I like to think I’m protective of my sensitive personal info. I rip bills and credit card offers into confetti before throwing them out, I never give out my Social Security number, and I can spot a phishing scheme with the best of them. But I’ve recently come to realize that the safeguarding of my most intimate personal details is completely out of my hands.
This rather foregone epiphany dawned on me recently after I received a letter in the mail from a former employer offering me a year of free credit protection. The gift of an incredibly generous HR department? No. This was my consolation prize for having my Social Security number and street address stolen when some thieves made off with company computers.
Being exposed to the threat of identity theft through the carelessness of a former employer got me thinking: Who else out there has the goods on me, and what say do I have in all of this? The answer, of course, is that my personal information is being collected, stored and used in more places than I care to think about. As for my rights to that info — well, I have none.
This needs to change.
I don’t think I’m blowing anyone’s mind when I say that information about all of us is being gathered, aggregated, and analyzed with nearly every step we take, both online and off. I’m not paranoid — this is a fact of life. Whether it’s at the supermarket, passing through a tollbooth, using our cell phones, or checking our email, notes are being taken down about our locations, our habits, our preferences, and our relationships to people, places, and things. That’s the price we pay for modern conveniences, and I’ve accepted the tradeoff. I could fly under the radar by always paying cash, never using a cell phone, staying off the Internet, and having my bills sent to a P.O. box, but I can’t be bothered.
In many cases the information being gathered on me makes my life easier — Amazon.com being the very best example of this. I love my Wish List, I find the recommendations to be fairly accurate (most of the time), and I like that little sidebar that reminds me of the things I’ve recently viewed.
I’m sure it’s the same over at Google, where my extensive history of Web searches — no matter how freaky — is directly linked to my name and other information, thanks to my Gmail account. What if I decide one day that I’m done with Google — can I take that information with me? Can I have my emails deleted from the Google system? Of course not.
Offline, more of my information is being collected, repackaged, and sold by data brokers like Little Rock, AR-based “marketing services” company Acxiom. You may not have heard of Acxiom, but the company has heard of you. Through public records, it claims to have the goods on 95 percent of all households in the U.S., which it sells to companies that are looking for more customers. In short, it’s the reason you get junk mail. How detailed the records are varies from person to person, but it can go pretty deep. Chief Privacy Officer Jennifer Barrett told me in a recent conversation that an individual in the Witness Protection Program once contacted the company because he was receiving offers in the mail addressed to his old identity. Imagine what they have on you! Acxiom, however, gives consumers the option to delete the marketing info the company keeps on them, which you can do here. According to Barrett, the company has no use for you if you’re not interested in receiving the kinds of offers its clients send.
Whether Acxiom actually completely deletes your information or not is up for debate, but I’d like to see this same kind of offer made by Web sites. In fact, as naïve and unrealistic as this may sound, I really think it should be the law. I should be able to use the full features of a site like Amazon or Google while also maintaining control over my personal information and privacy. If I stop using the site, it should stop holding onto my information.
But an Acxiom-like solution isn’t quite right, because it’s all or nothing. I can’t call Acxiom, have a look at my record, fix a couple of things on it, and keep receiving offers from its clients. I can either delete my record, or keep it as is.
I think that any Web site that stores my user information — whether as a customer or simply a blog commenter — should be required by law to give me access to the full file it keeps on me. If I want the file deleted, I can do so. If I want to remove certain things from it and leave others intact, I can do that too.
Why not? Isn’t the endgame of gathering all of this information just to sell me more stuff I’d be interested in? Aren’t Amazon and Google working up these profiles on me so that they can make better recommendations or serve more relevant advertisements? (I certainly hope it’s not something more sinister than that.) If I don’t want anything to do with them, why should they want anything to do with me? If I want to help them better target their recommendations and ads by making my profile more accurate, doesn’t that benefit everyone? If I don’t want my Social Security number on there, but I’m OK with my address being listed, shouldn’t that be my call to make?
I’ll admit that it’s my fault these companies have all of this info in the first place. They wouldn’t have it if I hadn’t somehow given it to them. I don’t even mind that they have it, but I do think I should have the right to take it away from them. In the end, all I want is to keep my personal information out of the hands of the next cat burglar who decides to knock over an office building for its computer hardware. I can’t do that when control of my privacy rests in the hands of others. Sure, I can disable cookies, I can download programs to disguise my IP address, and I can encrypt my chats and email. Or I can just stay off the Internet completely, as I said before. But there’s the problem: Privacy is tough work these days.
If there’s one statement that best sums up the point I’m trying to shape into some semblance of coherence, it’s something Peter Eckersley of the Electronic Frontier Foundation told me in a recent conversation. He said, “Privacy should be the default rule, rather than being some kind of privilege that only incredibly talented hackers can obtain for themselves.”