Leading websites in Canada are inappropriately leaking registered users' personal information.
Research by the Office of the Privacy Commissioner of Canada has found these websites are leaking all sorts of private data—including names, email addresses and postal codes—to third-party sites such as advertising companies. All without consent of the users.
"The research findings raise concerns for the privacy rights of Canadians. Web leakage can involve the disclosure of personal information without an individual's consent—or even knowledge," says Privacy Commissioner Jennifer Stoddart. "Our research also raises questions about compliance with Canadian privacy law in the online world."
The research identified "significant privacy concerns" with 25% of the sites tested. According to the commissioner's office, websites are disclosing information to third parties without the knowledge or consent of the people affected, and are possibly violating federal privacy law.
For example, the research showed that when people registered to receive promotions from a shopping site, their email address, username and city were disclosed to a number of analytics and marketing firms. In some cases, the leaks did not keep with statements made in the organizations' privacy policies.
The commissioner chose not to reveal the website names—yet, anyway. She says only that "the sites examined are among the most popular sites targeted to Canadians and represented a range of sectors, including media, shopping and travel services. All are sophisticated websites operated by large organizations which account for billions in combined annual revenues."
Commissioner Stoddart has written to 11 organizations to ask them to provide information about their practices, and, where appropriate, to explain how they will correct any problems to ensure compliance with privacy law.