David Sarno reports:
Twitter Inc. has acknowledged that after mobile users tap the “Find friends” feature on its smartphone app, the company downloads users’ entire address book, including email addresses and phone numbers, and keeps the data on its servers for 18 months. The company also said it plans to update its apps to clarify that user contacts are being transmitted and stored.
The company’s current privacy policy does not explicitly disclose that Twitter downloads and stores user address books.
Read more in the Los Angeles Times. Note that Twitter clarified that names are not stored and that they intend to update their privacy policy to make the collection more transparent. If you are having second thoughts and want to remove your contacts from Twitter’s logs, use the remove link on this page.
Of course, I have been advocating for a long time that Twitter (and other companies) should not retain PII for so long. They are setting themselves up as a more desirable resource for law enforcement and putting our privacy at greater risk of government intrusion or hacking.