page), you will receive an email with a four digit code.  Enter the code and you are taken to the page to opt out.  There is a check box that says:  “I would like to delete and opt-out of the sale of my information.”  Check this box and also select the radio button to share the opt-out request with other data providers to let them know that you do not wish to have your data sold. That is a very nice option and I hope it works. Only time will tell. Submit the page and then double check your public profile which should now yield the 404 error. I am not sure how long that lasts before they start building another public profile.


Figure 6:  Opt-out page with options

Conclusion

While the business model that ZoomInfo uses is most likely legal, this model contributes to the erosion of digital privacy. I don't appreciate companies selling my information which results in unwanted cold calls and extra spam. If you don't like it either, at least now you have the ability to confirm it is happening and take back your privacy -- one database entry at a time if that is what it takes.