I wrote a blog post several months ago about how to find a person’s email address, verify it and then use other services to enrich it. I never published it due to not being totally comfortable with what I have written. The process involves (where the email address is not known):
1. Guessing the email address (there are number of ways)
2. Verifying this using the largest professional network (and if needed the largest social network)
3. Once verified, add to web applications that could enrich the email address by finding out social profiles of the individual and then automatically capturing updates of her/his web activities.
In addition, there are many startups offering digital cards where individuals willingly add their profile data.
Given above, it is unclear who the bad guy in this case is, as we have provided the information willingly in the first place to various web applications. Selling our data to third parties was pioneered by people such as Experian, and it happens every day whether we like it or not.
Perhaps, there ought to be a set of best practices that reputable applications will adhere to. You can take it to another stage by allowing third party audits, etc. This could create an opportunity for a new market segment.
Not a simple issue…I am glad you raise it though..