Online contact details Plaxo/Accucard – are they secure?

I’ve had a few people using some of these online contact / address books such as Plaxo and now more recently Accucard/Accuscan.  Now these services purport to keep all your contact details in a secure environment for everyone you wish to add.  They also cross reference your details between you and other people that have stored your contact details in their files too.  So the question is – with so many people using these now, how secure do you think they really are?  Also have you thought about the fact that once you have stored your details or those of your contacts there, what these services could potentially do with them?  Spammers?  Just thinking….


Your comments?

9 thoughts on “Online contact details Plaxo/Accucard – are they secure?

  1. Wayne – These are all important questions you are asking and the types of issues that everyone should consider before using any type of service. I am the Privacy Officer here at Plaxo responsible for addressing Privacy, Security, and Trust issues pertaining to the usage of Plaxo, and while I can’t speak for the other services, I can at least tell you how Plaxo operates.

    Regarding the security safeguards in place at Plaxo, we’ve outlined them on our site at: http://www.plaxo.com/privacy/security_safeguards. In general, we use industry-proven physical, electronic, and procedural safeguards used by banks, Fortune 500 companies, and other proven Internet services.

    As for our Privacy Practices, there are also detailed within our Plaxo Privacy Policy (http://www.plaxo.com/privacy/policy). They are summarized by 6 basic privacy principles:

    – Your Information is your own and you decide who will have access to it.

    – You maintain ownership rights to Your Information, even if there is a business transition or policy change.

    – You may add, delete, or modify Your Information at any time.

    – Plaxo will not update or modify Your Information without your permission.

    – Plaxo will not sell, exchange, or otherwise share Your Information with third parties, unless required by law or in accordance with your instructions.

    – Plaxo does not send spam, maintain spam mailing lists, or support the activities of spammers.

    If you think about it, storing one’s information within Plaxo is really no different than the 100M+ users of Yahoo! or MSN or AOL, etc… who store similar type information in those respective services. But we understand that since our service is so focused on contact management that the privacy and security issues become very apparent. But these issues are really the same for all services.

    And we also understand that ensuring the privacy and security for both members and non-members is paramount to our success. We believe we have established some of strongest privacy and security practices in place in the industry, even when compared with other services such as Yahoo!, MSN, or AOL. The links I have provided you are our public statements of these practices to allow people to judge our actions against our words and decide for themselves.

    I hope this helps, but if you have any further questions or comments, please let me know.

    Thank you,

    Stacy Martin

    Plaxo Privacy Officer

    privacy @t plaxo.com

  2. Stacy,

    Thanks for your comments on this. I will start off by saying that I am not intending to target Plaxo or Accucard directly but these are the only two services that I am aware of directly that provide such an interwoven set of contact links between unrelated parties. I should also say that I am NOT suggesting specifically that Plaxo WOULD misuse my details stored there. More the point that my details COULD be misused in some fashion. The concept that in a central location such as Plaxo or Accucard, you could have so much contact information would to me be a red flag from a security perspective. One would think that it would be a tought job working as a security officer for one of these companies as it would make an ideal target for anyone searching for good information on a person. What would it take for the phishing scammers of the world to start to mimic the Plaxo email saying "click here to confirm your details" oh and add your bank account and PIN number while your at it. I appreciate your feedback – thank you. However I may be just a little paraniod for a while longer.

    Thanks Stacy

  3. There have certainly been a number of debates on this issue and believe me in the world of Accountants some heated debates. I am THRILLED to see the above comment from Stacy. I do respond to Plaxo requests mostly because my name is ALL over the internet and so is my families as my father was a researcher at NIH and published a ton of papers.

  4. Anne,

    My name too is all over the internet – that’s not what concerns me here. What concerns me here is that some of these facilities allow the user to store more information on the contact such as home phone number etc. Now these details are what I consider private – ok so my home phone number IS listed – but what if it was a private/silent number that I had given to you alone… would that mean that once you added it to your contact that it would be updated with all other people that have my contact details with that provider? I must confess I’ve not played with the services enough to know, but it’s one of the concerns that I have.

    Thanks Anne

  5. Wayne – I realize that you are not targeting Plaxo and hopefully I didn’t come across as defensive. I think it’s great when people raise the discussion and I find that paranoia can be a healthy thing.

    I also wanted to add that information maintained within one Plaxo member’s address book is NOT shared with any other Plaxo member. If someone responds to an Update Request, the information provided is only used to update the corresponding address book entry maintained by the requesting Plaxo member.

    Plaxo can also help to automatically update other Plaxo members when a Plaxo member changes their own contact information. For example, if you were a Plaxo member and you changed your home phone number, Plaxo could update other Plaxo members that you have given permission to view this information and who were "connected" to you. If you’ve not given any other Plaxo member access to view this information, Plaxo will take no action. But if you had, the update would occur automatically, without the need to send anyone an email message.

    Thanks again. – Stacy Martin

  6. Thanks again for more clarification Stacy – I appreciate the effort you’ve gone to to explain this. However despite this I still don’t feel comfortable. Maybe it’s just me – maybe I am a little too paraniod about some things.

    Wayne

  7. Hi Wayne,

    I have had a few clients who use Plaxo in the past. I have asked to have my details removed from the Plaxo system as I personally do not trust external parties with my data – despite the guarantees they give, how can we KNOW what will happen with the data. We all know of the many high profile sites that have been compromised, and the release of confidential data to the public through these breaches.

    If *I* place my details there, then I do it knowing full well what may happen. However I have no control over what others do with my details except being able to request removal of my details from these systems (Plaxo and whatever else – not targeting Plaxo specifically here).

    Again, *I* am not comfortable with these services and I have in the past and will continue in the future to request anyone I see who uses these services to remove my contact and other details from these systems. If I lose a client over this, then that’s something I am willing to do.

    Regards,

    HiltonT

  8. I have just found out that a vendor of mine has used Accucard to store my information WITHOUT MY PERMISSION.

    If Plaxo/Accucard are so "above board" the least they could do is to notify the contacts and gain their permission.

  9. Does accucard restrict updates to the requesiting person’s database as well or is it then available to all accucard users?

Leave a Reply

Your email address will not be published. Required fields are marked *