Acxiom

Overview

Acxiom (now operating as LiveRamp following a 2018 corporate restructuring) is one of the oldest and largest data brokers in the United States. Founded in 1969 as Demographics Inc. in Conway, Arkansas, the company was renamed Acxiom in 1988 and spent over five decades building one of the most comprehensive databases of consumer information ever assembled.

The scale of Acxiom's data holdings is staggering: an estimated 2.5 billion consumer records globally, covering detailed profiles on over 300 million individuals in the United States alone, virtually every American adult.

In 2018, Acxiom sold its data marketing services division to the Interpublic Group (IPG) for $2.3 billion and rebranded its remaining data connectivity platform as LiveRamp. However, the Acxiom data assets and brand continue to operate under IPG ownership, maintaining one of the largest commercial databases of personal information in existence. LiveRamp, now publicly traded, focuses on identity resolution, connecting consumer identities across devices, platforms, and offline-to-online environments.

The data broker industry, in which Acxiom is a founding pillar, operates in a regulatory gray zone. These companies collect, aggregate, analyze, and sell personal data about consumers who have no direct relationship with them and often no awareness that their data is being traded. Acxiom's longevity and scale make it emblematic of the systemic privacy challenges posed by the data brokerage ecosystem.

For decades, Acxiom was the world's largest commercial data broker by virtually any measure, data volume, attribute depth, client count, and revenue. The company's transformation into LiveRamp represents a strategic pivot from raw data brokerage to identity infrastructure, but the fundamental privacy concerns remain: the company's core business is connecting and monetizing personal identity across contexts where individuals expect separation.

Data Collection Practices

Acxiom's data collection is vast, multi-sourced, and largely invisible to the individuals profiled:

Public records form a foundational data layer, systematically collected and integrated into consumer profiles:

• Property records and deed transfers
• Voter registration files from all 50 states
• Court records (civil, criminal, bankruptcy)
• Vehicle registrations and driver's license data
• Professional licenses and certifications
• Census and American Community Survey data
• Birth, death, and marriage records

Commercial data partnerships provide purchase history, transaction records, loyalty program data, warranty registrations, and subscription information from thousands of retailers, financial institutions, and other businesses that share customer data with Acxiom.

These partnerships are typically invisible to consumers, when someone makes a purchase at a retailer with an Acxiom data-sharing agreement, that transaction data flows into Acxiom's database without the consumer's knowledge or meaningful consent. The consumer has no relationship with Acxiom and may have never heard of the company, yet their purchase behavior is being aggregated and sold.

Online behavioral data includes website visits, search patterns, social media activity, and app usage collected through tracking pixels, cookies, and data exchange partnerships with advertising technology companies.

Acxiom's partnership with Facebook (2013-2018) was particularly significant, Acxiom's offline consumer data was used to enrich Facebook's advertising targeting capabilities, enabling advertisers to target Facebook users based on their real-world purchase behavior and demographic characteristics. This partnership bridged the offline-to-online identity gap that had previously limited digital advertising's effectiveness.

Self-reported data from surveys, sweepstakes entries, product registrations, and online forms is integrated into profiles, often without consumers understanding that their responses will be aggregated and sold to third parties.

Acxiom has operated consumer survey programs for decades, collecting self-reported data on income, health conditions, religious affiliation, political views, and lifestyle preferences. The fine print of these programs typically includes consent to data sharing, but the language is designed to be overlooked rather than understood.

Inferred attributes are generated by Acxiom's modeling systems, which predict characteristics not directly observed:

• Political affiliation and voting likelihood
• Health conditions and medical interests
• Financial stress indicators and credit risk proxies
• Life events (pregnancy, divorce, retirement, new home purchase)
• Purchasing propensity scores across product categories
• Household composition and family structure

Acxiom's database reportedly contains over 11,000 data attributes per consumer, organized into hundreds of segments covering demographics, psychographics, financial characteristics, health indicators, political leanings, lifestyle preferences, and predictive scores.

Some reports cite up to 1,500 data attributes in the core profile, with thousands more derived through modeling and segmentation. The full scope of what Acxiom knows about any individual consumer is not disclosed, even the AboutTheData.com portal showed only a subset of the available data.

The LiveRamp identity graph connects these attributes to individual identities across devices, cookies, email addresses, and physical addresses, enabling advertisers and other clients to recognize and target the same person as they move across websites, apps, connected TVs, and physical stores.

Known Clients & Government Contracts

Acxiom's client base spans virtually every major industry that monetizes consumer data:

Financial services: Major banks including JPMorgan Chase, Bank of America, and Wells Fargo, along with credit card companies and insurance firms, use Acxiom data for customer acquisition, risk assessment, and targeted marketing.

The data is used to make decisions that directly affect consumers' financial lives, from credit card offers and interest rates to insurance pricing and coverage decisions. The use of data broker information in financial services blurs the line between marketing and underwriting, raising concerns about discriminatory pricing based on opaque consumer profiles.

Political campaigns: Both major U.S. political parties and their affiliated organizations use Acxiom data for voter targeting, micro-segmentation, and persuasion modeling.

The Obama 2012 campaign and Romney 2012 campaign both utilized Acxiom consumer data to build voter models. The company's consumer profiles are a foundational input to political data operations that identify persuadable voters and customize messaging based on predicted interests, concerns, and vulnerabilities.

The use of commercial consumer data in political campaigns raises distinct concerns: voters are being profiled and targeted based on consumer behavior data they never consented to share for political purposes.

Advertising agencies and platforms: The world's largest advertising holding companies, WPP, Omnicom, Publicis, and IPG (which now owns Acxiom's marketing division), use Acxiom data to build audience segments for targeted advertising campaigns across digital and traditional media channels.

Facebook data partnership (2013-2018): Acxiom's partnership with Facebook allowed advertisers to target Facebook users using Acxiom's offline consumer data, creating a powerful bridge between real-world behavior and digital advertising.

Facebook ended the partnership in 2018 following the Cambridge Analytica scandal and increased scrutiny of third-party data sharing. The dissolution of this partnership was a significant revenue loss for Acxiom and a signal that the era of unrestricted third-party data sharing was evolving, though the underlying data brokerage business continues through other channels.

Government agencies: Acxiom has provided data to law enforcement and government agencies, including the Department of Justice, Department of Homeland Security, and Transportation Security Administration.

Following the September 11, 2001 attacks, Acxiom provided extensive consumer data to the government for counterterrorism screening programs, including the Total Information Awareness (TIA) program run by DARPA and airline passenger screening systems. This post-9/11 collaboration established a precedent for commercial data brokers serving as de facto intelligence resources for the U.S. government.

Retail and consumer goods: Major retailers and CPG brands use Acxiom data for customer analytics, store location planning, marketing attribution, and customer lifetime value modeling.

Pharmaceutical companies: Drug manufacturers use Acxiom data to identify and target patients with specific health conditions, a practice that raises significant ethical concerns about the use of health-related inferences for commercial marketing.

Privacy Incidents & Litigation

FTC Data Broker Report (2014): The Federal Trade Commission's landmark study "Data Brokers: A Call for Transparency and Accountability" highlighted Acxiom as one of nine major companies profiting from the collection and sale of consumer data with minimal transparency or consumer control.

The report called for legislation requiring data brokers to give consumers access to their data and the ability to opt out. The FTC found that data brokers collected data on virtually every U.S. consumer, maintained thousands of data attributes per person, and operated with near-total opacity. Acxiom was identified as maintaining one of the largest consumer databases studied.

Post-9/11 Government Data Sharing: Following the September 11 attacks, Acxiom provided extensive consumer data to the U.S. government without warrants. The company's data was used in the Total Information Awareness (TIA) program, a DARPA initiative led by Admiral John Poindexter, designed to achieve "total information awareness" about potential terrorists by aggregating commercial, financial, and travel data on the entire U.S. population.

When Congress defunded TIA in 2003 following public outcry over the program's Orwellian scope, many of its component programs continued under different names within the intelligence community.

Acxiom's role in airline passenger screening programs (CAPPS II and its successor Secure Flight) further demonstrated the company's willingness to enable government surveillance with minimal public oversight.

The post-9/11 episode established a template that persists today: the government can effectively purchase surveillance capabilities from data brokers that it could not legally conduct directly, bypassing Fourth Amendment warrant requirements by accessing commercially aggregated data.

Data Breach (2003): An Acxiom employee, Daniel Baas, was found to have stolen billions of records from the company's database over a two-year period and sold them to Scott Levine, a Florida man who operated a spam email company.

Baas pleaded guilty and was sentenced to federal prison. The breach, one of the earliest major data broker incidents, exposed the scale of Acxiom's data holdings and the insider threat risks inherent in concentrating billions of consumer records in a single organization.

Hacked Access (2003): In a separate incident, Levine himself gained unauthorized access to Acxiom's database containing personal information on approximately 1.6 billion consumer records.

Levine was convicted and sentenced to eight years in federal prison. Together, the two 2003 incidents demonstrated the concentrated risk of massive data aggregation, a single point of compromise could expose data on hundreds of millions of individuals.

Senate Commerce Committee Investigation (2023): U.S. Senators revealed that data brokers including Acxiom sell sensitive personal information, including precise location data, health conditions, sexual orientation, religious beliefs, and financial information, with minimal restrictions.

The investigation documented that data brokers enable purchasers to build intimate profiles of individuals without their knowledge, and that the data is available to essentially anyone willing to pay, including foreign intelligence services, stalkers, and scammers.

Consumer Opt-Out Difficulties: Advocacy organizations including the Electronic Frontier Foundation, Privacy Rights Clearinghouse, and the World Privacy Forum have documented that opting out of Acxiom's data collection is deliberately complex.

The process requires multiple steps across different systems, opt-outs are often not fully honored or are reversed when new data enters the system, and the company's data-sharing agreements with thousands of partners mean that data removed from one source may re-enter the system from another.

This creates what privacy advocates call "zombie data", personal information that returns to a profile after a consumer believes they have successfully opted out.

Vermont Data Broker Registry (2018): Vermont became the first U.S. state to require data brokers to register and disclose basic information about their practices. Acxiom registered as required, but the registry revealed the scale of the data broker ecosystem, over 120 companies registered, with Acxiom among the largest.

The Vermont registry demonstrated that modest transparency requirements could be implemented without destroying the industry, undermining the data broker lobby's argument that any regulation would be unworkable.

Congressional Testimony (2013): Acxiom CEO Scott Howe testified before the Senate Commerce Committee about data broker practices, defending the company's practices and arguing that data-driven marketing benefited consumers through more relevant advertising.

Privacy advocates criticized the testimony as minimizing the surveillance implications of Acxiom's business model. The hearing highlighted the disconnect between how data brokers describe their business (marketing optimization) and how privacy researchers describe it (commercial surveillance infrastructure).

Data Broker to Foreign Intelligence Services: The 2023 Senate investigation documented that data brokers sell data to foreign governments and intelligence services, effectively enabling foreign surveillance of American citizens. Because data broker information is commercially available, foreign intelligence agencies can purchase detailed profiles on U.S. persons without conducting espionage, a loophole that both the FBI and intelligence community have acknowledged as a national security vulnerability.

Threat Score Analysis

Acxiom receives a composite threat score of 75/100, reflecting its role as a foundational infrastructure provider for the surveillance marketing ecosystem:

• Data Collection (88/100): Acxiom maintains one of the most comprehensive consumer databases ever assembled, with 11,000+ attributes on hundreds of millions of individuals. The multi-source collection approach, combining public records, commercial transactions, online behavior, surveys, and inferred characteristics, creates profiles that individuals have no practical ability to review, correct, or delete. The depth of these profiles extends to sensitive categories including health conditions, political affiliation, and financial vulnerability.

• Third-Party Sharing (95/100): Data brokerage is Acxiom's entire business model, the company exists to collect personal data and sell it to third parties. Thousands of organizations purchase Acxiom data for purposes ranging from targeted advertising to government surveillance, with minimal restrictions on downstream use. No other score factor captures the fundamental threat of a business model built entirely on monetizing personal information without meaningful consent.

• Breach History (60/100): The two 2003 incidents, insider theft of billions of records and external unauthorized access to 1.6 billion records, demonstrated the catastrophic risk of concentrating consumer data at this scale. While these incidents occurred over two decades ago, the underlying risk remains: Acxiom's database is a high-value target for both insiders and external attackers.

• Government Contracts (50/100): Acxiom's post-9/11 data sharing with the government, including the Total Information Awareness program and airline passenger screening, demonstrated willingness to enable government surveillance without warrants or meaningful oversight. Ongoing relationships with DHS, DOJ, and law enforcement agencies continue, though government work is not the company's primary revenue source.

• Transparency (35/100): While Acxiom launched AboutTheData.com (2013, now discontinued) allowing consumers to view some of their data, the initiative was criticized as superficial, it showed only a fraction of data Acxiom holds, did not include inferred attributes or scoring models, and required registration that itself collected additional data. The company has resisted comprehensive transparency requirements and made opt-out processes deliberately cumbersome.

Weighted calculation: (88 * 0.25) + (95 * 0.25) + (60 * 0.20) + (50 * 0.15) + (35 * 0.15) = 22 + 23.75 + 12 + 7.5 + 5.25 = 70.5, adjusted to 75 due to the systemic role Acxiom plays as foundational infrastructure for the broader data brokerage ecosystem and the precedent-setting nature of its government surveillance partnerships.

Transparency & Accountability

Acxiom has positioned itself as the "most transparent" data broker, but this is a low bar in an industry defined by opacity.

The company launched AboutTheData.com in 2013, allowing consumers to view a subset of their Acxiom profile. The portal was promoted as a first-of-its-kind transparency initiative in the data broker industry.

However, independent analysis revealed significant limitations:

• The portal showed only a fraction of the data Acxiom holds
• Inferred attributes and scoring models were not visible
• Registration required providing additional personal data
• The data displayed was often inaccurate, and corrections were difficult to implement
• No mechanism existed to verify that data was actually deleted upon request

The portal was quietly discontinued, leaving consumers with even less visibility into their profiles than the limited view it provided.

The fundamental challenge with data brokers like Acxiom is the information asymmetry: the company knows vastly more about individuals than individuals know about the company's practices.

Consumers cannot meaningfully consent to data collection when they are unaware it is happening, cannot verify the accuracy of their profiles, and face practical obstacles to exercising opt-out rights. This information asymmetry is not a bug in the data broker model, it is the business model itself. Transparency would undermine the commercial value of the data by enabling consumers to control it.

Efforts to regulate data brokers at the federal level have stalled repeatedly, though state-level legislation has begun to create a patchwork of requirements:

• California (CCPA/CPRA): Gives consumers rights to access, delete, and opt out of sale of personal data
• Vermont: First data broker registration requirement (2018)
• Texas: Data broker legislation requiring registration and compliance
• Oregon, Connecticut, and other states: Various data privacy laws affecting broker practices

Acxiom and the data broker industry have consistently lobbied against comprehensive federal privacy legislation that would fundamentally restrict their business model.

The industry's preferred approach, self-regulation and voluntary transparency initiatives, has been criticized by the FTC, Congress, and privacy advocates as inadequate to address the systemic privacy harms of unchecked data brokerage. Over a decade after the FTC called for data broker legislation, no comprehensive federal law has been enacted.

The LiveRamp transformation represents a strategic adaptation to increasing privacy regulation, not a fundamental change in business model. By pivoting from raw data brokerage to identity resolution infrastructure, LiveRamp positions itself as the essential "plumbing" connecting consumer identities across the digital advertising ecosystem, a role that may prove even more difficult to regulate than traditional data brokerage.