Data Security: Spokeo in the News

Saturday, June 23, 2012

Allan Pratt, MBA

5e402abc3fedaf8927900f014ccc031f

You've heard of Spokeo, the website that contains the largest amount of data about each one of us.

A great deal of personal information can be obtained from Spokeo including full name, address, age, date of birth, photo of your house or apartment, number of people in your household, estimated annual income,  etc.

But there are ways to remove the data. If you haven’t already removed your listing, here’s the link: http://www.spokeo.com/privacy. As long as you use different email addresses, you can continue to remove your data every time it reappears.

Did you catch some recent news about Spokeo? In the June 18-24, 2012, issue of BloombergBusinessWeek, the following blurb was featured:

“Spokeo, which compiles dossiers on consumers, agreed to pay $800,000 to settle allegations by the Federal Trade Commission that it sold personal information in violation of the law. From 2008 to 2010, Spokeo sold millions of consumer profiles to human resources departments and recruiters without verifying [that] the data were accurate or making sure the information would be used for legally permissible reasons, the FTC says. Spokeo, which has not admitted guilt, says it has changed its business practices to improve protections.”

First of all, wow. Second of all, where was the mainstream media when those activities were going on? With all the security breaches over the last couple of years – Epsilon, Sony, LinkedIn, to name just a few – and the fact that cyber security remains an important part of the national agenda, you would think this news would garner more publicity than a tiny blurb in both a print and online business publication.

It would appear that only high-profile businesses which experience data breaches get any coverage. While Spokeo quietly invaded millions of people’s privacy without batting an eye, is it because this wasn’t accidental that no one noticed?

Or was the reason that the information was provided to human resources departments that no one cared? Or is it because people hear about data breaches so often that they are becoming numb to them?

Are people finally accepting the declaration of Scott McNealy of Sun Microsystems from 1999? “You have no privacy anyway. Get over it.”

And from Facebook’s Mark Zuckerberg in 2009:

“People want full ownership and control of their information so they can turn off access to it at any time. At the same time, people also want to be able to bring the information others have shared with them – like email addresses, phone numbers, photos and so on – to other services and grant those services access to those people’s information. These two positions are at odds with each other. There is no system today that enables me to share my email address with you and then simultaneously lets me control who you share it with and also lets you control what services you share it with… It’s difficult terrain to navigate and we’re going to make some missteps, but as the leading service for sharing information, we take these issues and our responsibility to help resolve them very seriously.”

As an infosec pro and advocate for protecting online data and promoting online safety for both children and adults, I believe no one has the right to my information except the people that I grant access.

The time has come for the creation of an organization that would protect our right to own our personal data, an organization that resembles the Anti-Defamation League in terms of the strength of its advocacy efforts.

I know those of us in infosecurity scream all the time about data security and online privacy, but it seems as if our words are falling on deaf ears. What do you think?

Allan Pratt, an infosec consultant, represents the alignment of marketing, management, and technology. With an MBA Degree and four CompTIA certs in hardware, software, networking, and security, Allan translates tech issues into everyday language that is easily understandable by all business units. Expertise includes installation and maintenance of hardware, software, peripherals, printers, and wireless networking; development and implementation of integration and security plans; project management; and development of technical marketing and web strategies in the IT industry. Follow Allan on Twitter (http://www.twitter.com/Tips4Tech) and on Facebook (http://www.facebook.com/Tips4Tech)

Cross-Posted from Tips4Tech

Possibly Related Articles:
12984
Privacy
Information Security
breaches Privacy Compliance Social Media FTC Personally Identifiable Information Data Collection Spokeo
Post Rating I Like this!
244450a5d4391583f3af2e4b23e44a09
Christine Stagnetto-Sarmiento Hi Allan,

Excellent article. Yes, I agree with you about our privacy. Well said.

Christine
1340626987
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked