Originally Posted by Suddenly Newton
Credit card companies can't sell your security questions or any other identifying information to "a vendor." All financial institutions are bound by the law with regards to how they handle and safeguard your private information, who they can share that information with and what those firms can do with it. Financial institutions are also required by law to disclose (to you - usually in a mailed letter) with whom and under what circumstances they can share your private information, and what you can opt out of sharing.
If your credit card company really did share your security question answers with "a vendor," then you can sue them in federal court for violating the privacy rules of the Gramm-Leach-Bliley Act. A serious offense that carries punitive damages for any financial institution. In all likelihood, that isn't what happened.
It still happens whether "the law' says it can't.
Equifax violates privacy laws:
Transunion violates privacy laws
Teletrax violates privacy laws.
Each of those first three were selling your personally identifiable credit files to advertisers/marketers, the law be damned.
There's also this sloppiness:
Cbr Blood Bank violates privacy laws
PLS Financial violates privacy laws
CVS Pharmacy violates privacy laws
Worse is that all the violations I've linked above involved real names connected to real private information. It included names, addresses, SS#'s and more all ending up with 3rd parties without your consent. The data was not "anonymized" in any way, nor was there any attempt to do so. Google was never accused of privacy violations on that scale, tho they're just as bound to FTC consent decrees as the others.
Why fear Google who's under the FTC's thumb but not fear the credit reporting agencies, banks, insurance companies or other financial and health reporting companies? Delivering targeted ads is hardly as worrysome as what Equifax, TransUnion or Cbr did. But yet you trust the credit and health agencies to handle your very personal financial and health information in accordance with your expectations "because it's the law"?
Google sells ad delivery, not you or your personal information. The credit agencies literally sold personal credit files, real names, real Social Security numbers, real addresses and all, just to make a few bucks. Which should you really fear, a pertinent ad on a web page or a folder handed over with your name and address on it?
Edited by Gatorguy - 2/24/13 at 3:30pm