Join the forum discussion on this post
We’ll be able to see the actual worth of the TRUSTe program in how it handles a relatively straightforward privacy complaint.
It is a fundamental principle of privacy practice that personal information collected should be destroyed once the purpose of the collection is no long valid. This matter figured prominently in the recent Facebook Ruling by the Privacy Commissioner of Canada due to the fact that Facebook did not delete user accounts after those accounts were closed by the user or no longer active.
Following is the verbatim text of the complaint submitted to TRUSTe:
Why do you think your privacy has been violated by this web site?*
Windows Live is maintaining user accounts of very old lineage dating back to before Microsoft implemented the Passport system and offered Hotmail as a separate service.
This is many years ago. When it came to my attention that Microsoft in fact still maintained an account in my personal name, first I asked to have it reactivated so I review it and possibly delete it.
To reactivate Microsoft stated that I would have to answer the security questions provided from the years-old account. I explained that I could not remember the security question let alone the security answer. Moreover the email address under which the account was created, either caleval@shaw or cale...@sympatico.sk.ca were long defunct.
I offered to verify my identity through a credit card transaction or through a verified PayPal account transaction.
These offers were met with instructions on how to contact the Microsoft legal department so I could try to get a court order forcing them to give me access to my own information.
This complaint to you is the second step (the first being dealing directly with Microsoft) in my remedy plan. If TRUSTe is unable to resolve it, then step 3 will be a formal complaint to the Canadian Privacy Commissioner which just recently ruled the practice of Facebook retaining defunct accounts is contrary to Canadian Privacy Law.
If the Commissioner is unable or unwilling to resolve it, my final step will indeed be to proceed to court and having done everything a reasonable person can be expected to do, I will expect to receive full costs to be awarded in a court ordered settlement.
This is frankly absurd. The have any number of ways to securely identify to at least the standard financial institutions require, yet they refuse to avail themselves of that opportunity and all for an account that is of no apparent value since it now only represents an inactive record in their apparently eternal database.
Note that the account name, cale...@hotmail.com is the family name of a very small number of directed related people. The name was an original creation of my father, an orphan who invented the name to disown the given name he had. We have never found a single instance of a Caleval on the planet who is not directly related through blood or marriage.
Regardless, it is a fundamental principle of privacy practice that personally identifiable information should be destroyed once the purpose for which it was collected no longer exists. Since Microsoft will not provide the service for which the information was originally provided, de facto the purpose no longer exists and Microsoft is obliged to destroy the information.
What resolution are you seeking for your complaint?*
I want the hotmail account assigned to cale...@hotmail.com to be completely removed from Microsoft databases and I want written confirmation that this has been done. My preference is that they reactive the account and allow me to use it, but I believe it is unreasonable to insist they provide any service unwillingly. Given that they apparently do no wish to provide me service, then the complete removal of the account from their system is sufficient remedy.
—-
All articles in this series:
[ssoseries]
