Customers of Comcast’s internet provider, Xfinity, are being automatically opted in, which allows the company to retain sensitive personal data.
According to the website, the US telecoms giant could keep data about “race, ethnicity, political affiliations, or philosophical beliefs.” Sensitive data also covers characteristics of protected classifications under California or federal law such as ancestry, national origin, religion, age, mental and physical disability, sex, sexual orientation, gender identity, medical condition, genetic information, marital status, or military status.
Comcast asserts that it does not sell information identifying the customer to third parties, including location data, but states that certain details are utilized to “improve our Services, optimize and analyze your experience on our Services, and serve ads relevant to your interests.”
In a 2018 Q&A, Readwrite was told by Shuvankar Roy, then Vice President of Customer Experience at Comcast: “Analytics can help to identify the actual pain points in many parts of the business, including the customer journey.”
Xfinity data breach
Concerns about privacy and data collection have arisen following a “security incident” at Xfinity in December. Comcast informed customers that the breach led to the theft of their information, including usernames, passwords, contact information, partial social security numbers, and more. In a notice, the company said “there was unauthorized access to its internal systems that was concluded to be a result of this vulnerability.”
Xfinity subsequently alerted federal law enforcement and initiated an investigation into the nature and scope of the incident. The total number reportedly affected by the breach was 35,879,455, however, it is said the provider informed customers two months after the incident had actually occurred.
another week, and another hack where my data was stolen@Xfinity hacked in October, 36mm people affected including all contact info, last 4 of social, etc
make sure to change your passwords and security questions + set up two factor
— Dana Woodman (@DanaWoodman) January 21, 2024
The company then called on customers to reset their passwords and enable two-factor or multi-factor authentication to secure their accounts.
However, Xfinity adds that consumers can withdraw from its data storage, as well as have the right to request to see the data they may hold.
How to opt out of Xfinity’s data storage
To opt out, first head to Xfinity’s main Privacy Center page and scroll to the bottom to find the “Review your privacy preferences” option. After clicking on the “Manage your information” button, find a section on “Sensitive personal information preferences,” and choose “review settings.” Here, you will have to provide a name, email address, contact number and home address to receive information.
The provider states that the details required are not for “marketing or advertising purposes,” but to keep a record of the request.
Then it asks you to fill out the form and press “continue” at the bottom. Next, locate the switch named “Storage and usage of sensitive personal information” on the final page and turn it off. Comcast clarifies that even if this toggle is switched off, “we may still use your sensitive personal information for certain purposes, including to provide your Services, security purposes, and fraud monitoring.” Hence, a certain degree of data processing remains beyond control.
Xfinity provides more information about data collection in five states including California, Colorado, Connecticut, Utah, and Virginia. However, WIRED reports that Comcast may take up to a month to process requests, and will inform you should the process take longer.
Featured image: Canva / Xfinity