Unforgivable: Ignorance and apathy about user privacy can no longer be tolerated

The Wall Street Journal’s discovery about the shady privacy practices of some of the world’s largest social networks came as a surprise and probably won’t help any of the big names they mentioned. In what the WSJ unfortunately characterized as a ‘privacy loophole’ exploited by such organizations as Facebook, MySpace, Hi5 and Digg, the social networks were found to send personally identifiable data about site users directly to advertisers.

Claudiu Popa


While apathy about their own privacy policies and their own users’ protection caused this gross mishandling of information, the recipients of that information, an august bunch including Google, Yahoo and DoubleClick, simply said they didn’t know the data was included or that they didn’t want it in the first place. But no one actually bothered to insist that it not be sent in the first place so that liability could be avoided in case of a breach (or the current outrage at the clear exploitation of user information). Yahoo actually went so far as to say they “prohibit the sending of personally identifiable information”, yet there it is.


This type of blatant abuse not just of personally identifiable information, but of the public’s tolerance for greed-driven privacy transgressions should be coming to an end any day now, with a weekly onslaught of breaches and compromises. But so far it hasn’t and we’re left wondering how much more is left for these large organizations to push the envelope on, data-wise. How much more milking of individual user identities, usage patterns, online behaviors, shopping preferences and personal interests can possibly be turned into profit at the expense of privacy?

About the author:
Claudiu Popa, CISSP, PMP, CISA, CIPP, CRMP is an information security consultant and CEO of Informatica Corporation ( Claudiu helps enterprises to understand and mitigate security risks, anticipate and respond to threats, and implement proper security governance. He is the author of the Canadian Privacy and Data Security Toolkit for SME, published by the CICA. Write to [email protected] simply contribute your comments to this blog. Follow him on or connect with him on
Claudiu Popa
Claudiu Popa
Claudiu Popa is a security and privacy advisor to Canadian enterprises, associations and agencies. He is an author, speaker and lecturer. Connect with him on Twitter @datarisk, Facebook, G+ or LinkedIn.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Latest Blogs

ITB in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.