NYC Midnight : Creative Writing & Screenwriting Homepage
Forum Home Forum Home > GENERAL DISCUSSION > Creative Writing Corner
  New Posts New Posts RSS Feed - FFC  Registration - New "Requirements"
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

FFC Registration - New "Requirements"

 Post Reply Post Reply Page  12>
Author
Message
nixie View Drop Down
NYC Midnight Black Belt
NYC Midnight Black Belt
Avatar

Joined: 01 Aug 2015
Location: Seattle, WA
Status: Offline
Points: 8465
Post Options Post Options   Thanks (3) Thanks(3)   Quote nixie Quote  Post ReplyReply Direct Link To This Post Topic: FFC Registration - New "Requirements"
    Posted: 10 May 2019 at 12:40am
So... I clicked the pretty button to register for FFC. Looks like they have switched registration engines. Shiny.

And then I got to the second screen.

Apparently, we are now *required* to record gender and date of birth in order to enter.

So - name, address, date of birth, gender - and then fork over a credit card number. And store them all... where, exactly? I mean, I'm sure it's all very secure - cuz we know NYCM is very high-tech. Oh, wait...(<cough> forums <cough>)

Once I was done with the "Oh, *hell no, you aren't storing enough info for identity theft," I then went on to wonder, "why exactly is it that you need this information, anyway?"  Absolutely nothing about the contest/transaction requires that information.

Some of y'all won't worry about that a bit.  Me - I work in IT.  Daily news of data breaches and data grabs (Cambridge Analytica, anyone?) are part of my life. So the idea of a company suddenly not just asking for but *requiring personal data unrelated to my business relationship with them, with no explanation makes me unhappy.

At a guess, I'd say their shiny new registration engine had those as defaults, and someone just did a careless job of reviewing that process and thinking it through.  

I dropped them a note expressing my concerns, asking why this data is being gathered, how it is being stored/secured and how long it is being kept, and whether there is an alternate registration method that does not require surrendering this data. 

For those that are interested - I'll pop back here and share the answer when I get it.  if it's just a careless rollout of a new tool (cuz we know that happens here sometimes ;) ), then hopefully they will go yank those fields off the form and we can forget all about it.

But for those of you who have concerns about data privacy...



Edited by nixie - 10 May 2019 at 12:53am
Back to Top
Sponsored Links


Back to Top
ChillyToez View Drop Down
NYC Midnight Addict
NYC Midnight Addict
Avatar

Joined: 06 May 2019
Location: North Pole
Status: Offline
Points: 891
Post Options Post Options   Thanks (1) Thanks(1)   Quote ChillyToez Quote  Post ReplyReply Direct Link To This Post Posted: 10 May 2019 at 7:41am

I noticed the rules stated: "No one under the age of Eighteen (18) years may
enter the 1st Round of this Contest (absent appropriate parental written consent and good cause shown therefore in the LLC’s sole discretion);"

So I assumed that was why the DOB thing was in the registration. The gender ask was a little odd though. 

As a data minded individual myself, I might have misgendered myself and--ahem--shaved off a few years when registering. I mean if there is a data leak, the fact that they have my cc and address is bad enough.

Also, it was fun for the flash of a New York minute, to be in my 20's again. #dadjoke #sorrynotsorry



Edited by ChillyToez - 10 May 2019 at 7:41am
Back to Top
nixie View Drop Down
NYC Midnight Black Belt
NYC Midnight Black Belt
Avatar

Joined: 01 Aug 2015
Location: Seattle, WA
Status: Offline
Points: 8465
Post Options Post Options   Thanks (1) Thanks(1)   Quote nixie Quote  Post ReplyReply Direct Link To This Post Posted: 10 May 2019 at 8:52am
Originally posted by ChillyToez ChillyToez wrote:


Also, it was fun for the flash of a New York minute, to be in my 20's again. #dadjoke #sorrynotsorry


Rofl

If they are validating ages, they can as easily have a check box for "I affirm that I am over the age of 18 [or legal age of majority in my country, which allows me to sign a contract on my own behalf."

*That* can't be used for identity theft ;)
Back to Top
ChillyToez View Drop Down
NYC Midnight Addict
NYC Midnight Addict
Avatar

Joined: 06 May 2019
Location: North Pole
Status: Offline
Points: 891
Post Options Post Options   Thanks (1) Thanks(1)   Quote ChillyToez Quote  Post ReplyReply Direct Link To This Post Posted: 10 May 2019 at 9:17am
Originally posted by nixie nixie wrote:

If they are validating ages, they can as easily have a check box for "I affirm that I am over the age of 18 [or legal age of majority in my country, which allows me to sign a contract on my own behalf."

*That* can't be used for identity theft ;)

indeed! I just meant bc of the eligibility requirements that it didn't immediately jump out as suspicious to me until they started asking about my downstairs bits/gender identity. Whist I'm complaining, I also object to the very binary options.


Edited by ChillyToez - 10 May 2019 at 9:22am
Back to Top
nixie View Drop Down
NYC Midnight Black Belt
NYC Midnight Black Belt
Avatar

Joined: 01 Aug 2015
Location: Seattle, WA
Status: Offline
Points: 8465
Post Options Post Options   Thanks (0) Thanks(0)   Quote nixie Quote  Post ReplyReply Direct Link To This Post Posted: 10 May 2019 at 11:17am
Originally posted by ChillyToez ChillyToez wrote:


indeed! I just meant bc of the eligibility requirements that it didn't immediately jump out as suspicious to me until they started asking about my downstairs bits/gender identity. Whist I'm complaining, I also object to the very binary options.

The list I saw had three options, not two - M / F / "Other". While a bit ungraceful, I can understand that providing for every possibility makes for a long list to maintain, and ensures something/someone will get missed and feel targeted by the oversight/lack of awareness, so "other" seemed like an attempt to acknowledge that two was not the magic number...
Back to Top
ChillyToez View Drop Down
NYC Midnight Addict
NYC Midnight Addict
Avatar

Joined: 06 May 2019
Location: North Pole
Status: Offline
Points: 891
Post Options Post Options   Thanks (0) Thanks(0)   Quote ChillyToez Quote  Post ReplyReply Direct Link To This Post Posted: 10 May 2019 at 11:32am
Originally posted by nixie nixie wrote:

Originally posted by ChillyToez ChillyToez wrote:


indeed! I just meant bc of the eligibility requirements that it didn't immediately jump out as suspicious to me until they started asking about my downstairs bits/gender identity. Whist I'm complaining, I also object to the very binary options.

The list I saw had three options, not two - M / F / "Other". While a bit ungraceful, I can understand that providing for every possibility makes for a long list to maintain, and ensures something/someone will get missed and feel targeted by the oversight/lack of awareness, so "other" seemed like an attempt to acknowledge that two was not the magic number...

Cool. I did not see an option for other! 
Back to Top
jennifer.quail View Drop Down
NYC Midnight Black Belt
NYC Midnight Black Belt


Joined: 07 Feb 2018
Status: Offline
Points: 2587
Post Options Post Options   Thanks (0) Thanks(0)   Quote jennifer.quail Quote  Post ReplyReply Direct Link To This Post Posted: 10 May 2019 at 11:52am
When setting my birthday, I had the "wrong" year for a minute and when it's there, it brings up a box that requires parental/guardian consent and while I didn't experiment/have a convenient child to use as a test subject I think it won't allow you to proceed without an adult's information. I suspect it's an attempt to be more secure than the easily-lied-to ticky box with "I promise I'm over 18". You could still lie, but if you win money the name/birthdate being fraudulent would trip you up (at least the first prize I assume triggers a 1099.) In that case you aren't just checking a box incorrectly, you have to willfully input fake information.
Back to Top
ChillyToez View Drop Down
NYC Midnight Addict
NYC Midnight Addict
Avatar

Joined: 06 May 2019
Location: North Pole
Status: Offline
Points: 891
Post Options Post Options   Thanks (0) Thanks(0)   Quote ChillyToez Quote  Post ReplyReply Direct Link To This Post Posted: 10 May 2019 at 3:37pm
Originally posted by jennifer.quail jennifer.quail wrote:

if you win money the name/birthdate being fraudulent would trip you up (at least the first prize I assume triggers a 1099.)

You don't put your birth date on a 1099. But it does require a ssn (which thankfully the nosy registration form didn't ask for!)  So I expect winners get contacted by NYCm for their info...
Back to Top
nixie View Drop Down
NYC Midnight Black Belt
NYC Midnight Black Belt
Avatar

Joined: 01 Aug 2015
Location: Seattle, WA
Status: Offline
Points: 8465
Post Options Post Options   Thanks (0) Thanks(0)   Quote nixie Quote  Post ReplyReply Direct Link To This Post Posted: 10 May 2019 at 4:45pm
Originally posted by jennifer.quail jennifer.quail wrote:

When setting my birthday, I had the "wrong" year for a minute and when it's there, it brings up a box that requires parental/guardian consent and while I didn't experiment/have a convenient child to use as a test subject I think it won't allow you to proceed without an adult's information. I suspect it's an attempt to be more secure than the easily-lied-to ticky box with "I promise I'm over 18". You could still lie, but if you win money the name/birthdate being fraudulent would trip you up (at least the first prize I assume triggers a 1099.) In that case you aren't just checking a box incorrectly, you have to willfully input fake information.

Good logic.  I'd extend it a bit farther.  The Participation Agreement is a legal contract.  The registration is a de facto acknowledgment of that contract - by registering, you are effectively signing (agreeing to) the contract terms.  Wilfully and knowingly presenting fraudulent information as a part of that process may constitute fraud - and certainly is grounds for contract revocation. 

So - ticking the check box is just as enforceable, under civil law, as providing the date. (one of the reasons these are unmarked by default is because in court, pointing out that you couldn't have missed it, but had to actively click, is part of the success strategy.)  It has the same contractual obligation and consequence, but achieves it without storing PII and subjecting the contestant to potential impact of data breach. 

(also noted: in the event of data breach, New York State law appears to require only that *residents of New York* be notified. So the other 95% of us might never even know it had occurred...)


Edited by nixie - 10 May 2019 at 4:46pm
Back to Top
nixie View Drop Down
NYC Midnight Black Belt
NYC Midnight Black Belt
Avatar

Joined: 01 Aug 2015
Location: Seattle, WA
Status: Offline
Points: 8465
Post Options Post Options   Thanks (2) Thanks(2)   Quote nixie Quote  Post ReplyReply Direct Link To This Post Posted: 10 May 2019 at 5:50pm

Gotta say this for Charlie - I do believe he tries to learn from the feedback. While NYCM is a small business and has its bumps, I do believe they sincerely try to be the best they can every step of the way.  (Just the other day, friends and I were discussing Fiction War.  And that comparison is one more reason we love NYCM)

Gotta say though - I honestly don't ever recall providing my birthdate to NYCM before, nor did anyone else I asked initially.  I wonder if they *thought eventbrite had it marked mandatory and it wasn't...?  Anyone else remember back that far?



Response

Hi Diana,

Thanks for your email.  We did switch recently from Eventbrite to a new secure online form, but just so you know, we have always asked for the DOB and gender in our registration forms as far back as 2010.  These fields have always been required as well.  We use the DOB to determine if the participant is 18 years of age or older as well as for demographic purposes which is also why we ask for gender.  We only use these numbers to update our sponsorship package, which goes over basic demographic information of our participants such as percentages in what age groups (<18, 18-29, 30-39, etc.) and gender (M, F, etc.).  We would never share the participant's individual information with anyone, with the exception of distributing the winning participants' emails and/or mailing address if required for the sponsors to deliver the prizes.  

 

The registration data is stored on the platforms themselves (Eventbrite and Cognito Forms) and you can read more about the security of each below:

   Cognito Forms - https://www.cognitoforms.com/support/74/entries/data-security

   Eventbrite - https://www.eventbrite.com/security/

 

Also, we have always used PayPal or Stripe as our payment processor, so we don't have access or ability to store the credit card numbers of participants.  I hope this helps clear a few things up, but please let me know if you have any questions or need anything else.  Regarding an alternate registration option without including this information, it's wouldn't be out of the question, but we have haven't had too many inquiries into this in the past which is why there isn't currently an alternative.  If you are interested in something like this, please let me know and we can look into it further.  Thanks again for the email and I hope this helps answer your questions!

 Charlie Weisman

Competition Director


**

And mine back

**


Thanks for following up Charlie.

 

I didn’t recall this being required in prior years – clearly, I was not being attentive. I absolutely would love to see a different alternative.

 

The multi-entity storage of personal data becomes a complicated one due to the broad disparities in state law regarding data breach notification. For example, Cognito (in SC) is required to notify you that *your customer data has been breached, but New York law may only require *you to notify New York residents of a breach.  Without going too deep into my day job (IT Director 😉 ), what that means is “as consumers, there’s a lot of question as to whether we’d even know if that breach occurred” – which, of course, always raises the level of concern. Eventbrite, as I am sure you are aware, is in the midst of a class action over its Ticketfly subsidiary’s …performance gaps… in data security and breach notification.

 

That and, as a matter of good practice, I am always in favor of “not storing any information we don’t need to operate well.” One common practice is to separate demographic information into a separate (and usually optional) form, storing the data separately so that it is anonymized, and using age breaks (20-29, 30-39, etc.) rather than requiring birth dates. I wonder if that’s something that might be considered moving forward?

 

Back to Top
 Post Reply Post Reply Page  12>
  Share Topic   

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.01
Copyright ©2001-2018 Web Wiz Ltd.

This page was generated in 0.141 seconds.