Privacy Policies Only as Good as the People Enforcing Them 104
Techdirt is reporting that while we all know privacy policies may not matter much in the grand scheme of things, a recent study shows that it may be even worse than originally surmised. It seems that the real issue is with who has access to personal data and what they are able to do with it. "of course, it's not just the people reading the policies that don't seem to understand them -- it's those in charge of living up to and enforcing the policies. A new study surveyed a bunch of executives, including both marketing execs and those in charge of enforcing the privacy policy, and quickly discovered that marketers have a very different concept of 'privacy' than privacy officers. Not surprisingly, they don't see anything wrong with sharing all sorts of data that seems to horrify privacy officers."
Ummm.... Duh... (Score:5, Insightful)
The strength of a chain is only that of it's weakest link. We recently had a proposal to implement NAC and they're constantly tightening policies. Most solutions however are easily circumvented and rendered incapacitated by only one person or device.
As usual, the problem with computer and/or network security is not necessarily the computer (unless you're running Windows) but the people sitting in front of it.
Thank you, oh, master of the obvious! (Score:3, Insightful)
Privacy only as good as the people taked to enforce it? And how is this news, hmmmm?
I mean, I once heard of a farmer who gave the keys to the henhouse to a fox. And, guess what? The next day: no more chicken! What a surprise!
In other news, people with matches put more things on fire, and war is dangerous business for just about everyone, including puppies and cute little kids.
Any policy... (Score:4, Insightful)
Any policy is only as good as the people enforcing them.
See: US Constitution, Antitrust Law, the Tax Code
Always the case? (Score:2, Insightful)
Aren't any policies or laws only as good as the people enforcing them?
Re:In related news (Score:5, Insightful)
Shit stinks
When my oldest daughter was born, the first time I changed her diaper I said "Wow! A miracle baby! My kid's shit don't stink!
Two weeks later I almost gagged changing her, I was ready to call the EPA. Later I found that no newborn's shit stinks. It only stinks after the baby has bred bacteria in its bowels.
Shit does not, in fact, stink. Bacteria stinks. You might actually need to run a scientific experiment to determine this statement's validity.
The article would be a lot more newsworthy is the researchers had found surprising data rather than what everyone expected.
Policy != same interpretations (Score:4, Insightful)
There is a thick gray line for what falls under protecting privacy and sharing critical information.
Giving an email adress for some may not seem like critical information that will violate a persons privacy, while to others it would be like a crime against humanity and all that is decent. Or you can go more to the middle, like the information that TiVo collects, while it is not accoated to any particular person however their viewing habits are monitored and tracked and used for advertisers, to but a little green thumb next to stuff you may be interested in. Or to see that you actually do watch that show that in public your vietemently deny ever seeing. Perhaps it could go one step further of using your system ID left join to user names of system IDs name and adresses.... All information falls on the sliding scale. If you are a good data miner and have the access you can figure out most anything.
Eg. a normal Slashdot post. you have the user name. Then you can see all the posts the person posts in the past. For example you can probably search all my posts and find my Real Name and my Current address. As looking at pages I have linked to areas of interests I talked about with some authority on, or if I had a home page setup people would see my home page... Then you may cross reference my login name with other sites and see other interests I may have or it could be someone else with the same handle however it could be a clue, further on. Then finding my name and location my may find where they work and most likely their resume if they are looking for a job......
Now I would prefer that you didn't do such as I would feel it would be a violation of my privacy. However there is a lot of information that can be gathered from a person today.
I'm not surprised... (Score:5, Insightful)
Marketers are rewarded for increasing sales / revenue / market share and so would view anything that can do that as a good thing to do.
Privacy officers, OTOH, are trying to protect customer data and so have a different outlook and reward structure.
My point - this is why strategies (Financial / Customer / Process) need to be articulated at the C level and reviewed and outcomes monitored on a regular basis - so everyone is on the same page.
What really bothered me was this:
And in 2005, data broker Choicepoint sold more than 145,000 individuals' personal data to Nigerian scammers it believed were legitimate marketers.
In another ongoing case, Ponemon founder Larry Ponemon says he is consulting with a major financial institution currently being investigated by several states' attorneys general in a major data breach attributed to an e-mail marketing partner. The company, Ponemon says, gave data from six million customer accounts to a marketing firm in Southeast Asia, where it was eventually posted to a Central Asian site dealing in black-market credit card numbers.
As criminals grow in sophistication and are able to co-opt crocked government officials you'll probably see more off this - why phish when you can buy the data you need outright?
Setup a shell company, buy the data you want and go to town (and anywhere else you want) on somebody else's dime. Off course, as corporate losses mount from such fraud the corporations will push for tighter controls simply because it starts to hit them in the wallet.
I had someone charge airline tickets on my card - I had flight numbers, ticket numbers and names and could not get the airline to cancel the tickets; even after I told them it was fraud and the charges were disputed. Right now fraud is just a cost of doing business I guess.
Re:s/News/Not News/ (Score:3, Insightful)
Although I am not a privacy advocate I do advocate for truth. If companies are sharing data while deceiving customers then prison is the place for these executives.
I am convinced that our justice system has become little more than a racial and social system that is clearly devoted to crushing the lower classes. That is why we are bombarded with white collar crime and these people rarely are punished.
Re:Oh wow this isn't obvious (Score:5, Insightful)
The best systems are the ones that take advantage of people's laziness to help them. If it required filling out a form in order to give out any information on a customer I bet you'd see far less information being given out. On the other hand, if you can give out the information easily, you're more likely to give it out freely.
The more it costs people (in time) to give out your information, the safer your information is.
Re:s/News/Not News/ (Score:4, Insightful)
It's in the nature of what they do. They trade in the awareness and perceptions of other people. A marketer that wanted to preserve consumers privacy and individual choice would be like a surgeon that was afraid of blood and was squeamish about cutting into somebody. A marketers job is to tell you how to think, what to want, and what ideals to have. They respect you like a puppeteer respects a puppet.
I've always found the marketer/news media duality more entertaining than the marketer/privacy policy duality. Journalists will swear that they aren't trying to influence people. They are just reporting the facts. But the ad sales departments sell commercial slots for those same programs with the pitch about how many millions of viewers can be influenced.
Re:What other areas does this apply to? (Score:2, Insightful)
Re:s/News/Not News/ (Score:3, Insightful)
Things changed when companies stopped selling a product, and started selling customers to each other.