Thoughtful responses to my recent items on translucency and selective disclosure -- here, here, and here -- continue to arrive.
Regarding translucency, have you really done Thelma Arnold (AOL user 4417749) by publishing her name and AOL user number and the fact that it has been leaked to the entire world? Why not publish her social security number as well? What are thinking of when you write about translucency? I think you need some opacity.
By the way, the original Social Security Act of 1933 made it illegal to use SS numbers for anything but Social Security and tax information. The government and many others have largely ignored this law. Twenty years ago when I applied for my pilot's license the FAA asked for my social security number. I told them it was illegal to ask, and later they changed the form to indicate that answering that question was "voluntary". However, when I received my pilot's license, guess what my license number was? You guessed it, it was my social security number. When I questioned the FAA and the Social Security Administration about it, they told me they never release that information, and that it must have been a "coincidence".
Given that the widely-read New York Times story ran Thelma's name and
her "user number" -- which isn't an AOL ID, by the way, but only the
number randomly assigned to her in its data dump -- I didn't see how
reciting those facts in InfoWorld could make any difference one way or
But Mark was exactly right. Having collected that scrap of information, it was a reflexive act to use it, even in a context where the point was to advocate opacity. As Mark's comment nicely illustrates, it's deceptively hard to retrain that reflex.
I couldn't agree more. But the real problem appears in your last sentence. For all intents and purposes, there *is* no liability for storing more of a customer's data than is strictly necessary. In fact, when looking at selling that information elsewhere, the financial incentive is to get, and keep, as much information as possible.
Before you're going to see any progress on this, there's going to have to be a definition of what constitutes personal information, what constitutes permitted use (or how individuals can define permitted use on a case-by-case basis), and some kind of serious penalty for failing to meet the requirements. A good successful lawsuit would make folks want to destroy that data as quickly as possible.
However, the courts or legislature(s) are going to need to apply some concepts in creative ways. The courts have defined the concept of a "birth mother" (apart from what I suppose you would call, for lack of something better, a "regular mother") and there are certain things that this entails that cannot be changed, even when agreed to by the various parties involved. For example, if a woman offers her child for adoption before birth with agreements and even the exchange of monies, she may still refuse to complete the transaction at any time and is bound to no terms whatsoever. Her role as the birth mother cannot be "signed away", as it were.
We need the equivalent in this area. Until personal information is seen as being owned, in whatever form, by the person and merely "licensed" (for lack of a better term) to a company to be used within the rights permitted under the terms of the license issued by the person, this is not going to get better!
The funny thing about this is that I'm constantly reading about how data storage needs are out of control and companies are having to struggle with the need for more and more storage capacity. Here's a simple answer to both problems (and one as old as computing itself), it's called purging.
As Tim Sloane also noted, strong financial incentives compel organizations to hoard and trade our data. Here are two countervailing forces I'm aware of:
It's interesting to note that your discussion revolves around providing, storing, and encryption of the SSAN in such a service situation. Even if they didn't store it, they'd obtain a copy of your credit record in a document that has your SSAN embedded. So, they could assure you all day long they don't store your SSAN that you provide, but they have it anyway. Unless they don't store the file either, which would require them to scrape the credit score and other pertinent data off. And once they do that, you'd have to hope that they have a good enough unique key, including address, for example, to prevent identity theft or error. And even then, with that set of data, and a few bucks, someone can get your SSAN and other personal data about you.
True. Related to this, Scott Weisman wondered why, as a lender, there would even need to be a credit check requiring the SSN. A Prosper representative offered this clarification:
While we do use your social security number for Experian, we also need it for tax reporting purposes. Prosper must record and then report earnings that lenders make off their investments. This means that we must record your social security number as it will become necessary for the duration of your activity on the platform.
I noted that, instead, the tax report could flow through me enroute to the feds, and that I could attach the SSN as part of my review of that report. I realize that things don't work that way now. But I'm trying to raise awareness of the possibility that they could, and the reasons that they should.
Former URL: http://weblog.infoworld.com/udell/2006/09/18.html#a1525