Privacy policies rarely mention the weakest point in any company’s security infrastructure: its employees

Chris Ritter / BuzzFeed

Traditionally, privacy worries for consumers and tech companies have been limited to keeping information secure from third parties or hackers. But a series of internal abuses show that tech company employees often have universal access to user information, as well as reason — be it pure voyeuristic curiosity or, in the worst cases, a vendetta — to look at our whereabouts, spending, and of the most private corners of our lives.

Fears of employee data abuse are founded, from the highest levels of government intelligence down to car-sharing apps. In 2013, reports revealed over a dozen instances in the past 10 years in which National Security Agency employees abused NSA surveillance to collect data on love interests, referred to internally as “Loveint.” At tech companies, where security measures and training are largely more relaxed, employees surveilling the location histories of ex-lovers, real-time tracking roommates, and looking at activity logs of friends of friends, is not only a plausible fear, but a new reality. Just last month, a New York Uber executive was investigated and reprimanded for tracking the whereabouts of a BuzzFeed News reporter without her permission.

For all the careful consideration and legal maneuvering of tech company terms of service and privacy policies, those documents rarely mention the weakest point in any company’s security infrastructure: its employees. Clear, plainspoken explanations of employee access to user data are rarely, if ever, present in a privacy policy. But the reality is that thousands of tech company employees across the world now have unfettered access to our most personal data.

BuzzFeed News reached out to 29 major technology companies, including social networks, fitness trackers, and dating, payment, messaging, music, mapping, and music apps with 10 specific questions about their internal privacy policies with regard to user data.

Out of the 29 companies, only 13 responded. Of the 13 that responded, three companies didn’t offer comment. Responses from the other 10 manifested a wide range of views: Some took the inquiry seriously, others offered boilerplate responses, and a significant percentage of the companies chose to remain silent. All told, the collective responses offer a complex and, in many cases, unsettling survey of the current data privacy landscape.

BuzzFeed News sent the same set of 10 straightforward questions to all 29 companies. Here is the list in full:

MORE AT SOURCE: http://www.buzzfeed.com/charliewarzel/we-asked-29-tech-companies-if-their-employees-can-access-you