About a month ago, I submitted five photos to the 2012 Annual Cherry Blossom Festival photo competition, organized by an organization called FotoWeekDC. I even posted about this on this blog, asking you, my dear friends, to support my entry for the People’s Choice award. Well, the winners got announced last week and I was not among them. However, this is not the reason why I am writing this post.
In addition to exposing me to some extremely well composed pictures and showing me how to elevate my photography for future occasions, this competition also taught me one other valuable lesson. FotoWeekDC had made a terrible human error when notifying all participants of the final decisions. Instead of using mail merge, or at a minimal masking all participants’ email addresses in a BCC list, FotoWeekDC had included all participants’ contact information in the normal addressee line. Thus, by reading the email, I could also see dozens of other contestants’ email addresses. In a similar fashion, dozens of other strangers could see my email address. I consider this a major breach of privacy — irrespective of whether it was done on purpose or not.
Below, I’ve posted my disgruntled (but still polite) email to FotoWeekDC, as well as their reply, in which the site’s Operations Coordinator acknowledged the error and apologized for it. I recognize the fact that errors do happen — that’s why we are all human. However, I believe that in our current age of heightened privacy concerns it is inexcusable for any online outfit, be it small or large, to lack basic automatic control to prevent such mishaps from taking place. After all, FotoWeekDC’s site charged money for photo submissions — i.e., it qualifies for an e-commerce site. I entrusted not only my email address but my credit card details to that site. I have the right to expect full and unconditional privacy for each of those important pieces of personal information.
The lesson I learned is never to take for granted that a site has secure privacy controls. Going forward, I would only submit entries in such competitions using a one-time email that I plan to dispose of after the end of the competition. I feel lucky that I did not use my primary email address to submit my entries. The email that got disclosed in such an unfortunate fashion is still one that I check on a regular basis but not my day-to-day one. That way, even if my information reached the hands of spammers, the nuisance would be somewhat contained. But think of all the other people who might have unsuspectingly submitted the photos using their primary emails. Dozens (if not even hundreds) of strangers now have their details. Scary stuff!
Have you experienced similar breaches of your email privacy? Care to share them?