The Wall Street Journal’s discovery about the shady privacy practices of some of the world’s largest social networks came as a surprise and probably won’t help any of the big names they mentioned. In what the WSJ unfortunately characterized as a ‘privacy loophole’ exploited by such organizations as Facebook, MySpace, Hi5 and Digg, the social networks were found to send personally identifiable data about site users directly to advertisers.

Claudiu Popa


While apathy about their own privacy policies and their own users’ protection caused this gross mishandling of information, the recipients of that information, an august bunch including Google, Yahoo and DoubleClick, simply said they didn’t know the data was included or that they didn’t want it in the first place. But no one actually bothered to insist that it not be sent in the first place so that liability could be avoided in case of a breach (or the current outrage at the clear exploitation of user information). Yahoo actually went so far as to say they “prohibit the sending of personally identifiable information”, yet there it is.


This type of blatant abuse not just of personally identifiable information, but of the public’s tolerance for greed-driven privacy transgressions should be coming to an end any day now, with a weekly onslaught of breaches and compromises. But so far it hasn’t and we’re left wondering how much more is left for these large organizations to push the envelope on, data-wise. How much more milking of individual user identities, usage patterns, online behaviors, shopping preferences and personal interests can possibly be turned into profit at the expense of privacy?

About the author:
Claudiu Popa, CISSP, PMP, CISA, CIPP, CRMP is an information security consultant and CEO of Informatica Corporation ( Claudiu helps enterprises to understand and mitigate security risks, anticipate and respond to threats, and implement proper security governance. He is the author of the Canadian Privacy and Data Security Toolkit for SME, published by the CICA. Write to simply contribute your comments to this blog. Follow him on or connect with him on