The Wall Street Journal recently featured an article about Plaxo. Many thanks to our enthusiastic users who were quoted in this piece and extolled their extreme satisfaction with Plaxo. That our users love and value Plaxo, and are telling their friends about it, is reflected in our growing network. Since May 2003, Plaxo has registered more than 1.6 million users and more than 23 million people have responded to their requests for updated contact information.
We are thrilled to have been profiled by the country�s top business paper, however, the article raises some important points that deserve further clarification. The first is the comparison to spam. It�s important to know that every interaction between Plaxo users and their contacts is initiated by the user, the owner of the address book. Like Hotmail, Yahoo Mail or Outlook, Plaxo is a software application and service that people use to send emails. While Plaxo computers handle the mechanism of sending the emails on users� behalf, Plaxo, the company, does not send emails to anyone. All update requests are deliberate, initiated by the address book owner.
We�d also like to re-emphasize our rigorous commitment to privacy. BusinessWeek recently praised our privacy policy, calling it one of the most stringent they�ve ever seen, going above and beyond the industry standard. While it�s an extreme and dramatic example, the Pentagon official mentioned in the story had his concerns about Plaxo resolved to his satisfaction. Privacy and security are part of our core values and we built Plaxo Contacts from the very beginning with both in mind. We want consumers to feel comfortable about using Plaxo Contacts, to have no qualms about it at all. Our business depends on our users trusting us with their personal data and we have every reason to protect that trust.
All in all, we�re thrilled to have been profiled by the Wall Street Journal, and are looking forward to spreading the Plaxo story to more people.
Read the full story at
http://www.plaxo.com/css/about/wsj_20040227.html
Comments
Steve,
I'm the Privacy Officer that you corresponded with in early Feb.
You've made some reasonable points on the need to further clarify the meaning of the word "aggregate" and "personally identifiable", and we will take this into consideration for future revisions to our Privacy Policy. Frankly though, this hasn't been a major problem or priority. To my knowledge, you were the first to raise this issue 5 weeks ago, and it just hasn't come up again since.
As for "no statement about what may be done with" opt-out infromation, I agree that more work needs to be here.
The intent of the Plaxo Privacy is to treat opt-out information from users in the same fashion as regular Plaxo users. In other words, the information is not shared with 3rd parties, users can remove or change their information at any time, etc...
But your comments have raised the visibility that we need to better address this issue. We are already working on changes to the Privacy Policy to make it more explicit on how opt-out information is handled which should clear up any confusion on this matter. Hopefully it will meet with your approval.
On a complete separate subject, I welcome people to check out our new Blog Article - Your Contact Information: Ownership vs. Privacy: http://blog.plaxo.com/archives/000011.html
Thanks for the comments,
Stacy
Despite the "glowing praise" of the security policy, it does NOT cover what happens to the information of all the NON plaxo users whose addresses have been acquired by the "Plaxo community." Should Plaxo decide to fold or be acquired the Notification Policy specifies that Plaxo *users* be notified and asked for permission to disseminate information. If even ONE person who has my information agrees, my personal contact information can now be used - but I, a non-Plaxo person get no say.
Moreover, in the "Limited Sharing with Third Parties" section the "disclosure in 'aggregate'" statement does not expressly forbid simply giving a list of all contact e-mail addresses. 'Aggregate' can mean either "in summary" or "in its entirety". One issue is what "personally identifiable" means.
Also, to prevent Plaxo from giving my information to others, I must record at least my E-mail address in Plaxo's records with "deny all" option. There is no statement about what may be done with this information in the event of business failure and/or acquisition.
In other words, all the policies focus on "Plaxo Users" but not on the contact data which may contain information about MILLIONS of non-Plaxo users.
Despite my bringing these items to the attention of the 'Privacy Officer' months ago I see no changes to the privacy policy have been made.
It probably matters little as I doubt this post will remain - seems easier to talk about how great the policies are than to admit the glaring weaknesses.