You shouldn't have to fight, for your right, to PRIVACY!

At long last we've decided to cancel our cable TV and go 100% DVD and media purchased online (although we don't have as many options here in Canada). I assumed we'd get an Apple TV one day, but the Bell Video Store was announced a few weeks ago, so I signed up to see what I could learn.

I still haven't rent or bought a movie, but I did learn a lot about corporations and their privacy statements. I'm hoping this will be a cautionary tale for consumers, but more so for companies.

Seemingly obvious, but easy to break rule #1: Don't make your customers have to fight just to protect their own privacy, and by extension your employee and business-partner's privacy.

The seemingly most obvious rule (#2): Ensure the people responding to privacy concerns KNOW the company's policy.

The problem was simple, really. For some reason their support forum was set up to display people's e-mail address as their account name. This meant everyone's e-mail addresses were available - customers, Bell employee's, and the company that was hired to monitor the forum:

Ooops, not cool. I tried a couple of times to have the problem fixed using the online chat function, and by calling the main Bell number, but could never get through to anyone who even knew about the new video store, never mind anything about privacy.

My last choice was to send an e-mail to their privacy address around 7:30PM EST on Thursday. No response at all on Friday, or over the weekend. Finally on Monday after lunch I received a response! Success! But....

Before they were willing to "direct this matter to the respective Executive Care team for investigation & discussion of situation" they needed... MORE personal information! They kept asking for my telephone number before they would pursue this, even though there is no telephone number associated with a Bell Video Store account, and I kept on responding "I'd love to talk on the phone, if you give me a number I can call I will call right away."

This went back and forth a few times, until I finally found a way to break the stalemate: quoting from the Bible (OK, not THE Bible, but the full Bell Canada privacy statement at http://www.bell.ca/web/common/en/all_regions/pdfs/bcfip.pdf). And it worked!

Principle 2 - Identifying Purposes for Collection of Personal Information:
The Bell companies shall identify the purposes for which personal information is collected at or before the time the information is collected.
Principle 4 - Limiting Collection of Personal Information:
The Bell companies shall limit the collection of personal information to that which is necessary for the purposes identified.

This time it really worked. No requests for additional, unrelated information. The forum was fixed, but not before a few other people noticed.

Postscript: For a follow-on posting I'm going to consider what people expect from their employers, and from web services they provide personal information to. Could you take about a minute each to answer the single question on each of these two surveys?

Link to Survey 1: Which of the following information would you expect your employer to notify you about if the information was inadvertently made public on the internet or through laptop theft, even for a short period of time:

Link to Survey 2: Which of the following information would you expect a company you signed up with to notify you about if the information was inadvertently made public on the internet or through laptop theft, even for a short period of time: