Slashdot Mirror

← Back to Stories (view on slashdot.org)

Privacy Policies Only as Good as the People Enforcing Them

Posted by ScuttleMonkey on from the fear-the-market-droids dept.

Techdirt is reporting that while we all know privacy policies may not matter much in the grand scheme of things, a recent study shows that it may be even worse than originally surmised. It seems that the real issue is with who has access to personal data and what they are able to do with it. "of course, it's not just the people reading the policies that don't seem to understand them -- it's those in charge of living up to and enforcing the policies. A new study surveyed a bunch of executives, including both marketing execs and those in charge of enforcing the privacy policy, and quickly discovered that marketers have a very different concept of 'privacy' than privacy officers. Not surprisingly, they don't see anything wrong with sharing all sorts of data that seems to horrify privacy officers."

13 of 104 comments (clear)

  1. What other areas does this apply to? by RabidMoose · · Score: 5, Interesting

    I, for one, would seriously like to see a survey conducted across a wide ranges of job types and industries, polling employees about how compotent they feel they are at their job. I get the feeling a rather large number of people are just desk-fillers, who happened to be able get through the interview process, only to realize they have no idea what they're doing. And the same people have bosses who are just as incompotent, so everybody keeps their job.

  2. Most privacy policies are worthless anyway. by Ken+D · · Score: 5, Interesting

    Seriously. Google the phrase "except as allowed by law", you will find tons of privacy policies that look like this "BlahCo does not share your data except as allowed by law".

    Oh great! They won't break the law. That's comforting. Thanks for spending money telling me how you won't do anything to break the law. You'll just distribute my info to anyone to whom it is legal to do so.

    How about "BlahCo will not share your data except as REQUIRED by law." Oh no, that would stop their marketing efforts....

    1. Re:Most privacy policies are worthless anyway. by swm · · Score: 4, Interesting

      A few years ago, congress passed a law requiring companies to disclose their privacy policies to their customers. That's when we started getting those dense little privacy notices stuffed into our credit card bills and splashed onto web signup pages.

      Someone went through and *read* one of those things (from a major brand, I forget who) and worked out the actual content of it. What it came down to was

      "If you don't check the box [on the signup page], we will do whatever we like with your personal information.

      "If you do check the box, we will do whatever we like with your personal information, but we won't break the law."

  3. Some companies, such as Deniro just plain lie. by www.sorehands.com · · Score: 4, Interesting

    There are some companies, that just plain lie. In one such instance, Deniro Marketing, they were provided a unique e-mail address, and now that e-mail address is getting spam for drugs, enhancement products, stock tips, etc.

    I have had other companies (versuslaw.com) try to claim that "you must have been infected with a virus that distributed your address book." Of course, I run OS/2 and Post Road Mailer. Nobody writes virii for OS/2 and Post Road Mailer does not run scripts or anything else. Of course, I had another company blame it on their fulfillment people.

    --
    Fight Spammers!
  4. Re:Oh wow this isn't obvious by flaming+error · · Score: 1, Interesting

    > A system is only as good as the people that control it.

    A system that needs people to control it is destined to fail. A system that controls itself is robust.

  5. No surprise by Anonymous Coward · · Score: 1, Interesting

    No surprise. Privacy policies are really there to cover the corporation's assets, though they also function nicely as a platform for lawsuits.

  6. The survey doesn't even touch the hidden sharing by Darlin+Candy · · Score: 2, Interesting

    I was surprised to find my own company shared email addresses. I created an account for my companies website with my work email address... When I began being spammed with viagra ads and ways to play poker legally I was shocked. When I asked my director about this, they said they knew of nothing about it and would look into it. a couple weeks later I was informed they found the issue and it should be resolved.... What does that mean? I may never know.

  7. This pretty much says it for me: by BattyMan · · Score: 3, Interesting

    From the TechDirt discussion:

    When it comes to business "data" and citizen "data" we have seem to have two standards. Business believe that they can expropriate private data at will. We already have had example where the medical profession has taken samples from patients (without their permission in some cases) and developed tests, patented those tests, and made money; and given the patient zippo.

    Now if you, as a citizen, take business "data" such as a song you are deemed to be guilty of theft! Not only that, but as Mike has pointed out in other articles, the MPAA and the RIAA want to ignore due process. If they say you are guilty, you are guilty irrespective of the existence of any evidence.

    Business' should NOT have a right to expropriate, at will, what is not theirs.

    If corporate Amerika treated my "intellectual 'property'" (i.e. my personal identity, beginning with my email address, which I'll point out that they pay me NOthing for, but rather obtain by extortion: "you must surrender an email addres to register to use this website"!) as MY PRIVATE PROPERTY, maybe I would feel more inclined to treat their "intellectual 'property'" (i.e. music and movies _I_'ve paid money to them to use!) with a little bit more respect.

    As it stands now, what's good for the goose is good for the gander, and just as they see nothing wrong with sharing "my" email address with their "coroporate partners and marketing associates", I find nothing wrong with sharing "their" music and movies with my family and friends.

    --
    Exceeding the recommended torque is not recommended.
  8. Maintain Your Privacy First by stewbacca · · Score: 2, Interesting

    The only way to "try" and maintain your privacy is to NOT give away things like your name, e-mail address, phone numbers, etc. That still won't ensure privacy, as this article proves, but you don't need to make it any easier for them. Given most of you aren't willing to go to the extremes required to maintain your privacy yourselves, you should just expect your privacy to be violated. How many of you screaming "privacy!" right now have unlisted phone numbers, for example?

  9. Gotta Love the Double Standard . . . by The+Angry+Mick · · Score: 4, Interesting

    . . . in this little gem from the Forbes article:

    Ponemon notes that despite their differences, the two groups [marketeers and privacy officials] tend to agree about the privacy value of another kind of information: their own. Ninety-three percent of marketers and 99% of privacy officers surveyed said their own privacy was "an important personal issue."

    Translation:

    "I don't give a shit about my customer's privacy, but nobody better ever fuck with mine.

    --

    I'm not tense. I'm just terribly, terribly, alert.

  10. Ameritrade by bcrowell · · Score: 5, Interesting

    A classic example of this is Ameritrade.

    1. http://bbs.spamgourmet.com/viewtopic.php?t=81&postdays=0&postorder=asc&start=45&sid=21389b26d00d7c69bc59424a299b3f98
    2. http://groups.google.com.fj/group/news.admin.net-abuse.email/browse_thread/thread/de64222d0929c6b4/a402bc49558f7330

    I set up an account with them, using a single-purpose email address, amtdcrowell06 at lightandmatter.com. Notice the amtd on the front, which was a unique prefix I chose just for use with them. I started getting spam like crazy. Strangely enough, the spam was all about stocks -- pump-and-dump stuff. Ameritrade tried to blame it on a virus, which wasn't very plausible, since I was running FreeBSD, postfix, and mutt. They tried to blame it on a brute force or dictionary attack, which also wasn't very plausible -- the prefix doesn't really consist of dictionary words, and 13 characters, consisting of a mixture of letters and digits, gives a total of 10^20 possible addresses that would have had to be checked by brute force. I wouldn't have minded if it was a myspace account or something, but these were people who had large amounts of my money. I migrated my account to scottrade. Years later the news broke that ameritrade had leaked tons of email addresses. They blamed it on some unknown insider. Since people had been telling them about the problem for years, you'd think they'd have clued in a lot earlier. It's amazing how bad an internet-based company can be at the internet thing. If any slashdotters are using ameritrade, you might want to think about switching to some other company. (Ameritrade's web interface also had some functionality that didn't work properly in Firefox on Linux.) You can transfer your portfolio from one company to another without having to pay capital gains, and without incurring transaction costs.

    --
    Find free books.
  11. Re:s/News/Not News/ by budgenator · · Score: 2, Interesting

    A marketers job is to tell you how to think, what to want, and what ideals to have. They respect you like a puppeteer respects a puppet.
    How quaint, when I took marketing it was composed of 3 P's, Product, Price, and Placement and consisted of figuring out what the customer wanted, how much he wanted to pay and where he wanted to purchase; adding the forth P, Promotion really inverted things. Seems a 3P marketer wants his offices next door to the R&D department to make it as easy as possible to get potential product into production; a 4P marketer wants to be as close to legal as possible to make it as easy as possible to see how much they can get away with!

    --
    Apocalypse Cancelled, Sorry, No Ticket Refunds
  12. New Democratic Party of Canada by SleepyHappyDoc · · Score: 2, Interesting

    I knew this a while ago. In a fit of stupidity, several years ago, I decided to join Canada's NDP, and I was dumb enough to give them my email address. What ensued has been very educational about the position privacy concerns really occupy in Canada. Not only do they use a huge variety of spam-filter evasion techniques on their missives, but they blatantly ignore their own privacy policy, to the point of ridiculing their own members when they ask about it. Now, I shouldn't have expected a lot from a political party, but it seems interesting that the people who demand that others obey privacy rules (to the point of creating laws to compel people to do so) would have such a disdain for them. If they won't follow it, what possible incentive does anyone else have to waste any effort doing so?

    --
    Stasis is death. Embrace change.