My SHC Community

Sears Holding Corporation (SHC), the parent company of Sears & K-Mart KMart [updated 01/07/08] stores, has recently come
under fire
regarding their My SHC Community application, developed by VoiceFive, a
subsidiary of comScore. The concerns are focused around whether users
are adequately informed about what the application does before they
install it and whether information provided to users is consistent and
clear. The application tracks, in quite a bit of depth, a user’s
behavior online, including capturing details of purchases, headers of
web-based e-mails, and other content. Both companies assert strong
policies and technical controls to protect the data from prying eyes,
both within and outside of their organizations. They also state that they use scrubbing techniques to delete passwords, social security numbers, credit card numbers, and other confidential data before these data are sent to their servers.

StopBadware has been looking into this situation and has had productive
conversations with both SHC and comScore. The two companies are
currently evaluating our recommendations, which include making
significant improvements to disclosure text and placement, ensuring
consistency in privacy policies, and providing an indicator to the
computer user when the software is running. SHC tells us that they
intend to make one change, which will move a paragraph explaining the
tracking to the top of the end user license agreement (EULA), later
today.

We appreciate the engagement by SHC and comScore. Dialog with both
companies is ongoing, and we will provide updated information as it
becomes available.