Your Contact Info for a Chocolate Bar?

We've all gotten a chuckle over the drones who would give up their password for a chocolate bar. Are we as security professionals any better? We give up all of our contact information (name, address, phone number, email, company name, job title), information on our company (security initiatives, budget, size, locations), and sometimes even contact information for our co-workers. We give it up for half-baked white papers that may be helpful or may be marketing tripe that will be discarded immediately. We give it up for a one hour webinar that again may be useful or may be worthless. We give it up for a half day seminar that allows us to escape the office temporarily.

Its expected that disclosing this information will result in sales calls. Did you realize that these companies also may be selling your contact information or trading it with other companies? I've been thinking about this since a couple of sales people called, and when told I wasn't interested responded "but you downloaded our whitepaper."

Janis Rose has an article on this in the April 2008 ISSA Journal (membership required). She focuses on the ethical aspect of using disposable email addresses when registering for whitepapers.

When signing up for things online, know that there is no such thing as a free lunch. Even when its a reputable company, you need to be aware of the potential consequences of disclosing data.

I think companies should include choices for how your data will be used. They shouldn't hide it in the fine print of a privacy policy. When they don't do that, we're forced to use temporary email addresses and phone numbers that go straight to voicemail.