April 15, 1999 5:00 AM PDT
Nissan privacy goof exposes email addresses
In what Nissan called a "technical error," the automaker sent the addresses of those who had filled out a form on its Web site to every address on the list. Every customer who signed up for Xterra information received the list, according to Nissan spokeswoman Trina Lagod.
The mass mailing was an "inadvertent error," and the company sent out an apology letter yesterday afternoon to everyone who received it, according to Gerry Tschopp, manager of corporate news at Nissan. The company had not yet identified the cause of the error, he said.
"This has never happened to us before," Tschopp said.
But the act of "cluelessness"--as one privacy advocate put it--stands out as latest in a series of recent privacy breaches from companies such as Yahoo, Excite, and Microsoft. And it comes at a time when members of Congress are preparing several bills aimed at regulating online privacy.
Tschopp said that despite the number of email addresses contained in the message, the company had not received many complaints about it. Pointing out that the customers affected had requested to be on the mailing list, he said he "didn't know" if Nissan had violated customers' privacy.
"I don't know how or if people are upset," Tschopp said.
One person who received the email, a Bellevue-based software engineer, said the glitch was both upsetting and amusing. When he tried to notify Nissan about the problem, he said, he got little response.
"I tried calling them twice," he said. "They just kind of seemed nonchalant about it." He also suggested that the mailing could lead to further privacy problems for those on the list.
"If somebody's an entrepreneur, they could clean up," he said. "They could sell those emails to a demographic."
Jayson Catlett, president of Junkbusters, an anti-spam and privacy organization, said Nissan itself might be hurt by the mass mailing. Businesses often sign on to receive information from their competitors, Catlett said, and Nissan's competitors could have received the list of addresses.
"Although it's not likely that they would turn around and spam those names, they could do some demographic and psychographic analyses of the people who signed up," Catlett said.
Because Nissan does not have a privacy statement on its Web site, there probably was not any legal violation of privacy, Catlett said. Still, he said, Nissan and other companies should do more to protect customers from their "local pockets of cluelessness."
"Companies really need to establish policies and procedures for email communications that prevent this kind of snafu," Catlett said.
Mark Rotenberg, executive director of the Electronic Privacy Information Center, said the mass mailing was a breach of customers' confidence. It's unlikely that Nissan would make the same mistake again, he added, but consumers need to be careful about what they disclose online.
"If nothing else, it makes people who went to the Nissan Web site think twice about doing that again," Rotenberg said.