FFC Registration - New "Requirements" |
Post Reply | Page 12> |
Author | ||
nixie
NYC Midnight Black Belt Joined: 01 Aug 2015 Location: Seattle, WA Status: Offline Points: 9048 |
Post Options
Thanks(0)
Posted: 19 May 2019 at 2:45pm |
|
It affects us all - of course I'm gonna share. :) They tell me this was all required before - and yet, only one person has told me they remember giving their b-date, and nobody seems to remember begin required to give gender. My first profession was as an intelligence analyst - taking random bits of info and putting them together to figure out what a foreign military was doing/going to do. It made me very much aware of how one little seemingly-insignificant piece of data can tie a web together. Knowing that - I object entities storing my random bits of data, unless they need them to do the thing I actually agreed to. Especially when the random bits they want facilitate ID Theft. Haven't registered for FFC yet - kinda holding out to see if they will update. I have a reminder on my calendar for next week to e-mail prod again with a "have you updated that yet? I really wanna register before the prices go up..." message...
|
||
PNWriter
NYC Midnight Groupie Joined: 05 Feb 2018 Location: Seattle Status: Offline Points: 176 |
Post Options
Thanks(1)
|
|
AH! Nixie, I love that you were all over this - and thanks for sharing the response with us. When I registered I was taken aback on the data asks - I really don't remember having to give out quite so much info in the past. The gender and birth date was too far in my mind - then again, if it wasn't required that I have to input my address with my cc I wouldn't be in for that either. Privacy-wise there are a lot of alarm bells here. Sigh. The things we compromise on in order to write...(though I'd rather those weren't my personal privacy/data)...
|
||
nixie
NYC Midnight Black Belt Joined: 01 Aug 2015 Location: Seattle, WA Status: Offline Points: 9048 |
Post Options
Thanks(2)
|
|
Gotta say this for Charlie - I do believe he tries to learn from the feedback. While NYCM is a small business and has its bumps, I do believe they sincerely try to be the best they can every step of the way. (Just the other day, friends and I were discussing Fiction War. And that comparison is one more reason we love NYCM) Gotta say though - I honestly don't ever recall providing my birthdate to NYCM before, nor did anyone else I asked initially. I wonder if they *thought eventbrite had it marked mandatory and it wasn't...? Anyone else remember back that far? Response Hi Diana, Thanks for your email. We did switch recently from
Eventbrite to a new secure online form, but just so you know, we have always
asked for the DOB and gender in our registration forms as far back as
2010. These fields have always been required as well. We use the
DOB to determine if the participant is 18 years of age or older as well as for demographic
purposes which is also why we ask for gender. We only use these numbers
to update our sponsorship package, which goes over basic demographic
information of our participants such as percentages in what age groups (<18,
18-29, 30-39, etc.) and gender (M, F, etc.). We would never share the
participant's individual information with anyone, with the exception of
distributing the winning participants' emails and/or mailing address if
required for the sponsors to deliver the prizes. The registration data is stored on the platforms themselves
(Eventbrite and Cognito Forms) and you can read more about the security of each
below: Cognito Forms - https://www.cognitoforms.com/support/74/entries/data-security Eventbrite - https://www.eventbrite.com/security/ Also, we have always used PayPal or Stripe as our payment
processor, so we don't have access or ability to store the credit card numbers
of participants. I hope this helps clear a few things up, but please let
me know if you have any questions or need anything else. Regarding an
alternate registration option without including this information, it's wouldn't
be out of the question, but we have haven't had too many inquiries into this in
the past which is why there isn't currently an alternative. If you are
interested in something like this, please let me know and we can look into it
further. Thanks again for the email and I hope this helps answer your
questions! Competition Director ** And mine back ** Thanks
for following up Charlie. I didn’t
recall this being required in prior years – clearly, I was not being attentive.
I absolutely would love to see a different alternative. The
multi-entity storage of personal data becomes a complicated one due to the
broad disparities in state law regarding data breach notification. For example,
Cognito (in SC) is required to notify you that *your customer data has been
breached, but New York law may only require *you to notify New York residents
of a breach. Without going too deep into
my day job (IT Director 😉
), what that means is “as consumers, there’s a lot of question as to whether we’d
even know if that breach occurred” – which, of course, always raises the level
of concern. Eventbrite, as I am sure you are aware, is in the midst of a class
action over its Ticketfly subsidiary’s …performance gaps… in data security and
breach notification. That
and, as a matter of good practice, I am always in favor of “not storing any
information we don’t need to operate well.” One common practice is to separate
demographic information into a separate (and usually optional) form, storing
the data separately so that it is anonymized, and using age breaks (20-29,
30-39, etc.) rather than requiring birth dates. I wonder if that’s something
that might be considered moving forward? |
||
nixie
NYC Midnight Black Belt Joined: 01 Aug 2015 Location: Seattle, WA Status: Offline Points: 9048 |
Post Options
Thanks(0)
|
|
Good logic. I'd extend it a bit farther. The Participation Agreement is a legal contract. The registration is a de facto acknowledgment of that contract - by registering, you are effectively signing (agreeing to) the contract terms. Wilfully and knowingly presenting fraudulent information as a part of that process may constitute fraud - and certainly is grounds for contract revocation. So - ticking the check box is just as enforceable, under civil law, as providing the date. (one of the reasons these are unmarked by default is because in court, pointing out that you couldn't have missed it, but had to actively click, is part of the success strategy.) It has the same contractual obligation and consequence, but achieves it without storing PII and subjecting the contestant to potential impact of data breach.
(also noted: in the event of data breach, New York State law appears to require only that *residents of New York* be notified. So the other 95% of us might never even know it had occurred...) Edited by nixie - 10 May 2019 at 4:46pm |
||
ChillyToez
NYC Midnight Black Belt Joined: 06 May 2019 Location: North Pole Status: Offline Points: 2438 |
Post Options
Thanks(0)
|
|
You don't put your birth date on a 1099. But it does require a ssn (which thankfully the nosy registration form didn't ask for!) So I expect winners get contacted by NYCm for their info...
|
||
jennifer.quail
NYC Midnight Black Belt Joined: 07 Feb 2018 Status: Offline Points: 7931 |
Post Options
Thanks(0)
|
|
When setting my birthday, I had the "wrong" year for a minute and when it's there, it brings up a box that requires parental/guardian consent and while I didn't experiment/have a convenient child to use as a test subject I think it won't allow you to proceed without an adult's information. I suspect it's an attempt to be more secure than the easily-lied-to ticky box with "I promise I'm over 18". You could still lie, but if you win money the name/birthdate being fraudulent would trip you up (at least the first prize I assume triggers a 1099.) In that case you aren't just checking a box incorrectly, you have to willfully input fake information.
|
||
ChillyToez
NYC Midnight Black Belt Joined: 06 May 2019 Location: North Pole Status: Offline Points: 2438 |
Post Options
Thanks(0)
|
|
Cool. I did not see an option for other!
|
||
nixie
NYC Midnight Black Belt Joined: 01 Aug 2015 Location: Seattle, WA Status: Offline Points: 9048 |
Post Options
Thanks(0)
|
|
The list I saw had three options, not two - M / F / "Other". While a bit ungraceful, I can understand that providing for every possibility makes for a long list to maintain, and ensures something/someone will get missed and feel targeted by the oversight/lack of awareness, so "other" seemed like an attempt to acknowledge that two was not the magic number...
|
||
ChillyToez
NYC Midnight Black Belt Joined: 06 May 2019 Location: North Pole Status: Offline Points: 2438 |
Post Options
Thanks(1)
|
|
indeed! I just meant bc of the eligibility requirements that it didn't immediately jump out as suspicious to me until they started asking about my downstairs bits/gender identity. Whist I'm complaining, I also object to the very binary options.
Edited by ChillyToez - 10 May 2019 at 9:22am |
||
nixie
NYC Midnight Black Belt Joined: 01 Aug 2015 Location: Seattle, WA Status: Offline Points: 9048 |
Post Options
Thanks(1)
|
|
Rofl If they are validating ages, they can as easily have a check box for "I affirm that I am over the age of 18 [or legal age of majority in my country, which allows me to sign a contract on my own behalf." *That* can't be used for identity theft ;)
|
||
Post Reply | Page 12> |
Tweet |
Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |