Skip to Content
Security & privacy

Be careful! These major companies are not protecting your personal data

What does a major national newspaper, a cruise line and a hotel giant all have in common? Sadly, they are among a group of companies being dinged for not doing enough to protect your personal data. In fact, according to a new report, they make up the lowest of the low in terms of privacy.

Every month, Texas-based Osano releases its Data Privacy Misleader Board, which lists companies that do a poor job of collecting and using consumer data. Osano began the list in April this year and major corporations such as Disney, Hulu and Delta Air Lines have made the list.

There is a new crop of companies in the hot seat for June’s Data Privacy Misleader Board, which rates companies on a scale from 300 — the worst — to 850 — the best. There are some very big names on this month’s list.

New York Times privacy policy ‘vague and unclear’

Dubbed “The Gray Lady,” the New York Times has an international circulation, has won 127 Pulitzer Prizes and is ranked 17th in the world by circulation. But its transparency policies receive no praise from Osano.

In April, Times publisher A.G. Sulzberger wrote an article about privacy and data, admitting it was hypocritical for the paper to single out other companies’ data privacy practices when it was doing the same thing: collecting, using and sharing readers’ information.

Sulzberger also said the paper had taken steps over the past year “to increase privacy protections.” How is the Times doing so far? According to Osano, very poor with a score of 571. It notes that despite the publisher’s stance, the paper hasn’t updated its privacy policy since May 2018.

“This means they aren’t yet holding themselves publicly accountable to the internal policy changes they say they unrolled over the previous year,” according to Osano’s June listing.

Osano shows that the Times is a major harvester of personal information but its security measures are “vague and unclear.”

Scary number of ways Hyatt gets your information

Like all the companies on the Misleader Board, Hyatt gathers your personal data and discloses it to “carefully selected third parties.” But it’s the many ways Hyatt can get information on you that is more than a bit concerning.

According to its disclosure policy, Hyatt may process “information collected whilst at a Hyatt Location through the use of closed-circuit television systems, internet systems (including wired or wireless networks that collect data about your computer, smart or mobile device, or your location), card key and other security and technology systems.”

Plus, Hyatt processes voice recognition from voice assistants such as Alexa or Google Assistant. Osano said that has raised legal questions from employees and union representatives about Hyatt collecting biometric data without consent.

To get some privacy, Osano recommends that you unplug any voice assistants you may find in your hotel room and use a VPN to access the internet or bypass the hotel’s Wi-Fi system altogether. Not surprisingly, Hyatt also is in the very poor category with a score of 530.


Related: Disney takes over Hulu, a company with serious data collection issues


Other companies making the Misleader Board

Norwegian Cruise Line

Norwegian Cruise Line is the world’s third-largest cruise line and its privacy policy states that it collects data from your public records. If that’s not scary enough, remember that the cruise line already has your financial information from when you booked the cruise.

It also has access to your passport or any other government-issued documents. Norwegian states that it will share the information with its sister cruise lines, as well as “third parties that have joint or cooperative marketing arrangements with us.”

Score: 563


Osana stressed that Evite had been pinned to the board before last week’s disclosure that a hacker had stolen 10 million user records and put them up for sale on the dark web.

That incident underscored Osana’s concerns over Evite’s privacy policy that states even if you close your account “we may still retain, use and disclose information associated with your account … Evite does not give you the opportunity to remove your information from our database.”

Score: 523


Mercari is an e-commerce site similar to eBay. If you share private data with Mercari, Osana says to follow Mercari’s own advice about its privacy policy because “we will amend it from time to time as our technology services, features and business models change, so you should review our current privacy policy every time you use our service.”

Score: 566

Enterprise Rent-A-Car

Osana gave Enterprise a privacy score of Fair. The company keeps your cookies and similar data for up to three years and shares some of it with subsidiaries and business partners. That’s pretty standard. What isn’t is that now many rental cars have telematics systems that keep various data on you, including information related to your driving.

Here, Enterprise data says it’s not responsible for information collected by your car, so it advises you to “wipe” the car. Does the average person know how to do this? Will they remember? And, as Osana points out, what does Enterprise do with that data? The company isn’t saying. But at least can show you how to wipe data from a car.

Score: 630


Yes, people still rent DVDs through Redbox’s kiosks, website or app. That’s almost quaint except that the company won’t purge your information fully, even if you change it. It also doesn’t respect your browser’s do-not-track requests and shares your information with third parties.

But here’s the real scary part, Redbox’s privacy policy only covers the information you put on its site, not any other information the company collects about you on other sites. Redbox doesn’t say where it gets that additional information or what, if any, policy governs its use.

Score: 443


The polling company’s privacy policy says it can process non-sensitive and sensitive personal information, but it doesn’t tell you which information is collected. It also uses a number of third-party cookies for advertising purposes. Gallup, however, does give you the choice of whether to accept cookies.

Score: 606

Find a company’s privacy policies anytime

Trying to find a company’s privacy policy on a website can be a time-consuming task. With that in mind, in May, Osana released its Privacy Monitor, a free browser plug-in and app available for iOS and Android. With the plug-in or app, people can manage their privacy when dealing with websites and online retailers.

The plug-in and app also provide data analysis on the privacy policies of various websites. It allows users to determine how much data they want to share with websites and service providers.

Remember, it’s not just individual companies that are collecting your data. Did you know Google tracks everything you have ever purchased online? It does, but don’t worry, we can teach you how to find and delete that information.

We can also show you how to opt-out of broker sites that collect your personal data.

Ask me your digital question!

Navigating the digital world can be intimidating and sometimes downright daunting. Let me help! Reach out today to ask your digital question. You might even be on my show!

Ask Me