You have probably heard of the website Spokeo. While the site’s disclaimer states that Spokeo obtains information from a variety of online sources, the bottom line is that Spokeo contains the largest amount of data about an individual in one place.
A great deal of personal information can be obtained from Spokeo including full name, address, age, date of birth, photo of your house or apartment, number of people in your household, estimated annual income, etc. But there are ways to remove the data. If you haven’t already removed your listing, here’s the link: http://www.spokeo.com/privacy.
Did you catch some recent news about Spokeo? In the June 18-24, 2012, issue of BloombergBusinessWeek, the following blurb was featured: “Spokeo, which compiles dossiers on consumers, agreed to pay $800,000 to settle allegations by the Federal Trade Commission that it sold personal information in violation of the law. From 2008 to 2010, Spokeo sold millions of consumer profiles to human resources departments and recruiters without verifying [that] the data were accurate or making sure the information would be used for legally permissible reasons, the FTC says. Spokeo, which has not admitted guilt, says it has changed its business practices to improve protections.”
First of all, wow. Second of all, where was the mainstream media when those activities were going on? With all the security breaches over the last couple of years – Epsilon, Sony, LinkedIn, to name just a few – and the fact that cyber security remains an important part of the national agenda, you would think this news would garner more publicity than a tiny blurb in both a print and online business publication.
It would appear that only high-profile businesses which experience data breaches get any coverage. While Spokeo quietly invaded millions of people’s privacy without batting an eye, is it because this wasn’t accidental that no one noticed? Or was the reason that the information was provided to human resources departments that no one cared? Or is it because people hear about data breaches so often that they are becoming numb to them? Are people finally accepting the declaration of Scott McNealy of Sun Microsystems from 1999? “You have no privacy anyway. Get over it.”
And from Facebook’s Mark Zuckerberg in 2009: “People want full ownership and control of their information so they can turn off access to it at any time. At the same time, people also want to be able to bring the information others have shared with them – like email addresses, phone numbers, photos and so on – to other services and grant those services access to those people’s information. These two positions are at odds with each other. There is no system today that enables me to share my email address with you and then simultaneously lets me control who you share it with and also lets you control what services you share it with…It’s difficult terrain to navigate and we’re going to make some missteps, but as the leading service for sharing information, we take these issues and our responsibility to help resolve them very seriously.”
As an infosecurity professional and advocate for protecting online data and promoting online safety for both children and adults, I believe no one has the right to my information except the people that I grant access. But it would appear that I don’t own my data. The time has come for the creation of an organization that would protect our right to own our personal data, an organization that resembles the Anti-Defamation League in terms of the strength of its advocacy efforts.
I know those of us in infosecurity scream all the time about data security and online privacy, but it seems as if our words are falling on deaf ears. What do you think?