Our privacy: 'protected' while widely violated

Our privacy: 'protected' while widely violated
AT&T's recent mailings say they would be sharing “customer proprietary network information” with its affiliates “to offer you additional products and services.” To avoid it, you must take steps to opt out. (Matt Rourke / Associated Press)

Wanda Kramer gets her wireless service from AT&T. Her landline phone service comes via Verizon, her Internet from EarthLink and her cable TV from Time Warner Cable.

What do all these companies have in common? One answer is that they all want to share Kramer's personal information with their business affiliates.


That intent was underlined the other day when Kramer, 87, of Redlands, received a notice from AT&T declaring that "the protection of our customers' privacy is of utmost importance to the employees and management of the AT&T family of companies."

Yet despite that lofty stance, the notice went on to state that AT&T would be sharing Kramer's "customer proprietary network information" with its affiliates "to offer you additional products and services."

If Kramer didn't like that idea, she'd have to contact AT&T and opt out. Otherwise, the company would proceed as if Kramer's embrace of corporate data sharing was a given.

Verizon, EarthLink and Time Warner Cable — all other telecom companies, in fact — have nearly identical policies.

"It seems like they're all doing it, passing people's information around," Kramer told me. "It goes on and on and on."

AT&T's recent notice, required by federal regulators, serves as a reminder of the importance of staying on top of how your personal information is treated by the various telecom companies you do business with.

What the industry calls customer proprietary network information, or the even more wonky CPNI, includes numbers called, the timing and duration of calls, and the location from which calls are placed or received, as well as other information on your monthly bill.

It can help telecom companies and their affiliates know whether you'd be a good prospect for an upgraded data plan or a pricier bundle of services.

I wrote last week about the White House's modest efforts to limit use of consumer data by businesses and government agencies. Along those lines, the ease with which people's telecom info can be exploited by companies for marketing purposes highlights the challenge consumers face in keeping their personal info under wraps.

"Making people opt out is the reverse of how companies should do it," said Kent Yeargin, a Sacramento privacy consultant. "You should have to opt in before your information can be shared. You should have to give your permission."

Companies know that relatively few people make the effort to opt out of all the data sharing that goes on, so they like things just as they are.

For example, Kramer said she knows she should take steps to protect her information, but she hasn't yet done so with any of her telecom providers.

In AT&T's case, the company's notice says it won't share people's billing info "with anyone other than those who are in the AT&T family of companies or are AT&T authorized agents." But that could still include dozens of corporate entities.

AT&T also says this information "does not include your telephone number, your name or your address," as if the company wouldn't dream of sharing this information with others. But that's a crock.


The company and its affiliates obviously couldn't market to you without knowing who you are and how to reach you.

If it wanted to be clearer, AT&T should say, "This information does not include your telephone number, your name or your address, but we already know what they are so we'll just combine them with your customer proprietary network information when we try to sell you things."

Georgia Taylor, an AT&T spokeswoman, said that "customers benefit when they're able to learn about other AT&T products or services they might find useful."

She described data from people's bills as "a kind of road map" for how customers use the company's services. What device do you use? Do you text a lot? Do you have an international plan? Are there other lines on your account?

"Of course, as our customer, we know your name and address," Taylor said. "But if you opt out, we cannot use your specific 'road map' of how you use our service to market to you."

And that might not be such a bad thing. If a consumer wants a "road map" of his or her activities made available to a company's affiliates, that should be the consumer's choice.

Being required to opt out of automatic data sharing isn't a choice. It's a countermeasure.

Having to opt out again and again for every telecom company you do business with turns a minor inconvenience into a major hassle.

Consumers should be alert. Any time you see the letters CPNI in a mailing from a telecom provider, don't just toss it away. It's probably a notice that your privacy is on the line.

Federal authorities should follow up on their do-not-call list and create a do-not-share list. Consumers would list their data-sharing preferences. All telecom companies would be required to match their customer lists with the federal database.

The only downside for companies is that there's a greater likelihood customers won't want their data shared.

But remember how AT&T said in its notice that "the protection of our customers' privacy is of utmost importance to the employees and management of the AT&T family of companies"?

Put up or shut up.

David Lazarus' column runs Tuesdays and Fridays. He also can be seen daily on KTLA-TV Channel 5 and followed on Twitter @Davidlaz. Send your tips or feedback to