The Consumer Matters is the blog of Leslie Grandy, aka Gearhead Gal.  My passion is creating and delivering compelling products that delight customers through simple and elegant user experience design.

Subscribe To My Feed

Follow Me on Pinterest



Read my blog on Kindle



Looking for a job in product innovation or product design? 


example: innovation, product, mobile, design

city, state or zip

Jobs by SimplyHired




Entries in privacy (3)


Humor: Has Google Gone Too Far? Wall Street Journal Op Ed

Excerpt Reprinted

Dear Google User: We're Sure You're Going to Love This

Dear Google User,

As you know, on March 1, we introduced a series of exciting changes to the privacy section of our terms of service agreement. Though we've done our best over the past month to systematically suppress search results and social-media commentary that have criticized these exciting changes, we have come to realize that this may not be the best way to deal with the massively negative feedback from those who use Google.

So we have decided to respond by doing what we do best: rolling out a new round of intrusive changes to the privacy section of our terms of service agreement.

But no need to worry. After using one of our patented algorithms to analyze a matrix of your Web-search behavior, online shopping habits, Google +1s, personal emails, confidential Gchat transcripts and cached browser data (including the stuff that you tried really hard to delete), we have determined, with statistical certainty, that you are really going to fall in love with our new privacy policy.

Read More...


Sprint: We Protect Our Customers' Data. You are Just a Consumer. 

First Published on Technorati: December 18, 2009 at 12:40 pm

Personally Identifiable Information (PII) makes it possible for a marketer, salesman or hacker to uniquely identify you. But what happens when your unique personal data, like your home address or phone number, appears in a stranger's customer's record?  Is it still your information to control?

In my last Technorati post on the topic of personal data, "Who's Protecting My Information in the Cloud?", I highlighted a challenge consumers have tracing their identity with platforms that share your account info, like Facebook, in order to extend capabilities through the Internet cloud. But what happens when a company erroneously possesses your data in an account they believe authorizes them to use it to market to you? What rights do you have as a consumer to remove your personal data from another person's account and opt-out of the marketing?

I, like many other consumers, have placed my phone numbers on the National Do Not Call List, so when I received an automated call from Sprint, on my Verizon landline pSprinthone, I was perplexed. I have not been a Sprint customer since the turn of the century. I have owned this landline number since 2006. My wireless accounts are with T-Mobile and AT&T.

The automated voice on the other end of the phone notified me that a refund check in the amount of $37.67 had been approved and was in the mail from Sprint . The bot repeated the message and hung up. I was concerned this call might be a scam, or reflect a misappropriation of my identity. Thanks to caller ID, I could return the call and the 800 number it resolved to turned out, in fact, to be a call center for Sprint.

After navigating their menu of options that kept asking me for my Sprint account information, which I don’t have since I am not a customer, I got to a live rep. The rep acknowledged after a few minutes she couldn’t access the customer account where my landline number was stored to remove it. Why? Because I couldn’t give her the PIN for that account, let alone the Sprint account number.

I requested they stop calling me since they had no explicit permission to use the number as the listed owner of the landline. I offered to fax an affidavit and a copy of my phone bill which showed my address, to verify it didn’t match their records for the customer who was associated with my home phone number.

I even suggested there might be a risk that more of my personal data could have been co-opted, perhaps by someone perpetrating an identity theft for credit. “It was probably just a typo by the person who entered it,” she casually offered. Escalation to her supervisor was no more successful, and he summed up the situation this way: “There is no one in the Sprint or Nextel call center who can remove your personal information without a PIN.” A PIN, of course, which is only given to a Sprint customer, which I am not.

After two more automated bot calls from the Sprint 800#, I decided as a consumer I needed to understand the company's corporate policy on how they verify who 'owns' the actual data in the records they protect. Sprint’s representative provided the following official comment about its willingness to verify personal information and remove it from a customer record:

Sprint strives to maintain the most up-to-date and accurate customer account information. Inevitably, situations arise where inaccurate data is incorporated into our account records. When such a situation is brought to our attention, we will take the appropriate steps to resolve it.
In this instance, Sprint's Office of Privacy is reaching out to the Sprint accountholder whose information includes your landline phone number. Out of concern for customer privacy, we must first verify the change with the accountholder. Once the accountholder consents to the change, we will promptly update the information.
If an individual who is not a Sprint customer is contacted by Sprint about a Sprint account-related issue, we encourage them to contact our Office of Privacy at, or visit Our Office of Privacy will analyze the facts of the case and assist in resolving the issue.

The important insight in the above statement is that the Sprint customer must verify that the data can be removed. Companies contract to protect the personal information of customers, not any consumer. The bias is to protect the people who pay them to do so.

I asked Sprint specifically, then, how they verify their account holder has permission to use the data in question, especially if one of their customers may be using the appropriated data to commit identity theft. I further asked them to provide instructions for what recourse a consumer has to expunge the “inaccurate data” if the Sprint customer does not permit the change. 

Apparently that policy is still formulating, as Sprint has not provided a clarification on this point. The State's Attorney General's office could not be reached for comment.


Facebook Friends, Sort Of

RT@peterpham Shldnt be this hard RT @joshelman: I think I got FB privacy set up right. I used 4 test accts to check from friend, fr of fr,nonfriend, etc.

All of us Facebook users by now have wrestled with the idea of who to "friend" and ignore, and now that the new privacy settings are live, it appears we are all doing it again. Although most of us have adapted to the notion that we had only two choices - confirm or ignore - we now have to adjust our thinking back to the idea that there are levels of friendship.

On the surface, privacy settings are an obvious evolution for Facebook, and these tools address a big concern that has potentially blocked some consumers from joining the juggernaut of social networks or adding more people to their networks. But for the more than 65 million of us existing users, users who have debated the 'confirm' or 'ignore' question with every invitation, it presents a bit of a quandary. With so many combinations of settings when there were so few before, will it be easy for me to remember who has access to what information anymore? Life was so simple when I knew if you were a friend or someone to ignore. The relationship between my content stream and my friends was clean. You saw it or you didn't.  But now there are tiers of disclosure. And that means more settings.

If you know me at all, you know I am a huge proponent of giving consumers control and choice. But adding tools like this seem to "complexify" what was a pretty simple, binary communication experience - we're friends, and we share.

I recently connected with my older brother on Facebook, who became my second family member to join my network. Both live and work in different cities, not where I live or where we grew up. And I don't know either of their friends at all. Their "friends of friends" network looks a lot like the category now called "everyone" to me, and so that distinction seems especially insufficient for publishing personal posts.  In turn, the things I communicate to my family about my day to day has changed dramatically over the years, especially since I moved away from home. The current privacy groupings fail to help address the special kinds of communications families share.