Ignorance is bliss and a world you’ll never again be able to enter once you have the blinders removed to your privacy and personal information being left behind and sold whenever it can be. This goes beyond the social networks where you volunteer that personal information and also includes instances where
- the alumni association of the University you attend starts sending credit card offers your way as a sophomore (see more Educational Security Incidents)
- when you buy a house and suddenly start getting home insurance offers and every other offer under the sun because your loan agency sold your info
- when your employer has partnerships with an exercise facility and they pass your personal information along without your consent
It isn’t happening in today’s environment but it could take only one big incident where personal information is lost, identity theft is the result, and credit/lives are ruined before we end up in a society where people ask “Can you tell me about your database security before I submit this?” or “Are my records kept in a safe, a locked filing cabinet, or a locked office even?”. Physical security and IT security go hand-in-hand when protecting personal data that might be on an internal database and/or on paper forms. The HR department should be just as secure and cautious as the business/accounting office. Even if they’re not dealing with money straight up, personal information is worth quite a bit to some and keeping yours safe should be of utmost importance to you. So now that we’ve identified the need that exists, enter EnCoRe to address the problem.
EnCoRe (Ensuring Consent and Revocation) aims to give an individual the control needed over their personal information. It would provide the ability to grant or revoke consent throughout the lifetime of the data, not just a single ‘I agree’ checkbox at the beginning of using a service and more granularity than ‘agree or don’t use the service’.
The overall vision of this project is to make giving consent as reliable and easy as turning on a tap, and revoking that consent as reliable and easy as turning it off again. Turning this into reality, for both the individual and the organisation, requires
● consent management technologies to be developed,
● IT systems architectures that include these to be developed,
● organisations’ operational processes and systems to be designed or
enhanced to use them,
● easy-to-use interfaces to be developed and implemented, and
● the regulatory regime that underpins all of this to be enhanced and
EnCoRe is working on all of these areas.
If a company has a massive data breach and half of their files are lost due to an employee’s negligence or poor protections put in place around the data and you were fortunately in the half that wasn’t leaked, are you able to walk in and ask that your information be securely deleted?
If a company is selling your information (MySpace does), why don’t you have the option right to make a counter-offer to keep your data private?
(via The Economist)
Microsoft has a similar interest in protecting online privacy. They released the specification for the U-Prove technology, which they purchased in 2008, in March of this year. U-Prove provides identity management and privacy protection, allowing a person to securely disclose only the information that is needed by an organization. U-Prove also allows you revoke access to your information. The infrastructure also integrates with an Active Directory, allowing you to use your identity at work.
“When you have privacy, you value it more,” said Mr. Acquisti. “But when the starting point is that we feel we don’t have privacy, we value privacy far less.”
The Economics of Privacy Pricing – New York Times