New privacy research reveals the alarming reach of our
digital footprint, with some companies' client files
extending to records of casual chats with staff, social media
"friends" and deleted CVs.
Seventy-five media studies students made Privacy Act requests
for data held on them by banks, social media companies and
loyalty cards. It generated a treasure trove of personal
information stored by companies such as Trade Me, FlyBuys and
One Card - much of it without the individual's knowledge.
"One student was shocked to read, in her gym file, detailed
notes on conversations she'd had with the receptionist,
including information on her boyfriend and stress she's been
experiencing about exams," says a report on the project.
Another found that a website kept a list of all the people
she had claimed to be in a relationship with long after she
had deleted the information.
"Likewise, a student found Trade Me Jobs stored information
such as CVs and cover letters for a period of time after they
had been 'deleted'."
Lecturer Kathleen Kuehn, who set the assignment in her
third-year course on media, technology and surveillance at
Victoria University in Wellington, said most students were
surprised by the quantity and types of personal information
held about them.
One found their bank held information on a conversation on
"life's future plans and dreams", Dr Kuehn said.
"I wanted the students to analyse how they participate in
different types or modes of surveillance in their everyday
lives, and get them thinking about why privacy matters."
She also found that categorising people based on data
collected about them could limit their opportunities.
Trade Me's communications and community officer, Paul Ford,
"we store information 'behind the scenes' in our database
once the member has deleted it. This is held for a maximum of
62 days and then it is permanently deleted".
He said the policy's wording was being changed to clarify
this, because it was at present vague.
The Office of the Privacy Commissioner received 824
complaints in the 2012/13 financial year. Typically more than
60 per cent of complaints are from people seeking access to
their personal information.
NetSafe chief technology officer Sean Lyons said "deletion"
of computer files meant different things to different people
and users of a website should check its terms and conditions.
"If you think you're deleting something, you possibly need to
check what delete means."
Many people professed concern about privacy, but often easily
waived it online. Joining a new website was when a user could
most easily impose limits on sharing, he said. "It becomes
hard to retroactively take that back and say, 'I don't want
to do it'."
Digital footprint not easy to retrace
Courtney Reynolds knows she's striking a commercial deal with
internet companies when she relinquishes her privacy online.
"The information I'm giving up, I'm giving up for a certain
benefit," says the fourth-year Victoria University law and
arts student. That payback includes services such as free
As part of a media studies assignment investigating a
person's digital footprint, she wrote to one small business
and two big ones, seeking her personal files.
The small one, a local gym, seemed unfamiliar with such a
request but was co-operative and the regional manager quickly
sent Miss Reynolds a copy of her gym contract.
"I have to scan in with my key ring each time I go to the
gym. She [the manager] sent a screen shot of my window that
pops up when I scan in. It's got the number of times I was at
the gym - the days, dates and times I scanned in."
But with the big companies, Miss Reynolds was surprised at
how little progress she made.
"You're spoken to by call centre operators and there's no way
of getting to the people who deal with the information."
The 23-year-old says she is now clearer about who she will
give her information to.
"I'm less willing to give information to the companies that
are less willing to give it back."