What Privacy Policy?

In response to a survey answered by 500 privacy and 900 marketing executives in industries ranging from health care to financial services, more than a third of marketing execs said they don't place any limits on the data they share with third parties, such as e-mail marketing agencies or online advertisers. By contrast, 75% of privacy officers believe that their companies limit the sharing of customer data.

More specifically, 80% of marketers said their organizations share e-mail addresses with third parties, compared with 47% of security and privacy officers. Other examples: 65% of marketers said they would distribute a customer's cellphone number, while 47% of privacy execs believe their companies banned the practice. Forty-five percent of marketers believe their companies shared credit card data, compared with 32% of privacy officers, and 29% of marketers believe their firms distribute social security numbers, compared with 7% of privacy professionals.

That disconnect may be one source of the annoying spam that plagues inboxes. Just 44% of marketers surveyed believe their organizations were in compliance with the CAN-SPAM act, a law that requires marketers to request permission to send email messages, disclose the messages' source and offer an opt-out function. Forty percent of marketing execs who responded weren't sure whether their companies followed the law.

Paul Bates, managing director of StrongMail UK, said: "Businesses have a moral, ethical obligation to keep private, personal customer data safe and secure.

"They should not be handing it out to third parties in the hope of making a fast buck. If they choose to do this, and then lose customer data, then they should at least be obliged to admit it."