Through a roundabout way, I’ve just been looking at TripIt, currently a US application that basically provides a convenient overview of your trip itinerary (and wraps all sort of services around it like advertising, user recommendations, sharing with friends etc). All you have to do is e-mail your booking confirmations / itineraries from any travel company to TripIt and they build your itinerary at TripIt. For people like me who are hopelessly unorganised it is simple, elegant and quick and works across different companies through aggregation.
Hang on a minute. E-mail TripIt your booking confirmation? With all of your travel details, personal details, payment details on it? How valuable is that information? How personal is that information? How much do I trust TripIt with that sort of data?
Now to be fair, TripIt have a clear privacy policy and user agreement prominently on their website:
.
However, this agreement is fairly open and allows for a lot of sharing and reuse of personal data, and open publication of travel dates (burglars – over here!).
Users love this site. They love the functionality and organisation features and all of the enhancements it gives to your user experience…and they don’t seem that worried about sharing this data. As organisations struggling under the burdens of the Data Protection Act in the UK, how do we get the balance right between protecting users and warning them of the dangers, but developing services that can exploit personal(ly) (identifiable) information (PII) to meet user demands? It’s an interesting quandry but I’m keen that it is properly explored as a subject area and not shut-down by overly risk-adverse approaches.