In 2016, you likely heard the lurid tale of Target revealing a man’s high-school-aged daughter was pregnant. Target’s algorithm had noted her Guest ID number making common first trimester purchases and began sending automated maternity ads to the family’s mailbox … All before she’d had a chance to break the news to her parents.
Something like this micro-targeting example reveals the arrogant disregard for our privacy, but it seems like nothing has yet shocked America into revolt … in fact, the situation just keeps getting worse. Instead of respecting customers, marketers have just become better at concealing the deception. Andrew Cole, a Target company statistician, told The New York Times:
If we send someone a catalog and say, ‘Congratulations on your first child!’ and they’ve never told us they’re pregnant, that’s going to make some people uncomfortable… We are very conservative about compliance with all privacy laws. But even if you’re following the law, you can do things where people get queasy.
The California Consumer Privacy Act (CCPA), an attempt to replicate Europe’s GDPR privacy standards, comes into effect on January 1, 2020. However, even when these new, more stringent, standards start, the average consumer will remain unaware of how little privacy she retains.
Your smartphone, your life
The New York Times recently obtained access to an enormous file of cellphone location data.
A whistleblower delivered this data — 50 million data points — without associated names, ages, genders, or other information that would overtly identify cell phone owners, even though anyone who had purchased the dataset would likely have some or all of this information.
Even without knowing identities, the reporters were able to track individuals by their movement during average commutes or by attending events from late 2016 to early 2017. The reporters were easily able to identify celebrities who had entered the Playboy Mansion or the home of Johnny Depp. Of more concern, they could also follow White House staff members, intelligence officers employed at the Pentagon, and DC riot police.
Even worse, they could track executives and celebrities visiting drug treatment facilities, abortion clinics, and massage parlors.
This data is available to anyone with a devious knack for digital breaking and entering.
Many companies are clueless
By now it should be obvious that it takes very little data to make a positive ID on a person … and this is data that is becoming more freely available and commonly breached. One study showed that information easily gathered by the US Census — birthdate, zip code, and gender — would be enough to identify 87 percent of Americans.
I recently received a phone call today that I’m almost positive was actually from my healthcare provider, but because I didn’t recognize the phone number, I refused to provide my zip code and date of birth to confirm my identity.
I could nearly hear the caller rolling her eyes, but my concerns are legitimate. My healthcare provider should not solicit information along these lines, and I’m disappointed with them for their ignorance.
Put down the tinfoil hat and protect your privacy
While going off the grid is not an option for social media marketers, it doesn’t mean that we can’t protect ourselves.
First, there’s the small stuff.
- Don’t give information over the phone
- Bookmark your bank, your medical portals, and any sites you use to pay bills
- Only visit those sites through your saved bookmarks
- Never click on links delivered via email or text message
- Create incredibly strong but easy to remember passwords by mashing four unrelated words, using spaces between whenever possible
- This would work: Twitter Ethics Red Paris
- This would not: NeverS4yNeverB0nd
Start using technology to protect your privacy
- Password keepers can be problematic, but you must switch now if you do any of the following:
- Use the same password more than once
- Have a password on a Post-it note
- Keep a password document in Dropbox
- Keep abreast of data breaches by checking HaveIBeenPwned periodically or sign up for alerts
- Browse through EFF.org and try out their free tools, especially Panopticlick
- If you use sites that provide some anonymity, such as reddit, use throw away accounts for anything sensitive
- Consider buying a physical key to act as a password. My favorite is Yubikey
- Try to distance yourself from known privacy offenders such as Facebook, Google, and Amazon
- Try to utilize encrypted services when possible, such as Apple Messages or Protonmail, and consider using a VPN
- Whenever possible, use companies that tend to value privacy, such as Apple, Firefox, GitHub, and (though counter-intuitive) YouTube over Vimeo
If you enjoyed this article, I’d like to leave you with a puzzle: given the current capabilities for technology to identify an author through word choice, how many tweets from an anonymous account do you think would be necessary to identify someone? I have my estimate, and I’d love to compare notes! (Assume all tweets are at the modern 280-character length)
Kiki Schirr is a freelance marketer who enjoys absorbing new trends within the tech scene. She switched to an iPhone early this year, even though she suspected her privacy concerns were paranoia. Now she’s less certain. Kiki is most easily reached via Twitter.