The more you study the privacy policies of companies that have your personal information on file, the more concerned you're likely to become. That was certainly one reader's conclusion after he took a closer look at a revised privacy policy sent to him by the Orbitz.com travel site.
"The identity theft stories have finally convinced me I have to pay closer attention to privacy issues," the reader wrote. "So when I noticed an e-mail from Orbitz the other day announcing they had a new and improved privacy policy, I figured I should read the thing. I've booked a few business trips with Orbitz, so they know enough about me to be dangerous."
Right off the bat, the reader ran into something he didn't like. "In big red letters they've got this 'Your California Privacy Rights' statement," the reader noted. "California residents can write them to find out what information Orbitz has given out to third parties for direct marketing purposes. Terrific, but what about the rest of us? Just because I don't happen to live in California doesn't mean I shouldn't have the same rights."
Such "California Disclosure" notices are actually now fairly common in privacy policies because of California's stricter privacy laws (without which, remember, we would probably never have heard about ChoicePoint or the other security breaches). But the prominence Orbitz gave it made the reader suspicious, so he studied the rest of the privacy policy with increased scrutiny. At first he thought the policies it described seemed relatively benign, but then he came across this in the "To Whom We Disclose Personal Information" section:
We may also disclose your information to our affiliates and non-affiliated business partners for their use both on our behalf and for their own business purposes. For example, our affiliates and business partners may use such information to send you information about their products, services, other information, and materials that may be of interest to you.
A non-affiliated business partner could be just about anybody, the reader pointed out. "Here's a company that knows my name, address, e-mail address, phone number, and credit card, not to mention where I've been traveling lately," the reader wrote. "And their privacy policy lets them share that information with any telemarketer, or spammer, they choose to 'partner" with? That's just great ... Also, if I go to the trouble of opting out, it sounds like they can still keep the information on file as long as they think they might have a use for it."
All in all, the reader finds it hard to believe the revised Orbitz privacy policy is much of an improvement over the old one. "I don't know what the previous policy said -- perhaps this version is at least clearer," the reader wrote. "But what it makes clear to me is that Orbitz can do whatever it wants with the information that I entrusted them with. I suppose I shouldn't be surprised."
Read and post comments about this story here.
9:20:27 AM 
|
|
