Commentary
The Inconvenient Truth... About Consumer Privacy
- by Cory Treffiletti , Featured Contributor, September 1, 2010
The last few weeks have seen a lot of press surrounding the issues of privacy and consumer safety. It's a relatively cyclical discussion that seems to be raised every two to three years, but its gaining steam now that the government is getting more involved. I'm not one to talk politics, nor am I one to sit and here and tell you that everything is acceptable in regards to Internet standards for consumer privacy, but I do want to put some of this discussion in perspective.
The last thing anyone should ever do is defend a policy by pointing fingers at someone else and saying, "but they're worse." However, in this case I think it's time to do a little finger-pointing. My wife was recently sharing with me some of the "fine print" on the automotive financing bill we get monthly. We own an American car, financed by an American car company, so you would assume their privacy policy is in line with simple standards for American consumer privacy. If that is the case, then some of these facts may be somewhat shocking. Here are a few of the highlights, taken word for word, from that recent bill...
advertisement
advertisement
"Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some not all sharing.
"The types of personal information we collect and share depend on the product or service you have with us. This information can include: Social Security number and income, payment history and purchase history, credit history and assets.
"Reasons we share your personal information - for our everyday business purposes, for our marketing purposes, for joint marketing with other companies, for our affiliates' everyday business purposes, for our affiliates to market to you. Can you limit this sharing? No."
Those statements are rather broad, in my opinion. The sharing of my Social Security number, name and personal financial history with an affiliate for their everyday business purposes, regardless of my permission, opens a doorway for my personal information to be released outside of acceptable terms.
Unfortunately, I have no control over this -- and if their affiliates do not have a similar policy in place, then all of a sudden my information is available. And no mention is given on the method for sharing this data - it's inevitably done through digital means. Just this year I've had my mail stolen twice, and my credit card number changed four times because of fraudulent charges made to it. In two of those cases, the credit card company admitted they had a security breach. If that is the case, then whom do you trust?
The general issue with Internet privacy and the use of cookies to collect information, is that some groups consider this usage of data to be an invasion of privacy. But the fact is that most (and I agree that we are talking about most) Internet companies are gathering non-PII (personally identifiable information). They are gathering anonymous data on behavior that enables ad targeting and the delivery of tailored content. These companies are not gathering and sharing your Social Security number, income, payment history, credit history, assets or your name and address.
If consumers are up in arms regarding the usage of your general Internet data, why aren't they up in arms regarding the use of your PII by traditional companies? What about your credit card company? What about the grocery store loyalty card you swipe to get a percentage off your purchases? What about those "anonymous" companies that buy and sell everything about you to the highest bidder, under supposed regulation of the government? Has anyone asked what their policies are?
There does need to be some regulation regarding the fringe companies that are using malware to gather and share personally identifiable information, but the majority of ethical, responsible companies need not be thrown out with the bathwater. Self-regulation on the part of the industry and a responsible plan for monitoring and purging irresponsible companies and tactics should be put in place to ensure that consumers' rights are not being taken advantage of.
Responsible Internet companies should be rewarded and recognized for taking into consideration the rights of the consumer, and consumers should be made aware of of all the ways their information is utilized by all manner of companies. Credit fraud and identity theft are not new crimes, and our industry should not be given all the blame for these issues arising.
Consumer privacy is indeed a big deal and an issue that requires attention, but I hope that the responsible parties address the issue on a grander scale and reward the companies that are acting in a responsible manner with the consumer in mind.
If you care about the issue, be sure to speak to your local Congressman or Congresswoman, address it in your blogs -- or just simply respond on the Spin Board!
Too true! And I'd also recommend that those with sterling credit histories and other forms of certifiably-preferred economic status (sadly a diminishing group in today's economy) choose to do business only with companies, lenders and institutions providing adequate protection for PII (or ideally, requiring minimal PII for any transaction, and then retaining only what's necessary to maintain a customer relationship, which in many cases should be no more than name, email, and perhaps a street address, in addition to purchase/billing history).
There's nothing like the grassroots sense that 'good, low-risk business is walking away' to make folks pay attention.
I think it's especially important to look at this stuff, when you consider that many of these practices are cumulative and latent -- that is, the idea of retaining or transacting certain kinds of PII for added revenue emerges from fairly deep in the operational bowels of these companies, so is not necessarily aligned with front-office strategy, public image or marketing. And the various disclaimers and pro-formas creep into contract boilerplate -- in many cases, perhaps just as self-defense against future litigation.
I think this is very insightful. It's true; there are ways, which most of us are unaware of, that allow our information to be shared without our consent. I think about this every time I'm on the phone with someone who processes my credit card and every time I login to make a payment on my card when I’m asked for my mother’s maiden name or the city I grew up in.
Responsible internet companies do not collect personally identifiable information such as social security number or name unless a user chooses to share that information with them through a registration page or online transaction. And these companies typically provide users with the ability to opt out through their company website.
Thanks for bringing this to light.
There is no such thing as self regulation. The more people try to fool themselves and their self serving community, the worse this is going to get. This is going to be sorriest generation ever to future generations.
"If consumers are up in arms regarding the usage of your general Internet data, why aren't they up in arms regarding the use of your PII by traditional companies?"
The media isn't talking about it. That's why consumers aren't up in arms. The Internet is getting a lot of bad press and that's making people think more about Internet privacy than offline-privacy. It's the topic du jour.
I disagree. "Unfortunately, I have no control over this... speak to your local Congressman or Congresswoman." If you don't like a privacy policy from a finance company, don't use the company. You have complete control over who you give your money too. Also, under the FCRA and the FTC Affiliate Marketing rule, plus the GLBA and the FTC Privacy Eule, affiliates of financial service providers must comply with the policy provided to you, by the affiliate you do business with. There is no way affiance company can just pass info to an affiliate, and the affiliate can ignore the policy. The FTC would pursue that in a heartbeat. Congress and the federal agencies have dealt with this in the finance world.