I’ve done business with many of the companies involved (TiVo, Citibank, AmEx, BestBuy, Disney, Fred Meyer, Fry’s, Hilton Honors, Kroger, Marriot Rewards, Visa, Walgreens), but only TiVo sent me e-mail. That’s because I lie when they ask my for an e-mail address most of the time (when my e-mail address isn’t necessary) -- and when the e-mail address is necessary, I make sure I click the box saying that I don’t want marketing spam. TiVo recently started sending me marketing spam -- apparently, it decided to forget my preference.
But even then, it wasn’t the correct address. I have three addresses: a public facing address that everyone knows (firstname.lastname@example.org), a private address I give to friends and family, and an e-commerce address that I only give out to companies. Therefore, if I receive PayPal phishing messages, I know they are incorrect, because they are sent to my public address. (I’ve never gotten phishing e-mail on my e-commerce e-mail).
You don’t have to give out private information if you don’t want to. I recently went to Japan to my brother’s wedding. I checked in at the same time as my parents. We were handed forms to fill out, with things like name, address, phone number, e-mail address, and so forth. I filled in my name and handed my form back. My parents looked at me as if that was some unforgiveable sin -- they had filled out the form completely, including e-mail. But it’s not a sin, or antisocial. THEY are the ones being antisocial, because THEY will spam you if you give them your e-mail address. They say they won’t, but of course, they will.
Usually, when I hand them empty forms, they ask why I don’t fill them out. The conversation goes like this:
Them: why didn’t you fill it out?
Me: I don’t want spam and junk e-mail.
Them: We would never do that.
Them: What? I’ll have to check with my manager. (some moments later). Yes, here it is.
Me: (eyes scan down the page) It says here that you “won’t use the information, except for products and offers we or our partners think you might be interested in”. That means spam and junk mail.
Them: We would never do that.
If they continue to insist, I ask “can I lie?” -- and then provide them the (incorrect) information they ask for. It’s an ethical thing: I could’ve lied to begin with, and saved us both a lot of time. But I feel better when they know I’m lying.
It’s odd -- employees don’t really care. They are focused on getting the form filled in, not that it’s correct. The AT&T store employee knew I was lying, but sold me the phone anyway. I get a monthly SMS from AT&T complaining that my address is incorrect, warning me that I should call them and tell them my correct address. This has been going on for 3 years now.
My solution to the Epsilon breach is simply to create a new private e-mail account for e-commerce. I’ll either change the address for the few accounts I care about (like NewEgg and Amazon), cancel the other accounts, and then monitor that account for spam resulting from the Epsilon breach. My public e-mail and private personal e-mail accounts will remain unaffected.