Privacy and being online

I have an email address that’s old enough to drink. It came to me today when I was discussing data hygiene. I mean, I have an email address that is old enough to drink! And it wasn’t even my first email address, it’s just the one I still have access to.
This realization led me down a path of what things have changed since I got that address.
I remember …DataSecurity_Illustration
… when things posted on the Internet weren’t around forever.
… when Google bought DejaNews and made USENET archives more available.

… and all those things I thought were gone forever were searchable again.

… when I thought it was good to be anonymous online.

… and trolls were mostly harmless and couldn’t hurt you.

… but there were always exceptions.

… a mailbox with zero spam in it.
… when I could still pretend I had control over my personal data.
We give up a lot of privacy just existing in the modern world. Companies track us and keep data about us. In many cases this is good. I recently had to return something to Home Depot and they could get a copy of the receipt simply by running my credit card through their system. Easy, peasy. Got my money back for that last box of floor tiles we didn’t open.
But it also means that companies can be the weak link and expose us to risk we don’t want or ask for. If there’s anything recent breaches have taught me it’s that my data is at risk no matter what I do. There’s a limit to what I can control and full control means not being able to participate in (almost any) online space.
And even if I am careful, other people use my info and my email addresses to sign up for stuff. One company in the UK is selling my email address associated with the profile “Mrs. Christine Stelfox.” Another UK company is selling a different email address with a different profile. Laura Ashley UK thinks I’m a stay at home mother of 3 in South London. And those are the easy to say “this data is bad and wrong” because they’re the wrong country and the wrong currency.
Brewster.com started spamming me, telling me that they had multiple email addresses and multiple phone numbers associated with me. I didn’t give them that data, someone else did. But now they think they own it and their privacy policy doesn’t cover my data, it only covers the data of the people who handed it over to them.
In terms of privacy, unless you want to stay offline completely, there isn’t much you can do to protect yourself. And even then, there’s nothing to stop companies from collecting data about you and selling that data on. The Target breach tells us even if you don’t do anything online, your PII can be leaked into online spaces. The US government breach tells us that doing things like participating in someone’s security clearance process can leak your data online. Health care breaches tell us we can’t trust our doctors and hospitals to keep our data safe.
All of this tells me that online privacy is difficult, if not impossible, these days. We’ve gotten used to having companies know about us and our habits and expect a high level of personalization. That personalization requires companies keep detailed records of our behavior.
I don’t think we really can give permission for this level of tracking. But I can’t see trusting companies to maintain our data in a safe and secure manner. I hate being tracked and I know that not being tracked means I give up a level of service. These days, though, you can’t even opt out of being tracked. You’re tracked even if you opt out. You just don’t get any of the benefits of being tracked.
Privacy is complicated and we don’t really have a handle on it. The internet is too new, even if people like me do have email addresses that are old enough to drink.

Related Posts

e360 sues a vendor

As if suing themselves out of business by going after Comcast and Spamhaus weren’t enough, e360 is now suing Choicepoint for breach of contract and CAN SPAM violations. As usual, Mickey has all the documents (complaint and answer) up at SpamSuite.
This may actually be an interesting case. On the surface it is a contractual dispute. Choicepoint sold e360 40,000,000 data records containing contact information including email addresses, snail mail addresses and phone numbers. Some of the records were marked “I” meaning they could be used for email. Some of the records were marked “O” meaning they could not be used for email.
Despite these terms being reasonably well defined in the contract, e360 sent email to addresses in records marked “O.” Some of those addresses resulted in e360 being sued by recipients. During the course of the suit, e360 contacted Choicepoint and asked for indemnification. Choicepoint refused for a number of reasons, including the fact that Choicepoint told e360 the addresses were not for mailing. In response, e360 filed suit.
The interesting and relevant part of this case is the CAN SPAM violation that e360 alleges.

Read More

Data is the key to deliverability

Last week I had the pleasure of speaking to the Sendgrid Customer Advisory Board about email and deliverability. As usually happens when I give talks, I learned a bunch of new things that I’m now integrating into my mental model of email.
One thing that bubbled up to take over a lot of my thought processes is how important data collection and data maintenance is to deliverability. In fact, I’m reaching the conclusion that the vast majority of deliverability problems stem from data issues. How data is collected, how data is managed, how data is maintained all impact how well email is delivered.
Collecting Data
There are many pathways used to collect data for email: online purchases, in-store purchases, signups on websites, registration cards, trade shows, fishbowl drops, purchases, co-reg… the list goes on and on. In today’s world there is a big push to make data collection as frictionless as possible. Making collection processes frictionless (or low friction) often means limiting data checking and correction. In email this can result in mail going to people who never signed up. Filters are actually really good at identifying mail streams going to the wrong people.
The end result of poor data collection processes is poor delivery.
There are lots of way to collect data that incorporates some level of data checking and verifying the customer’s identity. There are ways to do this without adding any friction, even. About 8 years ago I was working with a major retailer that was dealing with a SBL listing due to bad addresses in their store signup program. What they ended up implementing was tagged coupons emailed to the user. When the user went to the store to redeem the coupons, the email address was confirmed as associated with the account. We took what the customers were doing anyway, and turned it into a way to do closed loop confirmation of their email address.
Managing Data
Data management is a major challenge for lots of senders. Data gets pulled out of the database of record and then put into silos for different marketing efforts. If the data flow isn’t managed well, the different streams can have different bounce or activity data. In a worst case scenario, bad addressees like spamtraps, can be reactivated and lead to blocking.
This isn’t theoretical. Last year I worked with a major political group that was dealing with a SBL issue directly related to poor data management. Multiple databases were used to store data and there was no central database. Because of this, unsubscribed and inactivated addresses were reactivated. This included a set of data that was inactivated to deal with a previous SBL listing. Eventually, spamtraps were mailed again and they were blocked. Working with the client data team, we clarified and improved the data flow so that inactive addresses could not get accidentally or unknowingly reactivated.
Maintaining Data
A dozen years ago few companies needed to think about any data maintenance processes other than “it bounces and we remove it.” Most mailbox accounts were tied into dialup or broadband accounts. Accounts lasted until the user stopped paying and then mail started bouncing. Additionally, mailbox accounts often had small limits on how much data they could hold. My first ISP account was limited to 10MB, and that included anything I published on my website. I would archive mail monthly to keep mail from bouncing due to a full mailbox.
But that’s not how email works today. Many people have migrated to free webmail providers for email. This means they can create (and abandon) addresses at any time. Free webmail providers have their own rules for bouncing mail, but generally accounts last for months or even years after the user has stopped logging into them. With the advent of multi gigabyte storage limits, accounts almost never fill up.
These days, companies need to address what they’re going to do with data if there’s no interaction with the recipient in a certain time period. Otherwise, bad data just keeps accumulating and lowering deliverability.
Deliverability is all about the data. Good data collection and good data management and good data maintenance results in good email delivery. Doing the wrong thing with data leads to delivery problems.
 
 

Read More

Marketers, we have a problem

And that problem is security.
Much of what marketing does is build profiles of customers by collecting huge amounts of data on every customer. That data collection is facilitated by compliant customers that provide all sorts of personal data just because they’re politely asked by a retail clerk.
There will always be people who comply with data requests, but I expect more customers to be wary of sharing information at the register.
I’m not the only one, a recent NY Times blog post from one of their security researchers: Stop asking me for my email address. She discusses how much information companies ask for and how complacently consumers hand it over without asking about security.

Read More