Privacy: What is Fanime doing with our personal info?

Started by Clareton, May 30, 2016, 07:39:31 PM

0 Members and 1 Guest are viewing this topic.

Clareton

I submitted this as feedback (http://feedback.fanime.com) but I feel like it needs to be said in the open here as well.

Fanime, please post your privacy policy regarding what you do with our personal information -- like our name, address, birth date, and email. I did at-con registration and the staff that assisted me saved all of that information in your computer. You don't need any of that for at-con registration -- not even our birth date since we still have to show our ID to enter those panels. I asked him what Fanime was doing with all of that info and he said it was for your records but was unable provide further details. (I did not expect a lowly volunteer to know the answer anyway.) I said I didn't want my info saved and he said it was required and saved it anyway.

This is very bad. There is too much identity theft and hacking going on nowadays. Please reconsider taking all of this information for at-con registration. At the very minimum, you should be disclosing what you are doing with this information, who it is being shared with, and how we can opt out.

Amanojaku

FanimeCon attended: 17 times
1999 - 2001
2006 - 2019
2022 -
https://myanimelist.net/profile/MrAmanojaku
https://www.last.fm/user/Mramanojaku

Clareton

Quote from: Amanojaku on May 30, 2016, 08:12:22 PM
Oh geez, lol.
You think the possibility of identity theft and/or stolen information is something to laugh about?

With your name, address, DOB, and email, criminals can do whatever they want. Enjoy having your credit ruined, fraudulent activities being conducted under your name, and spending years trying to repair these damages. Don't think it'll happen to you? That's what every company thinks before they get hacked...

A company's disclosure of its privacy policy is in the norm. Fanime is the odd one out here -- needlessly collecting all this information and not revealing what they are doing with it, how they are protecting this information, and how we can opt out.

Konekogami

... Fanime isn't the odd one out..  I don't know how many conventions you attend or which ones you attend.. but every single one I've been too ( to this date four different conventions) requires personal info upon registration.

Hell looking at several convention websites.. ALL of them require personal info ( Name, home address, email, sometimes phone number)

Clareton

#4
Quote from: Konekogami on May 30, 2016, 11:44:59 PM
... Fanime isn't the odd one out..  I don't know how many conventions you attend or which ones you attend.. but every single one I've been too ( to this date four different conventions) requires personal info upon registration.

Hell looking at several convention websites.. ALL of them require personal info ( Name, home address, email, sometimes phone number)
Not for at-con registration. That's only for preregistration, which requires identity verification for badge pick-up, so a company is justified in collecting that information. Your comment doesn't invalidate anything I've said thus far.

My comment about Fanime being the odd one out was referring to the fact that it is the norm for companies to disclose their privacy policy when they collect customers' personal information. Fanime does not do this. And they should.

Again, my concerns are with regards to identity theft, hacking, and the pointlessness of Fanime collecting this information and their lack of transparency/a privacy policy.

Amanojaku

Quote from: Clareton on May 30, 2016, 08:20:45 PM
You think the possibility of identity theft and/or stolen information is something to laugh about?

With your name, address, DOB, and email, criminals can do whatever they want. Enjoy having your credit ruined, fraudulent activities being conducted under your name, and spending years trying to repair these damages. Don't think it'll happen to you? That's what every company thinks before they get hacked...

A company's disclosure of its privacy policy is in the norm. Fanime is the odd one out here -- needlessly collecting all this information and not revealing what they are doing with it, how they are protecting this information, and how we can opt out.
I think paranoia over information already part of public record is something to laugh about, yes.  Let me know when they start collecting SSNs and bank account numbers.
FanimeCon attended: 17 times
1999 - 2001
2006 - 2019
2022 -
https://myanimelist.net/profile/MrAmanojaku
https://www.last.fm/user/Mramanojaku

Firefury Amahira

Quote from: Amanojaku on May 31, 2016, 12:52:50 PMI think paranoia over information already part of public record is something to laugh about, yes.  Let me know when they start collecting SSNs and bank account numbers.

Actually... this could be a serious problem, legally speaking, especially if enough people started to make a stink about it. I'm assuming that given Fanime takes place in California, the organization is also registered as a non-profit in California, and that California law applies. Particularly:
QuoteInformation-Sharing Disclosure, "Shine the Light" - California Civil Code sections 1798.83-1798.84. This law lets consumers learn how their personal information is shared by companies for marketing purposes and encourages businesses to let their customers opt-out of such information sharing. In response to a customer request, a business must provide either: 1) a list of the categories of personal information disclosed to other companies for their marketing purposes during the preceding calendar year, with the names and addresses of those companies, OR 2) a privacy statement giving the customer a cost-free opportunity to opt-out of such information sharing. Financial services companies subject to the California Financial Information Privacy Act are exempted from this law. See the Recommended Practices, pdf in relation to this law.
And:
QuoteOnline Privacy Protection Act of 2003 - Online Privacy Protection Act of 2003 - California Business and Professions Code sections 22575-22579. This law requires operators of commercial web sites or online services that collect personal information on California consumers through a web site to conspicuously post a privacy policy on the site and to comply with its policy. The privacy policy must, among other things, identify the categories of personally identifiable information collected about site visitors and the categories of third parties with whom the operator may share the information. The privacy policy must also provide information on the operator's online tracking practices. An operator is in violation for failure to post a policy within 30 days of being notified of noncompliance, or if the operator either knowingly and willfully or negligently and materially fails to comply with the provisions of its policy. This law takes effect July 1, 2004.
I just went digging around the Fanime website, and couldn't find any stated privacy policy. (Granted, I'm pretty braindead from the long drive home today and may well have missed it.) In any case, I'm pretty sure that the former would apply to data collected during at-con registration, even if the answer is "We don't share it with marketing third-parties and only retain such information to contact you and send you updates." Pretty sure the latter applies to online pre-reg, in much the same way.

Standard disclaimer: I am not a legal professional, just somebody vaguely familiar with hunting up bits on laws via Google.
"Fandom should be fun!" - Firefury Amahira
--
Looking for help writing fanfiction?

M

Speaking on official capacity as a FanimeCon Director.

* We DO NOT share any identifiable information with third party companies. This information is also very limited to internal staff (and only on a need-to-know basis).
* What we do share is a very general demographic (gender, age groups primarily).

I'll look into the privacy policy bit on our website as I thought we had one. In any case, we'll get it fixed.

For the registration fields, we had some fields (like gender) marked as required but there was a dropdown option for "Do not want to disclose" or something like that (I'm very tired from con still and can't remember the exact text).

[Edit: Got my field mixed up]
FanimeCon Head of Marketing & Director of Communications (2008-Current)
(Former Fan Services Director, Registration Staff, & Volunteer)
Have questions (about almost anything)? Message me!

Kuudere

Quote from: MPLe on June 01, 2016, 11:25:10 AM
Speaking on official capacity as a FanimeCon Director.

* We DO NOT share any identifiable information with third party companies. This information is also very limited to internal staff (and only on a need-to-know basis).
* What we do share is a very general demographic (gender, age groups primarily).

Hey! Good to see you addressing this, as I think it's important as well.

I also mentioned last year how lax the security was for our registration accounts online (the fact that you only need a zip code and email address, both very simple pieces of info to obtain, and you can gain access to more detailed information through it). I could effortlessly log into any one of my friends' accounts and review/alter their information without their consent if I wanted. I requested that maybe CMR (or whoever will be in charge of registration) consider using a user-generated password to protect this information, but that concern wasn't addressed for this year and it continued to be open for anyone to access. I'm hoping again that next year passwords are considered for online registration accounts.

M

Quote from: Kuudere on June 01, 2016, 03:16:53 PM
Quote from: MPLe on June 01, 2016, 11:25:10 AM
Speaking on official capacity as a FanimeCon Director.

* We DO NOT share any identifiable information with third party companies. This information is also very limited to internal staff (and only on a need-to-know basis).
* What we do share is a very general demographic (gender, age groups primarily).

Hey! Good to see you addressing this, as I think it's important as well.

I also mentioned last year how lax the security was for our registration accounts online (the fact that you only need a zip code and email address, both very simple pieces of info to obtain, and you can gain access to more detailed information through it). I could effortlessly log into any one of my friends' accounts and review/alter their information without their consent if I wanted. I requested that maybe CMR (or whoever will be in charge of registration) consider using a user-generated password to protect this information, but that concern wasn't addressed for this year and it continued to be open for anyone to access. I'm hoping again that next year passwords are considered for online registration accounts.

The CMR website is closed, but I remember only being able to access very basic information. Having some sort of lock (not sure if password, some sort of security question, or what) is something that we're going to address.
FanimeCon Head of Marketing & Director of Communications (2008-Current)
(Former Fan Services Director, Registration Staff, & Volunteer)
Have questions (about almost anything)? Message me!