Categories
Innovation

Privacy in social software

If I was to enter your address and other personal details into an online application like Plaxo (an address book/calendar), and those details were leaked (or sold, for that matter – not that Plaxo would do that), how pissed would you be. Would you forgive me for storing your details in some third party database? If somebody used those leaked details to impersonate you, and they were caught, would I be liable for having entered your details into my online address book in the first place without getting your permission? I wouldn’t think twice about putting someone’s details into an electronic address book that resides on my computer or using an old-fashioned paper-based address book. But an online address book service could potentially store millions of address book entries put there by thousands of users, and it therefore becomes an attractive and worthwhile target for criminals.

By ricky

Husband, dad, R&D manager and resident Lean Startup evangelist. I work at NICTA.

3 replies on “Privacy in social software”

I appreciate getting a response from someone at Plaxo. Thanks for your comment. However John, you miss the point. I’m not uncomfortable. But what if the people whose details I was storing were uncomfortable with me doing so? The people whose details I stored wouldn’t necessarily be users of these online services. In fact, they may not use the Internet at all. Looking at my address book, there are numerous entries in there which don’t contain any Internet related information (e-mail addresses, web sites, etc.), but which contain information that would nevertheless be useful to marketers, insurance salespeople and so forth. I was rather hoping your comment might address the question of my liability in a scenario such as the one I outlined, whether it be information stolen from Plaxo, Gmail or some other similar service.

An interesting question. As more and more people use various online services, and as applications are migrating from the desktop to the cloud, more and more of what would previously have been on the local hard drive will now be in sevure data centers around the world.

Of course some data is more useful to bad guys than others. I suspect that there’s way more risk with services that store credit card and social security card info than in things like Plaxo and webmail services, which really only have contact info. Either way, we know it’s critically important for us to have a super-strong privacy policy and robust security systems and practices — and to have these audited on an ongoing basis.

Leave a Reply to John McCrea Cancel reply

Your email address will not be published. Required fields are marked *