Craig Roth

A member of the Gartner Blog Network

Craig Roth
Managing Vice President: Communication, Collaboration, and Content
4 years at Gartner
25 years IT industry

Craig Roth is a vice president and service director for Gartner Research, in Burton Group's Collaboration and Content Strategies service. Mr. Roth covers a wide range of knowledge and Web-related topics at the intersection of collaboration, content… Read Full Bio

Coverage Areas:

If It’s OK for Websites to Sell My Data, Why Can’t I Know Who It’s Sold to?

by Craig Roth  |  April 13, 2011  |  2 Comments

I’ve received two notifications this week that my email address has been leaked.  Here’s one of them, from the McKinsey Quarterly:

“We have been informed by our e-mail service provider, Epsilon, that your e-mail address was exposed by unauthorized entry into their system. “

Call me a cynic, but at this point it might be more useful for every company I have a registered ID with to send me an email at the end of the year if they haven’t leaked my email.  Like this:

“Hello Craig!  As the end of the year approaches, CuteKittyPosters.com is happy to inform you that this year we did not leak your email ID, change our privacy policy, get bought by an entity with a different view of privacy, sell your overly personal cookie tracking data, or have your account information compromised.  You’re welcome!”

If I don’t receive an email like that or there’s a part of it missing, I’ll just assume it compromised my data. 

To make that yearly notification seriously useful, how about providing me a year-end list of the external entities my data was shared with and whether it was a financial transaction?  Sure it’s within the privacy policy to share my data in aggregate, non-identifiable form.  But if there’s no privacy issue sharing my data with a third party, why should there be a privacy issue with telling me who it was shared it with?  Is my data open for sale but the buyer needs to remain in shadowy secrecy?  Seeing that list may make me feel more comfortable with the relationship, or may alert me to actual uses of my data that I couldn’t discern from the multi-page vague privacy policy.  It makes the privacy policy real and makes the information-for-personal data relationship more transparent. 

2 Comments »

Category: Privacy     Tags:

2 responses so far ↓

  • 1 Jay Heiser   April 14, 2011 at 6:06 pm

    CuteKittyPosters.com is happy to inform you that, AS FAR AS WE ARE ABLE TO ASCERTAIN, this year we did not leak your email ID, change our privacy policy, get bought by an entity with a different view of privacy, sell your overly personal cookie tracking data, or have your account information compromised. You’re welcome TO DISCUSS THIS WITH OUR CORPORATE LEGAL DEPARTMENT.

  • 2 Per Olsson   April 15, 2011 at 2:59 am

    In these times of total transparency, you got a point. It would be interesting if the companies would actually inform the customers who their information are shared with. The problem is that if they share it with one company, that company share it with another company and so on, I guess.