Social networking site divulges child's personal data
The CEO of Reunion.com, which just bought a huge database from a private supplier, has 'no idea' how the information got online.
Jane Yang, a 30-year-old marketing coordinator, was curious the other day to see what would turn up if she searched for herself on Reunion.com, a Los Angeles-based social networking site.
Sure enough, there was her name, which didn't bother the Oregon resident all that much. Nor was she particularly troubled that her husband's name was included under her "Friends & Family."
What did startle Yang was seeing the name of her 4-year-old son.
"That made me really, really angry and really worried," Yang told me. "I'm scared about predators out there."
The incident serves as a cautionary tale for anyone who thinks kids' personal information is excluded from the data smorgasbord that is the Internet. As Yang discovered, there's no telling what can turn up as vast databases of sensitive information are bought and sold by private companies.
Reunion.com's privacy policy says the site "prohibits registration by and will not knowingly collect personally identifiable information from anyone under 13." But that doesn't address the site's own data-gathering.
Jeff Tinsley, Reunion.com's chief executive, said the company recently purchased records on millions of people from a data broker. But he said the broker, which he declined to identify, was instructed not to include anyone under 18.
"We have no idea how this happened," Tinsley said.
After seeing her son's name online, Yang, who wasn't a Reunion.com member, called the company to find out what was going on. She was especially distressed that the listing for her husband's name included the family's town, Beaverton -- not the sort of information she wanted anywhere near her son's identity.
Yang said a service rep told her that the site receives its information from public databases.
What databases? Yang said the rep couldn't answer that.
A supervisor came on the line. Yang said she was told that her son's name probably came from state vaccination records or from the Centers for Disease Control and Prevention. This is common, Yang recalled the supervisor telling her.
Actually, no.
"This is absolutely not the case," said Lorraine Duncan, who heads the Oregon Public Health Division's immunization program. "We have an administrative rule that says only authorized users, such as doctors, can access these records."
California has a similar policy.
Duncan also said federal officials at the CDC have no records of individual kids being immunized at the state level.
