When Private Information Isn’t

Personal information is the fuel that powers Facebook, Twitter, Myspace, and the other social networks, attracting users and advertisers alike. But privacy activists and regulators are taking a close look at the way all that information is collected, used, and protected, and this scrutiny could result in strict rules for network operators.

These watchdogs are finding that operators have repeatedly left personal information and subscriber data vulnerable, leading to highly visible privacy snafus that exposed users to the risk of embarrassment, identity theft, or even stalking. In February of last year, for example, Google launched its social-networking service Buzz with default settings that revealed whom users were e-mailing frequently. (Google was forced to make a settlement with the U.S. Federal Trade Commission, requiring it to submit to independent privacy audits for the next 20 years.) Then, in June, a hacker exploited a bug to capture the names and profile photos of approximately 70 percent of Foursquare users in the San Francisco area over a three-week period, regardless of privacy settings. Similar problems and allegations have plagued other social-media websites.

State and federal legislation has been proposed to address these issues. A bill in Congress would greatly expand the FTC’s ability to regulate online privacy, defining e-mail addresses and precise geographical locations as personally identifiable information that must be adequately protected and compelling companies to get permission before they can collect medical and religious data.