Close Menu
  • Home
  • Articles
    • Attacks
      • BEC
      • Data Breach
      • DDoS
      • Evasion Attacks
      • Injection
      • Malware
      • MITM
      • Phishing
      • Ransomware
      • RCE
      • Social Engineering
      • Spoofing
      • Spyware
    • Business and Policy
      • BCP and DRP
      • GRC
      • Regulations
    • Data Protection
      • DLP
      • DRM
      • Encryption
      • IAM
    • Future, Trends and Insight
      • AI
      • Events & Community
      • Emerging Tech
      • Expert Panel
      • Interviews With Experts
      • Insights
      • Study & Research
    • Resources
      • Guides
      • Tools
      • Training & Education
    • Security
      • API
      • Apps
      • Cloud
      • Critical Infrastructure
      • Endpoint
      • Hardware
      • IoT
      • Mobile
      • Network
      • OT
      • Port Security
      • Security Architecture
      • Software Development
      • Supply Chain
      • Zero Trust
    • Threats and Vulnerabilities
      • Emerging Threats
      • Insider Threats
      • Risk Management
      • Threat Intelligence
      • Zero Day
  • News and Exclusives
    • Latest News
    • ISB Exclusive
    • Positive News
  • Who We Are
    • About Us
    • Information Security Buzz Expert Panel​
    • Write for Us
    • Media Pack
  • Contact Us
  • Newsletter
Facebook X (Twitter) LinkedIn
Facebook X (Twitter) LinkedIn
Information Security BuzzInformation Security Buzz
  • Home
  • Articles
    • Attacks
      • BEC
      • Data Breach
      • DDoS
      • Evasion Attacks
      • Injection
      • Malware
      • MITM
      • Phishing
      • Ransomware
      • RCE
      • Social Engineering
      • Spoofing
      • Spyware
    • Business and Policy
      • BCP and DRP
      • GRC
      • Regulations
    • Data Protection
      • DLP
      • DRM
      • Encryption
      • IAM
    • Future, Trends and Insight
      • AI
      • Events & Community
      • Emerging Tech
      • Expert Panel
      • Interviews With Experts
      • Insights
      • Study & Research
    • Resources
      • Guides
      • Tools
      • Training & Education
    • Security
      • API
      • Apps
      • Cloud
      • Critical Infrastructure
      • Endpoint
      • Hardware
      • IoT
      • Mobile
      • Network
      • OT
      • Port Security
      • Security Architecture
      • Software Development
      • Supply Chain
      • Zero Trust
    • Threats and Vulnerabilities
      • Emerging Threats
      • Insider Threats
      • Risk Management
      • Threat Intelligence
      • Zero Day
  • News and Exclusives
    • Latest News
    • ISB Exclusive
    • Positive News
  • Who We Are
    • About Us
    • Information Security Buzz Expert Panel​
    • Write for Us
    • Media Pack
  • Contact Us
  • Newsletter
Subscribe
Information Security BuzzInformation Security Buzz
Home - Articles - What Constitutes Crossing The Privacy Boundary Line?
Articles

What Constitutes Crossing The Privacy Boundary Line?

ISBuzz TeamBy ISBuzz TeamFebruary 17, 2014Updated:April 30, 20253 Mins Read
Share LinkedIn Twitter Facebook Copy Link Email
Privacy
Share
Facebook Twitter LinkedIn Email Copy Link
Quick AI Summary
ChatGPTClaudeGeminiGrokPerplexityDeepSeekCopilot

I recently received a letter from a local Lexus car dealership via snail mail. The letter began, “Dear Allan, this is an important notice concerning anyone who may own a (specific year) (specific car make and model).” While I don’t often read junk mail, let alone open it, I quickly saw that this piece was different.

On the outside envelope, there was a URL with my name included in the URL – so I was curious. And in the letter, my current vehicle was referenced: the year as well as the make and model were all correct. Also note, the letter was addressed to me with my (correctly-spelled) first name (unfortunately, it is misspelled more often than not), middle initial, and last name – and also included my accurate full mailing address. By now, you are probably shaking your head, as I was too.

Lastly, the call to action was an offer to buy or lease a new Lexus with a $1,500 discount – a discount that could only be obtained by visiting a website that was created just for me and included my full name as part of the URL. The sentence in the letter stated, “Visit your personal website to view more information on your exclusive offer and to register.”

On the landing page that included my name, two things were requested: my email address and phone number. Sorry, Lexus, this tactic is not the correct way to get these two pieces of personally identifiable information (PII) – especially from someone who works in the infosec world and advocates for online safety, privacy, and security 24/7.

I discussed this direct mail piece with Rebecca Herold (@PrivacyProf on Twitter), internationally-known privacy expert and fellow privacy advocate, and she agreed, “Looks like a new marketing scheme, and the way they are doing it appears to be skirting CAN-SPAM violations.  I suspect we’ll be seeing more of these incredibly invasive types of marketing activities.”

So, the question is, did Lexus purchase a list of current customers from my existing dealer? Or did Lexus purchase the addresses of local residents with the details about their vehicles from the Department of Motor Vehicles (DMV)? While I have attended the annual Los Angeles Auto Show in the past, I have never given my name to Lexus – so did Lexus purchase a list of all attendees from another manufacturer where I might have provided my details?

Any way you look at this, it’s disturbing. At the very least, it appears that Lexus has crossed the privacy boundary line. Have you ever seen anything like this in your industry?

Author

Allan Pratt MBAAllan Pratt, an infosec strategist, represents the alignment of technology, marketing, and management. With an MBA Degree and four CompTIA certs in computers, networks, servers, and security, Allan translates tech issues into everyday language that is easily understandable by all business units. His expertise includes the installation and maintenance of all aspects of the PC and peripheral lifecycle and the planning and integration of end-to-end security solutions. Allan also teaches both the CompTIA A+ and the CompTIA Security+ certification courses, and has been quoted in industry publications. Follow Allan on Twitter and on Facebook.

ISBuzz Team
  • ISBuzz Team
    Air Canada Data Breach: BianLian Extortion Group Claims A Massive Heist Contrary To Airline’s Earlier Statement
  • ISBuzz Team
    Unprecedented DDoS Attack Rocks The Web: Tech Giants Reveal A Digital Tsunami
  • ISBuzz Team
    CISA Flags High-Severity Adobe Acrobat Reader Flaw Amid Active Exploits
  • ISBuzz Team
    Curl Security Alert: Patching A Critical Bug Averting Potential Cyber Catastrophe

The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.

Share. Facebook Twitter LinkedIn Email Copy Link

Related Posts

Roblox Under Fire: Lawsuit Alleges Secret Data Tracking of Kids

May 13, 20254 Mins Read

Understanding Cloud Access Security Brokers (CASB)

March 28, 202410 Mins Read

Decoding Cloud Security Posture Management (CSPM)

March 28, 202411 Mins Read
ISB-Bora-Side-Bar

No se ha podido establecer conexión. Error 429

 
ISB-Bora-Side-Bar
Black ISB Logo

Information Security Buzz is an independent resource that provides the experts’ comments, analysis, and opinion on the latest Cybersecurity news and topics

X (Twitter) LinkedIn Facebook RSS

Working With Us

  • About Us
  • Advertise With Us
  • Contact Us

Write For Us

  • How To Contribute

The Pages

  • Privacy Policy
  • Cookie Policy
  • AI Policy
  • Terms & Conditions
  • Copyright Notice

Information Security Buzz and all its contents are copyright © 2014-2025. All rights reserved. All third-party trademarks are recognized.

Type above and press Enter to search. Press Esc to cancel.

Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}