They need to add wording so that my data can't be shared without my permission with anyone who doesn't have the same company name. Way too much is being hidden behind "associates" and "partners". Anyone who touches my data should have to accept the same security and legal restrictions/responsibilities as the parent company that collected it. I'm tired to getting those Privacy Notices from everyone I have an account with, written in legaleze so generic as to make them useless. If you can take the time to send me a revised privacy statement every six months, then you can take the time to list who your "associate companies" actually are.