http://blogs.msdn.com/oldnewthing/archive/2003/12/28/46278.aspxToday I read the privacy policy for Nuveen Investment Advisors . I like this part: We do not disclose any nonpublic personal information about you to anyone, except as permitted by law. "Except as permitted by law". How reassuring. Is it really necessaryen-USCommunityServer 2.1 SP1 (Build: 61025.2)http://blogs.msdn.com/oldnewthing/archive/2003/12/28/46278.aspx#46296Mon, 29 Dec 2003 05:50:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:46296mikeAre these statements also part of an opt-out policy? IOW, after reading these &quot;we'll only share your info with everyone&quot; clauses, you can jump through various high and flaming hoops in order to request that they do not &quot;protect&quot; your &quot;privacy&quot; as indicated?http://blogs.msdn.com/oldnewthing/archive/2003/12/28/46278.aspx#46299Mon, 29 Dec 2003 06:20:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:46299Raymond ChenThere is no way to opt out. These are just &quot;This is the way it is. If you don't like it, feel free to close your account.&quot; I just found another privacy statement for yet another company but it's basically the same as the one above: &quot;We will disclose your information to anybody we want.&quot;http://blogs.msdn.com/oldnewthing/archive/2003/12/28/46278.aspx#46321Mon, 29 Dec 2003 11:48:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:46321Office Development, Security, Randomness...http://blogs.msdn.com/oldnewthing/archive/2003/12/28/46278.aspx#46322Mon, 29 Dec 2003 11:53:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:46322Office Development, Security, Randomness...http://blogs.msdn.com/oldnewthing/archive/2003/12/28/46278.aspx#46323Mon, 29 Dec 2003 09:00:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:46323Henk DevosI wonder if they are aware of the laws in Europe? <br>For any European citizens, they are not allowed to keep any information in a database without the user's permission. The user has to be able to see what information is stored in the database and change it if desired. The user has the right to request that data is removed from the database. They are not allowed by law to share any of this information without the user's explicit permission. <br>A very strange exception is email addresses, which are not considered personal information. Europe does allow spamming with similar regulations as the US: You have to be able to opt-out. But most spamming companies don't follow this regulation too seriously either. Many spam emails still have no opt-out possibilities, and i recently noticed a spammer (sending me the same email about 10 times per day on average) is requesting up to 72 hours to opt out, but changes web sites every few days. This means: By the time the opt-out is in effect, they have changed to a new url and you have to opt out again.http://blogs.msdn.com/oldnewthing/archive/2003/12/28/46278.aspx#46428Mon, 29 Dec 2003 18:56:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:46428njkayakerThere may be a bit more weasiling going on with &quot;permitted by law&quot;. <br> <br>I suspect that that they what readers to see &quot;except as required by law&quot; (note the meaningful &quot;required&quot; as opposed to the meaningless &quot;permitted&quot;). <br>