December 27th, 2003

How to hide privacy violations in a privacy disclosure statement

I’m looking over my Fidelity privacy disclosure statement, titled “Our commitment to privacy”. Google is amazing: It found a copy online: Our Commitment to Privacy. Scroll down to How and Why We Obtain Personal Information, fourth bullet point:

  • Information services and consumer reporting agencies (for example, to verify your identity, to assess your creditworthiness or to better understand your product and service needs)

(Italics added.) The italicized phrase translates as “We will collect personal information in order to try to sell you stuff”. Okay, now look at How We Protect Your Information. The second bullet point describes the people they will disclose your personal information to:

  • Unaffiliated service providers (for example, …)

Notice that the parenthetical says “for example” and not “restricted to”. So their privacy statement that they may disclose your information to any unaffiliated service provider, which basically translates to “everybody”.

So their so-called commitment to privacy actually permits them to collect information from anywhere and give it to anybody. The people who wrote this clearly learned the same lesson I learned from the BBC series Yes, (Prime) Minister: Put the hard part in the title. If the title claims to be demonstrating your commitment to privacy, you can violate it all you want in the body.

Author

Raymond has been involved in the evolution of Windows for more than 30 years. In 2003, he began a Web site known as The Old New Thing which has grown in popularity far beyond his wildest imagination, a development which still gives him the heebie-jeebies. The Web site spawned a book, coincidentally also titled The Old New Thing (Addison Wesley 2007). He occasionally appears on the Windows Dev Docs Twitter account to tell stories which convey no useful information.

0 comments

Discussion are closed.