Will your data be your destiny?

It is not enough to work to protect your own data these days. You must also think about how the myriad organizations you deal with protect your data, whether or not you have a choice in the matter. Let’s look at a few examples and consider their implications.

Web browsing habits from the home, which may bring out the lowest common denominator in many people, though mostly innocuous, were initially ordered to be revealed by user name in the Viacom v. YouTube case before bulk views was agreed upon.

Many people have grown accustomed to using publicly available online resources where the implicit way these same resources are managed changes over time. Over the years we’ve seen companies that provide free email turn specific messages over to authorities, such as when Yahoo provided a journalist’s email to his government which then imprisoned him for divulging state secrets.

An employee of PA Consulting Group lost a memory stick with unencrypted data on tens of thousands of prisoners in the UK. The worst here is that the loss itself does not represent the real incompetence. I’m sure people will continue to lose things well into the future. But my guess is that the data were unencrypted and on a memory stick simply for the convenience of working with them in that format. It was probably PA Consulting Group policy not to work that way, but with a tight deadline, less safe timesaving methods were used.

There are further examples of how corporations do not protect personal information simply because they do not deem it worthwhile. For example, ConEd online account information (address, phone number, email) is available simply by inputting an account number. No password is required.

The Princeton Review published personal information and test scores for tens of thousands of students on its website.

There is also the possibility of data theft after information is turned over (we see enough examples of thieves stealing or companies losing credit card, social security and other personal data).

Protecting personal information is not solely in the domain of the individual. Companies that have access to personal data will continue to lose this data in the future. We just have to ask that they do a better job of protecting this data to begin with and give individuals a clear and easy to use option of keeping their data private.

Seriousness to the individual of the following:
Viacom v. YouTube: low to medium, depending on ability to identify individuals from the data.
Yahoo email share: high, since this resulted in a prison term for the journalist.
PA Consulting Group memory stick loss: potentially high.
ConEd: medium. Mostly a risk of identity theft or unintended pranks such as changing address or payment schedules.
Princeton Review posts student data: low to medium. More of an ability to snoop on data that will eventually be revealed to schools to which the students apply.
Credit card or Social Security data theft: medium to high. Opportunity for identity theft and fraud.

Sunday, August 18, 1805

I recently read the Journals of Lewis and Clark, a nearly day-by-day account of the expedition sent by Thomas Jefferson to survey the Louisiana Purchase. Here is one journal entry from Meriwether Lewis on his birthday, while passing through what became the state of Montana.

Sunday, August 18, 1805

“This day I completed my thirty-first year and conceived that I had, in all human probability, now existed about half the period which I am to remain in this sublunary world. I reflected that I had as yet done very little, very little, indeed, to further the happiness of the human race or to advance the information of the succeeding generation… [I] endeavor to promote those two primary objects of human experience, by giving them the aid of that portion of talents which nature and fortune have bestowed on me, or in [the] future to live for mankind as I have heretofore lived for myself.”

With improved health and longer lifespans today, maybe people can get away with having this thought at age 39, instead of 31 (though Lewis only lived another four years). But still, for someone who had achieved much at a young age, what a journal entry.