A New List of How Much AT&T Knows About You: Via Bits Blog - NYTimes.com .

These days AT&T knows a great deal about its customers: who they call, where they travel, what they watch on TV, what sites they visit on the Web. It has taken a new shot at explaining to them what information it collects and why in a new privacy policy that it posted Thursday morning. The policy is a draft that in 45 days will replace the 17 policies now used by its various subsidiaries.

I can hear the chorus of yawns and wisecracks already.

Privacy policies are typically little more than boilerplate that have very little to do with protecting people’s privacy or even giving them useful information to help them understand which companies to do business with. But AT&T has decided that appearing to take the high ground on privacy will help it in Washington in its battle with Google, and perhaps will improve its image among those who are angry about its cooperation with the government’s warrantless wiretapping program.

[...]

Ms. Attwood said that this effort didn’t really change AT&T’s standard for how it handles customer information but that it did make the disclosure more explicit. Even this exercise in writing may have an impact.

“Clarity brings the potential for greater scrutiny about what our privacy and our usage of data practices are,” she said. “Other companies don’t have that clarity.”

To my reading, there is in fact a directness to the policy that is often lacking. (If you are interested, read it yourself and leave your reaction in the comments.)

It has a prominent section on location information, one of the biggest new types of information being collected by cellphone companies. It makes clear that AT&T knows where its cellphone customers are and uses that information to show ads for local merchants when they check yellow pages and use other services.

The policy is certainly explicit in addressing many practices that other companies gloss over. For example, it says that AT&T buys information about customers from credit bureaus and mailing list aggregators. And it explains how it tracks users of its Web sites and then can use that data to tailor ads to them on other sites. (This came up when Ms. Attwood misspoke about this practice at a Congressional hearing.)

AT&T’s new policy even addresses the topic of that hearing directly, asserting that the company does not use technology called deep packet inspection to track the surfing behavior of its Internet customers to use in advertising. It promises to ask permission before it does so. The policy says the company is working on other ways to explain how data is used to tailor advertisements.

[...]

And the company gives itself wide authority to do most anything with data that it defines as anonymous or aggregate. That means it well create a service that would let advertisers put ads on the cellphones of “American Idol” fans in Pittsburgh who call florists more than once a week.

But interestingly, AT&T has created a rather broad definition of what is personal information, rather than anonymous information. This is important because a lot of data that some companies assert is not personally identifiable, like Internet Protocol addresses, sometimes can be used to track down individuals. AT&T says it will treat as personal “information that directly identifies or reasonably can be used to identify an individual Customer or User.” That definition forces the company to protect anything that can reasonably be used to track someone down.

Read Original Article:(Via Bits Blog - NYTimes.com .)