First, login to your TD Ameritrade account and you will find a chart like this:
This specific chart is displayed on my screen via the following HTML code:
https://chart.bigcharts.com/custom/ameritrade2/piechart/heat-med.img?&data=0.51+0.28+0.20+0.01&legend=AAPL+5.09%|VGSTX|SCMWY+4.56%|+*CASH*&color=00FF00+CCCCCC+00CC00+99FFFFThis image is served by BigCharts.com. Now, as you can see, BigCharts.com is owned by Dow Jones and Co., which is owned by News Corporation.
Because of the URL you see above, and the basic mechanism of how webpages work, TD Ameritrade is causing your computer to tell News Corp your portfolio contents, then their server is delivering a picture to you which displays a pie chart on the web page. Now, if your computer logs into any other website News Corp owns (they have a lot), they can connect that identity to your stock portfolio.
The correct way to implement this type of image display is as follows: the client logs into the TD website, TD requests the chart from News Corp without including any of your identifying information, TD sends the resulting chart to you. (With an Apache web server this is done with one line of code and is called a "reverse proxy").
I have demonstrated that TD Ameritrade is giving away information, not necessarilly that they are selling it. However, since such information is valuable, I assume that is a logical continuation.
Your name is not transmitted directly to BigCharts.com, however your IP address is. This can be traced back to you personally if you use that IP address to access any other website News Corp. has access to, for example, MySpace. Even if you don't use MySpace, that IP address may be tracable to you in many other ways.
TD Ameritrade has also "lost" account information in the past, of course they never made specific details available.
I sent a copy of this post to TD via the online help system
I received this boiler-plate response:
Your inquiry has been escalated. An analyst will research and respond to your concern. We appreciate your patience while awaiting their resolution.
TD AMERITRADE, Division of TD AMERITRADE, Inc.
I have not heard back from them yet, I mailed them this quick update:
Thank you for the quick reply. If there is any information I can provide to expedite the process, don't hesitate to ask.
Just for your information, your progress on explaining/resolving this issue, as well as our correspondence, will be posted on my blog.
This matter was referred to the SEC.
I have been contacted by the President's office, and had the opportunity to explain this issue. It was a great conversation and I look forward to catching up on the rest of the details.
I have been in contact with the SEC regarding this.
This case has been assigned SEC File # HO130024.
I received a letter from "Client and Regulatory Relations" at TD on 2008-11-07 and replied to them and the SEC on 2008-11-26.
Also of note: I closed my account with them months ago, but they failed to actually delete my account. Last week I called to re-close my account, but not before logging in to see the issue still exists.