Oh God - Not Another Privacy Policy

Why do we have these ghastly things? It's conventional wisdom that anyone collecting any personally identifiable information should have a written privacy policy. But that includes everyone. Notices are supposed to cover five basic consumer privacy rights: Notice, Choice, Access, Security, and Enforcement. See Consumer Reports in Big Browser is Watching You (May 2000). Also see the FTC, Fair Information Practice Principles (Jun. 2007). But who reads these notices? By and large, you can't do anything about how people use your data anyway, and they often don't follow their stated policies. It seems to me it's totally wasted effort, and I'm not the only one. See Fred H. Cafe, The Failure of Fair Information Privacy Practices, Consumer Protection in the Age of the Economy (2006). Also see Jay Cline, Are Privacy Notices Worthless?, Computerworld (Jan. 26, 2007). Nevertheless, even states and countries are requiring some websites to carry these notices as a matter of law. This is about as useful as requiring politicians to report who bribed, er, contributed money to them on their financial disclosure forms. But who am I to argue?

'Chase' D. Fonteno's Personal Website Privacy Policy

This website collects personally identifiable information (maybe). By viewing pages, information about how you found the pages and what pages you viewed is collected. That information is not personally identified but in most cases it could be associated with you rather easily. The operator of this site does not share such information with marketers, nor is it used to send unsolicited bulk email nor it is used to send you a birthday card on the appropriate day (sorry).

  1. Notice:
    1. Who is collecting your data? This is a personal website. It is run by 'Chase' D. Fonteno and or Hilton Head Properties, Inc. 400 N. St. Paul Street, 14th Floor, Dallas, TX 75201; tel: 1-214-712-9800 fax: 1-214-9801. You may also contact 'Chase' D. Fonteno by e-mail. The services of statcounter.com are used to obtain statistical data about visits. The hosting company that hosts my web pages, and their servers, also record information about visits. In addition to these entities, your internet service provider has access to most of your online searches, pages viewed, and even email content. Many keep logs of customer transactions. Some have proposed to inspect all of the data you send and receive to compile a dossier to sell to marketers for advertising purposes. See Declain McCullagh, Web Monitoring for Ads? It May Be Illegal, cnet.com (May 19, 2008). And that doesn't even consider the technicians at phone companies, internet companies, and intelligence agencies, where 'reading the mail' may be almost the only perk in an extremely boring job.
    2. How is the data used? The statcounter information is used to try to make the website more useful. For example, recently a number of visitors searched for information about Mars. It's reasonable to guess that these visitors were looking for information about the recent Phoenix lander. But they were getting my old page with pictures from the Mars rovers. So I put a link in the old page to the Mars Phoenix website to help redirect people. The mydomain server logs contain similar data, and may be used for similar purposes. If you send email to Chase, that data is stored on a mail server and may be used to reply to your query or for followup. At the time of writing, Chase does not normally delete emails unless they are spam. The hosting company logs may be retained on the server until overwritten by new logs, which could take many months. My statcounter logs are limited to the most recent 500 visitors.
    3. Who may receive the information? It is important to understand that your personally identifiable information is not in the personal and exclusive possession of 'Chase' D. Fonteno. To our knowledge, there is no access to or disclosure of the data in the site's database, to anyone other than for administrative purposes or in response to appropriate legal process. You may want to read the statcounter.com privacy notice, as well as the godaddy.com privacy notice and the google.com privacy notice for yourself. Without appropriate legal process, none of your information will be intentionally disclosed that has any of the personally identifiable information to other third parties, such as advertisers. There are no ads on my site. Similarly, I don't intentionally disclose email addresses or contents to third parties without permission. There is one exception. If you or your computer are spamming, Phishing, Cracking, or engaged in illegal activity, I reserve the right to disclose your personally identifiable information to system administrators, appropriate organizations such as spamcop.net, phishtank.com, and/or law enforcement personnel.
    4. What is the nature and means of collection? When you visit one of my pages, the nature of the internet is such that your browser tells the mydomain server what your current internet address is, generally the page you were viewing that linked to the current one, the search terms you used if you arrived via a search engine, the browser you are using, the operating system you're running, your screen resolution and similar data. Much of this is recorded in the server logs. Visiting a page also runs a JavaScript from StatCounter. This allows StatCounter to obtain some of this data and use it to provide me with convenient reports. StatCounter will, if possible, place a 'cookie' on your computer so that they can estimate time spent on a page and identify returning visits that happen within a short time (hours or less). If JavaScript is disabled, but image loading enabled, an image from StatCounter is loaded instead, so the visit is still counted, but less data is logged. Additionally, if you send me an e-mail, the internet address currently used by your mail program is sent along with your email address and message. Unless you use web-based email, that is probably the same internet address currently used by your browser. The browsing logfiles contain your browser's current internet address along with search terms and/or each page requested and/or delivered. Thus sending me an e-mail may supply sufficient information to unmask your nominally anonymous browsing record and identify it with you personally. It is not my practice to do this, but you should be aware that anyone who obtains the records could do so.
  2. Choice: Can I opt out? Visiting my website, like visiting any website, inherently discloses the data described, and emailing inherently discloses your email address. These disclosures are necessary to complete the transaction. There is no direct opt-out method. However, you can effectively opt-out of your browsing being recorded as personally identifiable information by using an anonymizing proxy such as anonymouse.org. Their free version keeps you anonymous to the websites you visit, newsgroups you post to, and people you email to. Their pay version, USD $38 annually, adds encryption to keep your transactions anonymous to your internet service provider as well. For email where you want a reply, you can open an account with a free email provider using an alias, and the person you email will only know that pseudonym and email address. For more information about actively protecting your online privacy, please visit Tools for Protecting Online Privacy.
  3. Access: Can I see my records? I don't provide access to the statistical data collected because it's stored in the aggregate and not individually. Should there be a reason, I would normally be able to send you a copy of any email you sent to me.
  4. Security: Are my records safe? Your personally identifiable information is password protected and held on central servers at StatCounter, GMail, and MyDomain. Since the data collection is limited to your browsing history on this site on the one hand and any emails you have sent on the other, that really is sufficient to protect the data, in my view.
  5. Enforcement: Can I complain? Sure. Should I fail to follow this privacy policy in some way that harms you, please contact me so that I can try to resolve the matter. It's not intended that the site in any way violate anyone's privacy.