Black trash bag tied with a yellow twist tie, orange spiral notebook labeled client purchases on wooden workbench

I didn’t expect my week to end with a trash bag of Mary Kay and Pure Romance materials sitting abandoned like a sad little time capsule. But there it was — tossed aside, half‑open, and full of something someone probably shouldn’t have thrown away so casually.

Inside the bag was a client list. Names, addresses, phone numbers. Purchase histories. Enough personal information to make any data‑privacy professional wince. And I’ve been focused on GDPR and privacy work lately, so maybe I’m more sensitive to this stuff than usual — but even without the experience, something about it felt wrong.

There’s a strange moment when you realize how easily someone’s personal details can slip out into the world. Not through a sophisticated hack. Not through a breach with a press release and a legal team. Just… through carelessness. A bag tossed out with the trash.

And it made me think about how many people hand over their information to MLM reps without a second thought. Because it feels personal — “my friend sells this,” or “someone from church or work does that.” But the truth is, most MLMs don’t train their sellers in data privacy. They don’t teach secure storage. They don’t talk about retention policies. They don’t explain what happens if a rep quits, moves, or throws their old inventory in a dumpster.

They just hand out order forms and say, “Write down your info.”

And people do.

The uncomfortable truth about MLMs and data privacy

MLMs rely on personal networks, which means they rely on personal data. But unlike actual businesses, they rarely have:

  • Data‑retention policies
  • Secure storage requirements
  • Training on handling sensitive information
  • Clear rules about disposal

Most reps are just regular people trying to make a little extra money. They’re not thinking about privacy laws. They’re thinking about sales goals.

And that’s how a bag full of strangers and community members personal information ends up abandoned in public.

GDPR has been on my mind

At work, we’ve been walking through GDPR exercises — mapping data flows, identifying risks, tightening processes. It’s tedious in the way that important things often are. But it’s also made me more aware of how fragile personal information really is.

GDPR assumes that organizations should treat personal data like something valuable. Something worth protecting. Something that belongs to the person, not the business.

MLMs… don’t operate that way.

A simple takeaway for anyone who buys from MLMs

If you’re giving your personal information to someone selling products out of their living room, you’re trusting them to protect it. And most of them don’t even realize they’re supposed to.

It’s not malicious. It’s just… untrained.

But untrained people can still mishandle data. And mishandled data can still hurt people.

Why this matters enough to write about

We live in a world where privacy is shrinking. Not dramatically, not all at once — but in small, quiet ways. A bag tossed out. A spreadsheet emailed. A form saved on a phone that gets traded in.

And maybe part of protecting ourselves is simply paying attention to where our information goes — even in the everyday, even in the small interactions that don’t feel like “real business.”

If nothing else, that abandoned bag reminded me of something simple:

Most data breaches aren’t high‑tech. They’re human.

And humans need better habits.

By the way, Meghan, if you ever come across this, I did your friends and family a favor and shredded their information.