Wednesday, December 20, 2006 8:12 AM
codingsanity
Opt-out
Just to carry on the privacy angle, I'd like to discuss two terms used when relating to personal data: opt-out and opt-in. So when someone collects your data and you have to make an extra effort to stop them giving it to their partners, selling it to marketers, or posting it on the Web that's what we call opt-out. The extra effort could be as simple as clicking some check boxes, it could be obfuscated so you think you're opting out when in reality you're opting in and so forth. Obviously with opt-in you make the extra effort to allow the company to sell your data to spammers.
For some reason companies that buy or sell consumer information seem to be very keen on opt-out and not keen at all on opt-in. Needless to say they've managed to convince pretty much every government in the world that it'd be too much of a hassle to enforce opt-in.
Even when you opt-out, many companies either don't supply this option, or just ignore it, as I found out about the banks not too long ago. It seems that South African banks* send your personal data to credit agencies when you aply for a mortgage or any credit. Not much of a surprise yeah? However, they do not bind the credit agency to the opt-out, opt-in choice you made. So, what happened to me a couple of years ago is that the credit agency (Transunion ITC) then sold that information on to spammers (Edgars). They claimed several times that they never, ever sell your personal details on, but finally admitted that if the marketer has your ID number and name, they can "refresh" their information about you.
Oh, and by the way if you voted in 1994 or before, they have your ID number and name, it's public domain.
So, let's see how this worked, I told my bank I wanted to opt-out, they sent my information on to a credit agency who then "refreshed" the spammers database who then spammed me. So how exactly is this opt-out thing supposed to work then? How was I supposed to opt-out in the case of the restaurant? How about when I take my car for a service, and fill in a form? Or enter a competition? None of these guys have anything close to an opt-out clause, let alone capability. When I give my cell number to a person am I supposed to ask them not to sell it on, every single time?
Is it too much to ask that companies stop being purposefully dishonest about their antics in the privacy arena? Why whenever I try to defend my privacy do I have to fight and struggle? My fight with ITC and Edgars lasted the better part of a year, Edgars finally agreed to stop contacting me. They keep on contacting me. Every time they have a new marketing campaign I have to explain to their marketing manager what "do not contact" means. ITC promised to put in place mechanisms to ensure they would no longer sell on private information for people who want to remain private, and then get back to me. They never got back to me.
Even if they have put in place those mechanisms, who really thinks "I must tell the credit agencies not to sell on my details" when making a credit application for a car, or a house or a card? Who really thinks that they need to be the ones enforcing their privacy at every level of the chain? You don't think you have to because you assume that the company you're dealing with will, but they don't.
Does anyone else know of other companies whose privacy policies suck?
* As a matter of interest the bank involved was Standard Bank. Unlike Edgars and Transunion ITC however, they actually gave a damn and were horrified that ITC had sold the information they were given in good faith. In fact, a meeting I had with ITC directors was arranged due to pressure from Standard Bank, and in particular their Director of Credit, Harry Greene.
My name is well feared in mass marketing arenas ;-D. I'm on so many "do not contact" lists in South Africa that when a marketing company does call or SMS me (a VERY rare occasion), I actually feel sorry for them. They're clearly incompetant, and I try to assist them.
Filed under: Privacy