Some leading Web sites in Canada are inappropriately "leaking" registered users' personal information -- including names, e-mail addresses and postal codes - to third-party sites such as advertising companies, research by the Office of the...
September 26, 2012
Some leading Web sites in Canada are inappropriately “leaking” registered users’ personal information — including names, e-mail addresses and postal codes – to third-party sites such as advertising companies, research by the Office of the Privacy Commissioner of Canada has found.
“The research findings raise concerns for the privacy rights of Canadians,” says Privacy Commissioner Jennifer Stoddart. “Web leakage can involve the disclosure of personal information without an individual’s consent or even knowledge. Our research also raises questions about compliance with Canadian privacy law in the online world.”
The research identified significant privacy concerns with approximately one in four of the sites tested. Web sites were disclosing information to third parties, apparently without the knowledge or consent of the people affected and possibly in violation of federal privacy law, the Commissioner said.
For example, it showed that when people registered to receive promotions from a shopping site, their e-mail address, username and city were disclosed to a number of analytics and marketing firms.
“Although the sample size was relatively small (25 web sites), the sites examined are among the most popular sites targeted to Canadians and represented a range of sectors, including media, shopping and travel services,” a release from the Privacy Commissioner stated. “All are sophisticated websites operated by large organizations which account for billions in combined annual revenues.
“At the time tests were conducted this summer, researchers identified significant privacy concerns with six sites. They also had questions about the practices of a further five sites. The remaining 14 sites tested did not appear to be leaking personal information.”
Stoddart has written to 11 organizations to ask them to provide information about their practices, and, where appropriate, to explain how they will correct any problems to ensure compliance with privacy law.
The Privacy Commissioner has not exercised her discretion to publicly name the specific tested organizations at this time.
The Office of the Privacy Commissioner of Canada is also contacting industry associations in order to discuss web leakage and to request their support in raising awareness about the issue.
“Our research serves as a wake-up call to all online services to ensure they are complying with Canadian law – and respecting the privacy rights of people who use their sites,” says Stoddart. “It is clearly possible for organizations to operate successfully in the online world without leaking people’s personal information — a majority of the websites we looked at were not doing it.”
The research was prompted by international studies that have found many Web sites were leaking users’ personal information to third-party sites.