by Paul Rudo on 23/05/12 at 6:10 pm
In most developed countries, including the USA, citizens have certain privacy rights when it comes to their personally identifiable information. For example, a doctor may not distribute your medical information, the police can’t search you without a proper reason and an employee may not divulge private trade secrets to competitors.
These privacy regulations were put in place to protect individuals and companies from the embarrassment and damaged reputation that can result
However these privacy rights usually only apply to direct relationships between individuals or entities. Once this information makes it into the hands of an uninvolved third party, your privacy rights around this information diminish significantly.
As a result, a new industry has popped up around the collection and sharing of private consumer information.
For example, Facebook has been accused of tracking user data even after they’ve logged out of their account. And the Florida department of motor vehicles makes money by selling private driver information.
Companies such as Thompson Reuters, Infochimps, Quantcast, and Neilsen have built lucrative business models based on the collection, analysis, aggregation or sale of user data. Some companies are more ethical and transparent than others in their collection of personal data.
Many companies will attempt to defend the clandestine tracking of user data by claiming that they don’t track personally identifiable information such as names, phone numbers or email addresses. However, this information can be combined with other data sources in order to link a data profile to a specific user.
For example, it’s been shown that most Americans can be uniquely identified using only their zip code, their sex, and their date of birth. Once a name, address, phone number and email address this data can then be combined with data from other databases in order to gain a deep, rich profile about this individual’s private life.
So a database of anonymous medical information could be used to extract embarrassing and damaging private information about a user in the list. Likewise, an identity thief could obtain all necessary information in order to impersonate an individual and sign up for loans under their name. This is a very risky and dangerous thing.
And when someone gets hurt all of the companies involved can claim innocence since no individual firm was entirely responsible for the data leak. Instead, the breach resulted from the aggregation and analysis of these purchased data sources.
In the future, it’s very possible that a potential employer will obtain a detailed report on your private life, medical profile, police history, family genealogy, personal preferences, religious and political views, and social networks.
For the data collectors and sellers, there is a strong incentive against ethical behaviour, since restraint and responsibility has a negative impact on profitability.
For an excellent example of how much damage can result from the abuse of these privileges, consider the case of how Scotland Yard had been allegedly hacking private phone conversations and sharing them with the press in exchange for bribes.
Many in the tech industry have declared that privacy is dead. However, the truth is that society simply needs to re-evaluate its ideas and values surrounding privacy.