What does a major national newspaper, a cruise line and a hotel giant all have in common? Sadly, they are among a group of companies being dinged for not doing enough to protect your personal data. In fact, according to a new report, they make up the lowest of the low in terms of privacy.
Every month, Texas-based Osano releases its Data Privacy Misleader Board, which lists companies that do a poor job of collecting and using consumer data. Osano began the list in April this year and major corporations such as Disney, Hulu and Delta Air Lines have made the list.
There is a new crop of companies in the hot seat for June’s Data Privacy Misleader Board, which rates companies on a scale from 300 — the worst — to 850 — the best. There are some very big names on this month’s list.
Dubbed “The Gray Lady,” the New York Times has an international circulation, has won 127 Pulitzer Prizes and is ranked 17th in the world by circulation. But its transparency policies receive no praise from Osano.
In April, Times publisher A.G. Sulzberger wrote an article about privacy and data, admitting it was hypocritical for the paper to single out other companies’ data privacy practices when it was doing the same thing: collecting, using and sharing readers’ information.
“This means they aren’t yet holding themselves publicly accountable to the internal policy changes they say they unrolled over the previous year,” according to Osano’s June listing.
Osano shows that the Times is a major harvester of personal information but its security measures are “vague and unclear.”
Scary number of ways Hyatt gets your information
Like all the companies on the Misleader Board, Hyatt gathers your personal data and discloses it to “carefully selected third parties.” But it’s the many ways Hyatt can get information on you that is more than a bit concerning.
According to its disclosure policy, Hyatt may process “information collected whilst at a Hyatt Location through the use of closed-circuit television systems, internet systems (including wired or wireless networks that collect data about your computer, smart or mobile device, or your location), card key and other security and technology systems.”
Plus, Hyatt processes voice recognition from voice assistants such as Alexa or Google Assistant. Osano said that has raised legal questions from employees and union representatives about Hyatt collecting biometric data without consent.
To get some privacy, Osano recommends that you unplug any voice assistants you may find in your hotel room and use a VPN to access the internet or bypass the hotel’s Wi-Fi system altogether. Not surprisingly, Hyatt also is in the very poor category with a score of 530.
Related: Disney takes over Hulu, a company with serious data collection issues
Other companies making the Misleader Board
Norwegian Cruise Line
It also has access to your passport or any other government-issued documents. Norwegian states that it will share the information with its sister cruise lines, as well as “third parties that have joint or cooperative marketing arrangements with us.”
Osana stressed that Evite had been pinned to the board before last week’s disclosure that a hacker had stolen 10 million user records and put them up for sale on the dark web.
Osana gave Enterprise a privacy score of Fair. The company keeps your cookies and similar data for up to three years and shares some of it with subsidiaries and business partners. That’s pretty standard. What isn’t is that now many rental cars have telematics systems that keep various data on you, including information related to your driving.
Here, Enterprise data says it’s not responsible for information collected by your car, so it advises you to “wipe” the car. Does the average person know how to do this? Will they remember? And, as Osana points out, what does Enterprise do with that data? The company isn’t saying. But at least Komando.com can show you how to wipe data from a car.
Yes, people still rent DVDs through Redbox’s kiosks, website or app. That’s almost quaint except that the company won’t purge your information fully, even if you change it. It also doesn’t respect your browser’s do-not-track requests and shares your information with third parties.
Find a company’s privacy policies anytime
The plug-in and app also provide data analysis on the privacy policies of various websites. It allows users to determine how much data they want to share with websites and service providers.
Remember, it’s not just individual companies that are collecting your data. Did you know Google tracks everything you have ever purchased online? It does, but don’t worry, we can teach you how to find and delete that information.
We can also show you how to opt-out of broker sites that collect your personal data.