The Important Data Privacy Events Shaping the Past Decade

Compared to the privacy challenges we face today, privacy concerns in the 90s may seem mundane and were certainly less complex. A consumer in the 90s might have worried about spam or the safety of their credit card information on an e-commerce site.

It was before the widespread use of powerful technologies that we take for granted today, such as social networking, cloud computing, and location-aware mobile services.

The past ten years have seen impressive advances in our ability to collect, store and process information, which has, in turn, raised numerous and difficult data privacy challenges.

Questions such as, Should I allow this mobile application to access my location data? weren’t even thought of in 1999.

Yet, with the explosion of smartphones today, this is not an uncommon question.

10 Important Data Privacy Events

Looking back, we’ve selected ten events, laws, and trends that have shaped the privacy landscape in the past decade.

1. Surveillance

Following the terrorist attacks of September 11, 2001 Congress endowed the federal government with expansive new powers to monitor citizens through the passage of laws such as the Patriot Act.

In 2002 Jet Blue turned over 5 million customer records to the TSA.

In 2007, Congress passed the Protect America Act of 2007, allowing wiretapping on in-bound and out-bound foreign communications without a court-issued warrant.

The federal government would later grant immunity to telecommunications companies who shared consumer records during the course of federal investigations and in 2009 a federal judge threw out a citizen lawsuit challenging this immunity.

2. CAN-SPAM Act

In 2003, Congress passed the CAN-SPAM Act, requiring commercial e-mail messages to adhere to requirements such as providing a clear unsubscribe option and an accurate subject line.

Critics have lambasted the law’s less-than-rigorous enforcement record, highlighting studies that show that the vast majority of spam messages do not comply with the Act.

Regardless, in recent years a number of high profile cases have been brought against spammers under the Act, one of which resulted in a $234 million judgment against two spammers.

3. Do-Not-Call Implementation Act

In 2003 Congress passed the Do-Not-Call Implementation Act allowing consumers to block telemarketers from contacting them via the creation of a national do-not-call registry.

FCC regulations have always prohibited telemarketers from calling wireless phones.

4. California Privacy Policy Law

In 2004 a California state law went into effect requiring commercial Web sites to have a conspicuously posted privacy policy.

Since the law required this of all Web sites who do business with California residents it created a de facto national compliance burden.

These days, you won’t find a successful website without a privacy policy, which means that for almost all major websites consumers can understand how the site collects, uses, and protects their personal information and therefore make informed decisions about their use of the site.

5. Spyware

In 2005 Webroot Software reported that more than 90 percent of computers with Internet connections were infected with spyware.

In the 90s “spyware” typically referred to software used for espionage purposes.

But in the past ten years the term has come to describe a scourge of software technologies that surreptitiously install themselves on a user’s computer and collect user personal information and/or alter a user’s computer configuration, coming at untold cost to user privacy.

6. HP Pretexting Scandal

In September 2006 news broke that HP’s Chairwoman and General counsel had hired contractors to investigate board members and identify a suspected media leak.

The investigators, using personal information to impersonate board members (a practice known as “pretexting”) were able to gain access to board members’ telephone records.

HP became the target of a larger Congressional investigation into the aggregation and resale of personal information and this clued consumers in to the fact that data brokers were quietly aggregating comprehensive databases of their personal information, culled from both online and offline sources.

7. AOL Search Data Release

In 2006, AOL intentionally published the “anonymous” search records of over half a million users, totaling some twenty million search queries. The issue?

Many of these search records weren’t exactly anonymous.

Researchers identified a number of individuals based on their search queries alone, calling into question the favored online adage: “On the Internet, nobody knows you’re a dog”.

This event helped the public grasp the magnitude of their digital footprint on the Internet and appreciate that most of what we do on the Web from the relative privacy of our home, is not, in fact, anonymous.

8. Facebook’s Beacon platform

In 2007, Facebook launched an advertising platform called Beacon, which publicized the activities of users on partner websites such as blockbuster.com within a user’s social network and facilitated advertising based on user activity.

While Beacon originally launched as an opt-out platform, public outcry resulted in a change to opt-in, and Beacon was later disbanded altogether in September of 2009.

Beacon was not the first, nor last online product to link consumer online activity to an advertising platform.

But it was one of the most publicized examples in the past decade of this technology and helped the public recognize that companies have a vested interest in linking their web activity to targeted advertising.

9. Data breaches

A rapid decline in the price of digital storage in this past decade has allowed companies to collect and store increasingly vast amounts of consumer information.

Stolen or misplaced laptops and thumb drives have compromised the personal information of millions of individuals in the last ten years and rapidly expanding personal information databases have become ever more attractive targets for hackers and thieves.

Two of the largest events to underscore this phenomena were hacking breaches suffered by TJX Companies Inc. in 2007 and Heartland Payment Systems in 2008, which compromised 45 million and 130 million credit card and debit card numbers, respectively.

10. Mobile and Location Awareness

The proliferation of Internet-enabled smart phones has driven the creation of impressive mobile services that incorporate these phones’ ability to geographically pinpoint their users via GPS or triangulation.

In 2009 foursquare.com and gowalla.com launched their respective services allowing users to share their location information for social networking and gaming purposes.

These technologies have opened a new dimension of data collection, raising the possibility of third-parties like advertisers using this data to track people not just on the Internet but in the real world as well.