Al has a post asking what people would do if their information was shared after opting out of any sharing.
It’s a tough call and one I think about as I see mail coming to my mailbox to such addresses as laura-sony and laura-quicken and laura-datran. All of these were addresses given to specific companies and where I attempted to opt-out of them sharing my data with other companies. Somewhere along the line, though, the addresses leaked and got into the hands of spammers.
Those addresses are overwhelmed with spams and scams. The frustrating part is there is no way to fix it. Once the addresses are leaked, they’re leaked. They will be receiving spam throughout eternity, even if the companies involved stop selling data or fix their data handling problem.
I don’t know what to do, honestly. If I think it was a one time thing, such as the addresses that started getting spam after the iContact data leak, then I’ll change my address at the vendor and retire the address the spammers have. But with other vendors, I don’t know what happened and I suspect the vendor doesn’t either, and so I can either deal with the spam or hope that I don’t lose real mail from that vendor.
There’s no easy answer. Any time you hand over an email address, or any other form of personal data, you’re trusting in the company, all of their employees and all of their vendors and partners to be honest and competent. This is often not the case.
What do you do?
Who's sharing data
W
RSS - Posts
I use a disposable email address service. When a company I do business with spams me or has a data leak, what I typically do is turn that address off and stop doing business with that company.
When this happened with a tax preparation company, I tried to find out what happened. I eventually was able to talk to a senior executive who informed me that there was no data breach, with the clearly-understood subtext that I was a crank. This did not fill me with a warm fuzzy feeling for the company that had several years of my tax information. The best theory I’ve heard is that my email address was part of a suppression list that one of their affiliates repurposed for spamming.
Another time it was a local retailer that I really like, and when I complained they apologized and took my advice on asking people to opt-in to their mailing lists in a transactional mail, rather than assuming that everybody who buys something from them wants to sign up for a mailing list.
Unfortunately education doesn’t seem to work very well with most companies.
Like Michael I only give out tagged addresses. I would block that address and not use that company again.
I’m a geek with his own domain, so I make up a new address for everyone. so I know exactly who leaks. It’s impossible to predict who will leak — the WSJ leaks like crazy, tne NYT not at all, TD Ameritrade leaked badly enough to make the papers, Fidelity and Vanguard don’t..
I wish there were some way to get the word to clueless CIOs that when someone tells you that you leaked tagged addresses, you have a significant security problem, and telling the reporter to update his virus software just confirms that you are stupid..
There are three types of leaks, intentional, a that was provided to, but they broke their agreement and sold it, and the security leak. TDAmeritrade and IPowerweb clearly falls into the third.
It is funny when I was told that it must have been a virus that scraped it from my e-mail program. I didn’t know that they had a virus that would run on OS/2 and then somehow operate a mail program cannot even decode a virus.
Fidelity just started leaking.