Security Basics mailing list archives
RE: Privacy Policy - we don't need no 'stinking privacy
From: "Burton M. Strauss III" <BStrauss () acm org>
Date: Fri, 25 Jul 2003 14:28:58 -0500
Dennis - you may be right that it's probably a CYA. But I think any web site also needs to be aware of the sensitivity of the data and take appropriate measures. Which they're explicitly saying they don't. If you read up on the European data privacy directives - see for example http://www.cdt.org/privacy/eudirective/ esp. SECTION VIII - CONFIDENTIALITY AND SECURITY OF PROCESSING, it's an amazing 'privacy policy' for a European company. It's not that I'm worried about them selling the data - we haven't gotten that far yet. And as you point out, clause #7 is pretty good in that regard. But I'm stuck on clause #1 (I'll snip the rest of my original msg and leave that below). I'm worried about something much more important than privacy, namely data security. They're asking for (perhaps) the 2nd most sensitive piece of information about someone, your passport #. Combined with all the other data about me, and the times I'll be away from home, etc. And they're sticking all this into a database with zero security? That's my concern... -----Burton -----Original Message----- What if someone breaks into their site and steals your information? Might you sue them? I think they, as a business, need to cover such possibilities and so have to state it on their site. Specifically, you must have missed the following section: 7. USE OF PERSONAL INFORMATION THAT YOU PROVIDE US During your use of our site, you may provide us with personal information (such as your name, address, telephone number, e-mail address and credit card information) for the purpose of making reservations, requesting information or for other reasons. Holland America does not sell the personal information of our users to third parties. I really think they are just covering their ass for the possible case of break in or someone stealing your account information from your computer rather than trying to make a loop hole... I don't think this cuts it as a "hall of shame" candidate. <snip/>
I clicked on to the privacy policy, at http://www.hollandamerica.com/aboutus/policies/privacy.htm which says, "1. CONFIDENTIALITY Your confidential use of this site cannot be guaranteed by us. We shall not be responsible for any harm that you or any person may suffer as a result of a breach of confidentiality in respect to your use of this site."
<snip /> -- Dennis Durling djd () shells sh 916-730-2889 --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Privacy Policy - we don't need no 'stinking privacy Burton M. Strauss III (Jul 25)
- RE: Privacy Policy - we don't need no 'stinking privacy C England (Jul 28)
- Re: Privacy Policy - we don't need no 'stinking privacy dennis (Jul 29)
- RE: Privacy Policy - we don't need no 'stinking privacy Burton M. Strauss III (Jul 28)
- Re: Privacy Policy - we don't need no 'stinking privacy Meritt James (Jul 29)
- RE: Privacy Policy - we don't need no 'stinking privacy Burton M. Strauss III (Jul 29)
- <Possible follow-ups>
- RE: Privacy Policy - we don't need no 'stinking privacy JohnNicholson (Jul 28)
- Re: Privacy Policy - we don't need no 'stinking privacy David Vertie (Jul 29)