Surprising Privacy Gaffes

Surprising Privacy Gaffes

Over the past 3 months, we have come across 3 instances where personally identifable information (PII) is being stored in URL query strings. Very surprising that this happens once, let alone 3 times.

All 3 sites are using Google Analytics, which means that they were violating the Google Analytics Terms of Service, which states:

7. PRIVACY . You will not (and will not allow any third party to) use the Service to track or collect personally identifiable information of Internet users, nor will You (or will You allow any third party to) associate any data gathered from Your website(s) (or such third parties’ website(s)) with any personally identifying information from any source as part of Your use (or such third parties’ use) of the Service. You will have and abide by an appropriate privacy policy and will comply with all applicable laws relating to the collection of information from visitors to Your websites. You must post a privacy policy and that policy must provide notice of your use of a cookie that collects anonymous traffic data.

The sites were passing contest entry, registration data and purchase transaction completion data to various backend transaction systems. These were 3 different companies, and one requires all vendors to sign an agreement that they will protect the privacy of customer data.

Google Analytics aside, the web developers should understand that they have just made PII very publically available since the URL is stored in browser history. Let’s say the contest entry visitor uses a public computer (e.g. at a hotel, Internet cafe, library, friend’s laptop…) and does not purge history after they leave the machine. Other users who pull up browser history have access to the data. Duh!

The consequences of such a misstep are clear. Prevention has to occur at the design stage. Auditing isn’t the answer but it will probably prevent launch of such a gaffe.

There has been plenty of talk about protecting private information.

So what basic understanding is missing such that this happens?


By |2014-11-19T10:51:48-05:00March 11th, 2011|1 Comment
Categories: Privacy

Comments are closed.