So I got yet another e-mail from another company, this time Elance.com, informing me that my personal data had been “breached”. Breached is the new term companies are using for stolen, swiped, copied and leaked out. Breached is somehow supposed to soften the blow and make me feel like it was a covert operation by a spy organization from the former USSR and that I shouldn’t fear because the Man from U.N.C.L.E. is on top of it.
Lately it seems like every time I turn around its my bank, or a credit card company or some online retailer or site sending me an “Ooops, sorry” letter. There was a time when this happened they at least offered to buy you a subscription to a monitoring service – but you don’t see that much nowadays, I guess they figured that it happens so often now that its just standard procedure to notify you and then ask for forgiveness. “We really, really promise to try harder next time!” Next time what? Next time you put my private data up for grabs?
It’s time that websites stop collecting personal data. Period. After all, most websites (I’d argue well over 95% of them) have no need for personally identifiable information. I shouldn’t have to share with you my home address and telephone number just to be able to browse your website. In fact, for most websites out there all the information they need is a way to identify me (a username) and a password to make sure its me. That’s it. They don’t need my zip code, my birthday – nada.
To be fair, some websites have already seen the light and are heading in this direction. Sears Holding Corporation, parent of Sears and Kmart stores, recently made it so you can login to their customer service sites using a plethora of identification services such as OpenID and Facebook. Even blogs are starting to get in the act and allowing you to “authenticate” with your Twitter or Facebook id to post a comment.
Of course, that’s not to say we should automatically trust Facebook, Twitter or even OpenID with our personal information. However, I’d rather take my chances with a small number of companies that adhere to strict data privacy guidelines than giving it to every Joe Six Pack on the Internet who starts his own blog. We can hold companies who setup guidelines accountable when they misuse our data or abuse our trust a lot easier than we can anonymous strangers behind a website.
If anything it encourages more interaction because we don’t have to interrupt our train of thought to create yet another account we’ll forget about or have to write down somewhere and keep track of. Ever since some blogging platforms started allowing me to authenticate using Twitter and Facebook I’ve noticed I’m more willing to jump in and participate instead of thinking about participating and then opting not to because “I have to create an account first <Groan>”.
It’s time we stopped giving out our personal data to websites and start asking questions about why they want it to begin with. Heck, I won’t even give out my phone number to people anymore, instead I give my Google Voice number to folks – even my friends. Heck, I’ll even give that out to you – complete Internet stranger – just look to the right of my blog for the link! I trust Google to keep my real phone number private (perhaps I’m being a bit too trusting?)
The past 16 years on the web has been the wild, wild west – but there is a new sheriff in town, and a whole lot of townsfolk who have had it with privacy “breaches”.