People say there is no privacy on the internet, and goodness knows I’ve thrown my personal data around for years. I’ve been prepared for repercussions, but have also been smart about how I’ve shopped and with whom I’ve associated. Thankfully, I’ve escaped almost unscathed (crossing my fingers), with only a few “our company’s files were hacked and we suggest you change your password” messages so far.
I also know a few folks who seem to think strangers are listening to all of their cell conversations and leering at their Facebook photos. Really? Who has the time to listen to all those phone calls, and why would they? And you can manipulate your privacy preferences for photos (and most everything else) on Facebook, although you are taking trust to a higher level there.
But my focus today is on so-called Privacy Policies, those legal documents that only the most anal among us actually read when directed before clicking the Agree or Continue button. What is the true purpose of these contracts? 1) To reassure us that our privacy is truly guaranteed? Or 2) To cover the asses of the company if someone sues them for using their personal information for marketing purposes? I believe I will take door number two, Monty.
Corporate lawyers aside, every privacy policy I’ve read starts out by telling the user, “Your privacy is an important priority to us at XYZ Company, so we’re going to tell you how we use your information.” It sounds so helpful! So ingratiating! So full of crap!
Wait, doesn’t that remind you of the telephone answering services we have to deal with? “Your call is important to us, please hold for the next customer service representative…” Just before they place you in the queue until hell freezes over.
The policy goes on to tell you how they collect the info, including the stuff you don’t supply voluntarily (except by visiting their site), like your computer location, the type of browser you use (and thus the type of computer you own), what site you were visiting before you came to theirs, how long you lingered on each page of their site, etc. Should you really care? Probably not, but you should be aware of it.
“Knowledge is power.” ~Francis Bacon
Then we come to the actual data that you provide about yourself. They mostly say they “use secure technology to safeguard your information.” Well, whoopee. I use secure technology to safeguard the birdseed on my front porch, but the raccoons still get in.
What kind of secure technology? How secure is it? Who has access to my data and why? Where and how is it stored and for how long? Those are the specifics I want to know in a privacy policy, not just a vague reassurance that you gather my data and secure it according to your company policy. What exactly IS your company policy?
This is especially important when the company—and most do—say they are sharing the information with “affiliates” or “third-parties.” Of course, who knows what their company policies are?
I realize large corporations can’t post their entire security plans in their privacy policies—that’s not what I’m asking. But I want more information about what you do with MY data. It’s the only data I have, you see, and I’m trusting you to take care of it.
Here is a great example: the Opt Out Service for the Consumer Credit Reporting Industry. This is the official site where you can opt in or out of receiving firm offers of credit (read “junk mail credit card offers”) from the major credit companies. You have to give your name, address, Social Security Number, Date of Birth, and firstborn child on this form, but when you take a gander at the Privacy Policy, it’s as hazy as all the rest. (Okay, I was joking about the firstborn child, but not by much.)
Not a word in the entire document tells you anything specific about what they do with the most important information you can supply to identity thieves. Way down in Security and Confidentiality Note is this consistently obscure statement: “… we take other reasonable physical, technical, and procedural safeguards for purposes of safeguarding your personally identifiable information.”
It’s the only data I have, you see, and I’m trusting you to take care of it.
This is not enough for me, thank you. I would rather go to the separate credit agencies and opt out. At least I know they already have my information.
Note: The Social Security Number is not a national identification number, but don’t even get me started … And if you have your birthdate and year on Facebook, I suggest you remove the year for your safety.
The final rub is, these companies can change their policies at any time without notifying you. It’s up to you to keep checking back with their privacy policies in case they make a change. How many of these policies have you clicked through in the past? Each time you’ve become a member of a secure or member-driven web site and for every software installation you’ve ever done, you’ve agreed to these policies.
True, it is my choice to not agree, not purchase, or not visit the web site. However, if I want to participate or purchase, then that legal document (the privacy policy) that I am signing by proxy (by clicking that “I agree” box) applies in the other direction, too. The company has a legal and ethical obligation to keep my data safe and secure.
The question is, do they honor their promises?
Nice article! Loved this part “Well, whoopee. I use secure technology to safeguard the birdseed on my front porch, but the raccoons still get in.” – LMAO…
Just curious – what is your privacy policy and what are you going to do with my information..?? Uh oh, I think someone is watching me.
Later,
-Dennis
I haven’t posted a privacy policy yet, so I guess you’re taking your chances. (LOL) I see your point, but at least you didn’t have to scroll through the legal-sleaze. I’ll work on that.
Thanks for the post, Dennis! Now, back to work! (wink)
Internet security should not be a new concept, and yet, it really is for the general public. You would think protection could have (should have) been built in. It is not like the first users were not aware of what the potential risks were going to be. Instead, and sadly, it appears they consciously chose to leave it vulnerable and at times are even choosing to exploit it.
Here is another article dealing with security (or lack there of) when using free WiFi connections and one resolution that some people are choosing to implement. http://ownwp.com/personal-vpn-hackers-cant-get-hackers-cant-see/
It is important to know that we are responsible for ensuring our own security and it is good to see that people are at least trying to help one another become aware of the risks. Thanks for the post.
Thanks, Kerry. Great article about WiFi security. I agree that we are responsible for our own security to the extent that we are able, but there’s the rub, aye? The ability changes all the time, and most casual users don’t (or can’t) keep up.
Want to know what is already collected about you? Check this out and use the opt out of tracking feature for your browser. https://aboutthedata.com/ <- CLICK HERE
The problem with that is, Michele, that you have to–yet again–give all of your data to About The Data for them to do what you’re asking. And it includes full birthdate and the last four number of your SSN, which are some of the most sensitive data about you these days. Their own privacy policy is no better than others, and they share their data with third parties. I get the point, of course, but do I want to keep spreading this info around?
Yes understood. Let me explain a bit. What is now called about the data is the entity NSA was using (datamining) to gather your info. The website was launched as a proactive effort to seem transparent. NSA already has all of your data. It is better to log in and see what they have on you. It is already too late.
Thanks, Michele. I can guarantee that NSA DOES have all of my data, since I used to work for them. LOL
Now that’s even scarier 🙂 Big Brother is Watching.