Andrew Yeomans raises some profound points in his comments on my previous blog. They also trigger some obvious “end-user” questions: Who are you? Why do you need to know? What’s in it for me? Why should I trust you? Will you tell me if what I tell you is “compromised” while in your custody? WIll you pay me damages for any loss or inconvenience I incurr as a result?
The answers are usually:
1) An outsource supplier whose contact details to do not match the “Whois” entry for the website site or meet legal (E-Commerce and Distance Selling Directives) requirements for a physical address and phone number for contact
2) In case we need it for profiling you, or can sell it to some-one who will pay us for it.
3) Because my marketing and legal department says so
4) Only if some-one finds out and orders us to
5) You must be joking
We cannot seriously expect a rebuilding of user trust unless and until these questions are much better answered by any government department or marketing operation asking for our details.
Some suggested answers – in place of the current gobbledeygook privacy statements might be:
1) Ensure that legal requirements for physical contact details are met, with a clear routine for reporting problems – including attempts at impersonation
2) and 3) Give a reason and a benefit for any request: e.g we can contact Experian and fast track your benefit/credit/planning application because it is less likely to be fraudulent I liked the site that gave me a credit and told me they would not give my data to anyone else other than after a court order because they wanted to sell to me. It also gave me the opportunity to review my answers to individual questions when I saw where they were leading – and ended by asking what else would I be interested in buying that they did not currently offer. They got £50 of my time for their £25 voucher.
4) Yes but the laptop was encrypted to level X so the thieves cannot use it
5) A voucher for X% off (including off my tax/fees if it was HMRC or a Regulator who lost it).