A few weeks back, my wife received an unsolicited email from an unknown company asking her to click on a link and divulge personal information to the resulting webpage.
As you might imagine, being married to a skeptical, privacy-conscious newsletter writer who tends to rant a bit, my wife ignored the email. She saved it to show it to me later.
Then on Friday, she got another email.
You Guessed It, Data Harvesters
This one was from an administrator at the school where she works. It warned her and most of her colleagues that if they failed to click on the link in the first email and hand over the required information, they would be suspended until they did.
Set aside for the moment the ham-handed process. Ignore, too, that the request is perfectly legitimate — my wife is a prekindergarten teacher at a school that receives public funding, and the law sensibly requires regular background checks.
How on earth did we get to a point where private, profit-seeking companies are in a position to demand sensitive information from us … without even bothering to offer any protection?
There’s Goooold in Them-Thar Servers
My colleague Paul is fond of describing data as a resource, like oil or minerals. Accumulating control over lots of data is the first step to making big money by “mining” it — or selling the mining rights to someone else.
He’s absolutely right about that. It’s such a lucrative business that the world’s biggest companies, like Facebook and Google, give their core retail services away just so they can harvest data from us.
As my editor Joe Hargett likes to say: “If you’re not paying for it, then you’re the product.”
Facebook and Google are the proverbial tip of the iceberg. Even the big credit bureaus like Equifax, Experian and TransUnion don’t exhaust the data market.
Underneath these big fish are dozens of small-fry companies like the one demanding my wife’s personal information. They’re the Yosemite Sams of the data mining industry.
These companies harvest, organize and mine our personal data to provide niche services to employers, rental agencies, private investigators and other businesses that profit by knowing as much about us as possible — without our knowing that they know it.
From My Cold Dead Hands
My wife’s employer has a legitimate reason to ask her to cooperate with periodic background checks. After all, she spends half of every weekday with a bunch of 4-year-old munchkins.
Nevertheless, I advised my wife not to comply with the school’s request. Here’s why … reasons that constitute a handy checklist if you’re ever faced with the same situation.
- The company’s website has no published privacy policy. My rule is simple: If there isn’t an easily seen link to a privacy policy on a website asking for my data, I don’t give them any.
- There is no statement of how personal data may be used. Again, any website that doesn’t tell me in plain English exactly what it may or may not do with my data doesn’t get a second look. For example, many websites say (in small print, of course) that they reserve the right to sell information about me to third parties. Usually they say that data won’t include personally identifiable indicators, but how would I know either way?
- The website didn’t use HTTPS encryption. HTTPS is a simple protocol used by reputable websites. You can tell if the website uses this protocol because the web address will start “https://” instead of “http://.” It protects against so-called “man in the middle” attacks, where a third party is able to read the data passing back and forth between a website and its visitors. Failing to implement this protocol is bad enough, but neglecting it while asking for personal data is completely unacceptable.
- The website didn’t include prominent information about the “certification authority” (CA) it uses to validate itself. A CA acts as a trusted third party — trusted both by the website that owns the certificate and by the party relying upon the certificate: you. Reliable websites that traffic in personal data generally include the logo of the certification authorities that they use.
Privacy Starts — and Ends — With You
The other day I read an article that answered the question I’ve been asking myself ever since I returned to the U.S. in 2008: Is this the same country I grew up in?
As far as the behavior of many companies is concerned, the answer is, sadly, no. It might have been the naivety of youth, but I think most businesses in the ‘60s and ‘70s tried to make money the honest way, by providing valuable goods and services in a competitive market.
Nowadays, many U.S. businesses are perfectly happy to use deceit and borderline fraud to chisel money out of us. You can’t blame them really — everybody from the folks in the mailroom up to their Wall Street financiers is focused on making a buck as quickly as possible, and then moving on to the next opportunity.
Call me cynical, sure. But under the circumstances — with companies like Equifax getting away with massive violations of personal privacy and data security with little discernible consequence — I’d rather be safe than sorry. That’s why my family’s personal data remains in our hands unless we’re convinced it’s safe to hand it over.
That’s a policy you’d be well-advised to adopt, too.
Kind regards,
Ted Bauman
Editor, The Bauman Letter
Editor’s Note: Paul ’s True Momentum strategy is the main reason his personal account grew 305% in just one year. And he’s confident this strategy can help you achieve gains of 300% or more in the next 12 months. To learn how Paul’s money-making technique finds, on average, 24 stocks every year that display true momentum, click here now.