This was obvious both in dealings with my College and with USA Triathlon, the governing body for the sport of triathlon in the United States. The former ended up handling it very professionally, the latter not so much. Well, not at all actually.
And ultimately, how an organization handles the situation can go a long way.
Companies often try to stand behind legislation they don’t understand. In 2011, Florida State College cancelled two courses for which I had registered after attendance levels were lower than what would allow them to hold the classes. Understandable. Rather than refunding my tuition to my AMEX, they sent my personal information to a bank in Connecticut that opened a secured, pre-paid credit card in my name, mailing it to me along with instructions on how to activate it.
The bank, Higher One, is no stranger to complaints. Even consumer groups warn students to avoid them for reasons such as their $19 monthly fee for cards that are not used for transactions. Students have protested the use of Higher One for some time and a few have even gone so far as to file a couple lawsuits against the company, resulting in the return more than $11 million in 2012 and more than $16 million in 2013 to students for unfair and deceptive practices following FDIC investigations. Congress, the Consumer Financial Protection Bureau, and the Department of Education are all becoming more involved as they continue to field complaints about the issues.
After a couple of emails telling me I had to use the card, I included the President of the College in my final email explaining what course of action I planned to take, including contacting the Chancellor of State Colleges and potentially a private attorney. Amazingly, I got a really well-written letter from a Vice-President a day later explaining not only that they should have refunded my payment to the AMEX and that this would be done, but assuring me that they had already contacted Higher One and that they agreed to remove my information from their systems. The letter was superbly-written and in the end, my impression of FSCJ was much better than it had been for the previous couple of weeks.
By contrast, USA Triathlon plainly gives its members tools to indicate their marketing preferences; they just don’t honor them. Worse, complaints about this are either handled dishonestly or ignored completely. All triathletes who register for a sanctioned triathlon in the United States are required to be a member of USAT for at least the day of the event. Most athletes seek an annual membership ($40) rather than pay $10 for a single day. USAT requests personally-identifiable and/or sensitive information from them for several reasons, ranging from standard contact information to personal details for a family member (or other emergency contact) as well as education levels and income ranges for statistical purposes. In addition to providing this information, I also indicated that I did not want to receive any marketing emails, nor did I want them sharing my information with other parties.
I started getting unsolicited emails from a USAT coach here in Florida last Fall and used the unsubscribe link in her email to request that she stop sending me emails. When I received another a few weeks later, the unsubscribe text at the bottom was blue and underlined, but no longer included a link to unsubscribe. After emailing the coach to ask that she stop contacting me, I checked my marketing preferences and emailed USAT, who advised they confirmed my profile was set correctly (no kidding, seriously) and assured me they would have the coach purge my information. The coach later wrote me confirming she had removed me from their database.
A few weeks later, another email from the coach arrived encouraging me to consider a training session she had coming up. My subsequent email to USAT has gone unanswered, with no response from the membership coordinator or the two members of her executive team that I included on the correspondence. Not really the smartest way to respond to an inquiry regarding the misuse of personal data belonging to a paying member of your organization.
Whether USAT routinely mishandles member information or if it gives its coaches special access to it and this particular coach used information in a manner she wasn’t supposed to, well, who knows? It would require a response from the organization to know this, wouldn’t it?
Ultimately, my goal is for fewer organizations and companies to have my information. Optimally, I’d like to know when they store it and exactly what they store, and I’d appreciate some level of control over the sharing of this data. Some entities afford you these very reasonable things, whereas others do not. Worse, some like USAT, give you the false security of thinking you have control over them only to find out they betray your trust anyway.