The headline was sobering: “Race is On to Fingerprint Phones, PCs.” Published by The Wall Street Journal on December 1, 2010, the article described how a young entrepreneur, David Norris, planned to collect the digital equivalent of fingerprints from every computer and cellphone. Mr. Norris is taking the unique clock settings, different fonts, and the hundreds of details that each computer has with other computers to develop a computer fingerprint database of information to build profiles of people who use them—and to sell that information to advertisers. To date, Mr. Norris has identified and catalogued 200 million devices—and expects to have one billion devices of stored information by the end of 2011.
It did not take long for the Federal Communications Commission to strike back. Four hours after The Wall Street Journal article was published, Grant Gross of IDG News reported that the FCC was recommending that a “do not track list” (similar to the telecommunications “do not call list”) should be implemented. Unfortunately, such action would have to be implemented by the Internet industry or by Congress. As FTC Chairman Jon Liebowitz stated during a recent press conference, “Despite some good actors, self regulation of privacy has not worked adequately and is not working adequately for American consumers.”
In the face of these warnings, the privacy onslaught continues. Facebook provided applications access to addresses and phone numbers until a change was made in January 2011 to change privacy policies. As recently as March 10, 2011, Joel Stein, in an article written for Time, reported that three hours after he gave his name and e-mail address to Michael Fertik, the CEO of Reputation.com, Mr. Fertik called him back and read Mr. Stein’s social security number back to him. Similarly, Google Ads Preferences shows an individual’s interest in politics, foods, sports, purchases and any number of other individualized likes and dislikes. As Mr. Stein reported, Alliance Data (an enormous data-marketing firm in Texas) knew that Mr. Stein was, “a 39 year-old college-educated Jewish male who takes in at least $125,000 a year, makes most of his purchases online and spends an average of only $25 per item. Specifically, it knows that on January 24, 2004, I spent $46 on ‘low-ticket gifts and merchandise’ and ‘that on October 10, 2010, I spent $180 on intimate apparel. It knows about more than 100 purchases in between.’” Each of those pieces of information—rightly or wrongly—is sold for less than a penny to advertisers, which then deliver ads to the individual user.
So how can you guard against these invasions of privacy, whether you are a company or an individual? It takes a combination of computer discipline and knowledge of laws and regulations. For example, you (and your employees) can decide not to check “preferred” subjects offered by online search engines. Avoid placing personal private information and company-related information on social networking sites. Read—and perhaps opt out of—security agreements and licenses that include provisions that allow companies to share your information with affiliates or advertisers. Change passwords frequently, and increase the level of security of your passwords by simply using upper and lower case letters.
Equally important, be familiar with both state and local laws. In most states, consumer protection rules by state commissions mirror federal law and prohibit the disclosure of CPNI (Customer Proprietary Network Information). For example, an end user’s name and phone number cannot be disclosed without consumer consent, a court order or an adjudicated decision. In California, federal lawsuits have recently been filed against companies that request zip codes at the time of in-store purchases. While technology has placed more pressure on maintaining personal information (or company proprietary information), common sense, good computer practices, and knowledge of your legal rights can help you or your company protect your identity and proprietary information.