The Lesson I Learned about Email Privacy

About a month ago, I submitted five photos to the 2012 Annual Cherry Blossom Festival photo competition, organized by an organization called FotoWeekDC. I even posted about this on this blog, asking you, my dear friends, to support my entry for the People’s Choice award. Well, the winners got announced last week and I was not among them. However, this is not the reason why I am writing this post.

In addition to exposing me to some extremely well composed pictures and showing me how to elevate my photography for future occasions, this competition also taught me one other valuable lesson. FotoWeekDC had made a terrible human error when notifying all participants of the final decisions. Instead of using mail merge, or at a minimal masking all participants’ email addresses in a BCC list, FotoWeekDC had included all participants’ contact information in the normal addressee line. Thus, by reading the email, I could also see dozens of other contestants’ email addresses. In a similar fashion, dozens of other strangers could see my email address. I consider this a major breach of privacy — irrespective of whether it was done on purpose or not.

Below, I’ve posted my disgruntled (but still polite) email to FotoWeekDC, as well as their reply, in which the site’s Operations Coordinator acknowledged the error and apologized for it. I recognize the fact that errors do happen — that’s why we are all human. However, I believe that in our current age of heightened privacy concerns it is inexcusable for any online outfit, be it small or large, to lack basic automatic control to prevent such mishaps from taking place. After all, FotoWeekDC’s site charged money for photo submissions — i.e., it qualifies for an e-commerce site. I entrusted not only my email address but my credit card details to that site. I have the right to expect full and unconditional privacy for each of those important pieces of personal information.

Email Exchange between Me and FotoWeekDC

The lesson I learned is never to take for granted that a site has secure privacy controls. Going forward, I would only submit entries in such competitions using a one-time email that I plan to dispose of after the end of the competition. I feel lucky that I did not use my primary email address to submit my entries. The email that got disclosed in such an unfortunate fashion is still one that I check on a regular basis but not my day-to-day one. That way, even if my information reached the hands of spammers, the nuisance would be somewhat contained. But think of all the other people who might have unsuspectingly submitted the photos using their primary emails. Dozens (if not even hundreds) of strangers now have their details. Scary stuff!

Have you experienced similar breaches of your email privacy? Care to share them?

This entry was posted in Experience, Technology and tagged . Bookmark the permalink.

2 Responses to The Lesson I Learned about Email Privacy

  1. Hristo says:

    One-time email, or one-time credit card seems like a great idea, but how do you get these?

    • Emil_M says:

      Good questions, Hristo. For email, I’ll just create a fake account on Yahoo or Gmail, which I’ll keep only for occasions like this one (competitions, sweepstakes, etc.) For credit card, one of my old cards used to allow me to create one-off numbers with $ limits for online transactions (unfortunately, they discontinued that service). But I’m thinking I can buy a prepaid VISA card from CVS or another convenience goods store and use that instead.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s