Yes, I admit I have a Facebook account. I even belong to a group or two. One of a group’s members seemed to be asking for way to much personal information over the past few weeks, but the other members really don’t seem to care.
A Facebook group
One of the groups I belong to is set up for people who lived in the community I am from “who wish to have a page for shared memories, photos, etc. of growing up…without advertising or any personal or political agenda.” I’ve been able to reconnect with old friends read postings from other members who have related stories that have rekindled some great memories for me. It was really enjoyable.
From any post, or response to it, I am able to look at the poster’s personal page. Only a few of these pages have taken advantage of Facebook’s privacy settings. Naturally there is a lot of personal information on these pages.
Then the requests for personal information
To spur some conversation someone asked the question “what was your address when you lived in the community?” The responses started coming providing full street address, the year that the respondent moved, and where the respondent currently lives. There were close to 100 individual responses.
As a privacy professional I started twitching. I wasn’t going to provide the information and for some reason felt a need to warn others about the dangers of identity theft. The postings, after all, were available for anyone to read.
How did the group react? I was paranoid.
A week or so later the next request came; “what was the name of your high school and when did you graduate?” Again about 100 respondents. Most were born in the 1940s, 1950s, and 1960s. Yes, Facebook lets you provide your birth date, but usually you do not find someone revealing the year they were born.
I became more uncomfortable and, again feeling some social responsibility, posted a warning; it was confirmed that I was still paranoid.
This week the request was for your favorite places in the community and your best friend’s name. In my mind I could see a list of challenge questions from credit reporting agencies or other financail institutions that could now be answered. With limited additional research couldn’t someone just go on creditkarama.com and masquerade as someone else effectively stealing their identity?
Clearly I was just being paranoid, but I commented one more time. The responses felt like I was being stoned in the town square.
The moral of the story
Being a privacy professional gives you an opportunity to help improve practices within your organization. I also believe that we should be giving back to our communities in one form or another and this could include trying to steer your friends from privacy mistakes. That doesn’t mean that your friends will listen.
The moral of the story is that you can take a friend to water, but you just can’t make them drink. So I’ll just sit here looking over my shoulder in case someone is sneaking up from behind.