Are you a member of any type of social or sports clubs? Do you exchange emails thru an email distribution list that the club provides? Do you know who has access to those emails? If your answers to these questions are yes, yes and no, then you might be compromising your personal privacy and security.
I recently changed the branding and domain name of my company (which is what you see now). In the process of practicing what I preach on the subject of online marketing and inbound links, I was more than surprised to find many links pointing to the old domain from a sports club I belong to. I was even more surprised when I clicked on the links and was lead to emails I had sent to the distribution list over 2 years earlier. Further review identified that all of the discussions for the entire club for the past 10 years were available to the search engines. In addition, since the discussion list is available to both club members and non-members, literally anyone who wants to can gain access to member information and communications.
Now, on its face it might seem that communications on social events, sporting events and boat maintenance are harmless. But let’s dig deeper into what information is being made available to the world. By following the links, anyone who might be interested can identify list members by first and last name, email addresses, what events they might be attending and when, what boat they own, what trips they are planning to take, what type of alcohol they prefer and what condition they were in at the last party. Get the picture?
You are likely aware of all the privacy issues surrounding Facebook and how people are losing jobs over things being said there, comments made behind what they thought were closed walls. If Sue happens to mention that Johnny was really plastered at the club last night and an employer or potential employer happens to find the comment, it’s possible that someone might lose a potential job opportunity, or even worse, lose their job.
Another potential scenario is that one of the many unscrupulous characters on the web figures out how to crawl the emails, gets a list of who and when people are attending races or events and then goes and robs their houses.
The list goes on.
So, back to my initial questions, if you answered yes, yes and no, meaning you use club email distribution lists and you don’t know who has access to the emails, then I suggest you do a little homework.
The simplest solution is to check with the club’s e-mail administrator and simply ask, “Are our e-mails open to the Internet?” If you need a username and password to login to view the conversations, then chances are that your communications are secure. If not, then the club has some security measures to put in place.
You might also want to inquire about the club’s privacy policy, which should be readily available on their website. If such a policy doesn’t exist, then you might want to offer to assist in creating one. A privacy policy is a relatively new business requirement and not a lot of organizations know how to go about creating one. If you simply Google “[club type] privacy policy,” you will find plenty of examples from which to start. Simply modify an existing one to suit your needs or combine information from several different policies.
The Federal Trade Commission (FTC) regulates and oversees business privacy laws and policies that impact consumers. It is your club’s legal responsibility to take steps to properly secure or dispose of the information you provide them.
In the case of my personal club membership, the issue is that there is no password protection on the e-mail discussions. The situation has been presented to the club’s board and I am confident they will resolve it quickly. If you find yourself in a similar situation, hopefully you can be proactive in finding a solution before someone incurs harm because their personal information was made public.