According to the United Nations Conference on Trade and Development 66% of the 194 member countries have adopted some form of privacy related legislation. Surprisingly, for a country that espouses the personal liberties of its citizens, the United States ranks in the middle of the pack for privacy protections.
What does this mean for businesses and consumers?
From a business standpoint, I would refer to Randy Au’s excellent article focusing on the following key areas a business should understand about its collection of electronic artefacts and how this information is used.
As Randy points out in his article, this understanding can be applied to any data set in a business and is not a simple, easy to execute process.
For purposes of this article, we will focus on consumer data and the relationship with personally identifiable information (PII).
From an organizational standpoint, personal data has become the equivalent of the TV show “Hoarders”. Companies see customer data as valuable and therefore choose to hoard all of it and decipher how to use it later on. Some organizations who are more efficient at monetizing the Personal Data Hoard (PDH [I just made that up so feel free to bandy it about in casual conversation]) have become wildly successful as a result, yet are now subject to numerous international investigations and regulatory penalties. As part of modern business practice, both private and public organizations may package and re-sell personal data to other interested parties who focus on specific consumer behaviors. Unfortunately, this practice of sharing does not provide a singular shift of the data from one organization to another, but instead doubles the PII as it now sits in two organizations. In other words, PII has become a version of a natural resource like oil that is monetized by private companies at multiple points in its lifecycle however unlike oil, personal data doesn’t eventually get fully repurposed and transitioned to a final product.
To most people it implies social security numbers, birthdate, and address yet in the age of mobile computing, personal data encompasses a much broader section of information and includes information that most people are unaware of providing and/or sharing. Unfortunately, in almost all cases privacy has not been used as a primary, or even secondary, consideration in the design of the vast majority of digital businesses.
According to the recent California Data Protection Act (CCPA), all data included in the following example would be considered personal data:
They wake up with a mobile phone notification in their apartment. They check the news feeds and go hit a coffee shop for breakfast. Then it’s off to their car where they use a navigation app to find the location of a new doctor. On the way to the doctor’s office, they listen to a satellite radio feed and fail to maintain the speed limit. When they arrive at the doctor’s office, they browse some websites on their mobile phone in the waiting room and buy a new healthcare supplement that pops up on the feed. They are then off to the grocery store and pharmacy, where they pick up new medications and use a loyalty card to purchase some cheese; all of which is posted via video detailing their recent diagnosis, the cheese and their cat, Festus. Finally, their day has come to an end and they launch Netflix on their smart TV (also linked to their social media account) and binge watch Peaky Blinders with sub-titles until falling asleep; all of which is conveniently logged and reported to multiple parties via their wearable health device and mobile phone.
The recent Parler hack is a great example of how much user information was collected by the platform highlighting how minimal user information was secured, protected and anonymized. A much more tangible example of this practice is the website I Know Where Your Cat Lives that uses publicly available information from cat pictures showing where they, and their owners, live. Check it out, especially if you are a picture posting cat lover.
People, and this means you reader types, should take a minute to learn a little more about the data they are currently sharing and the companies that use and sell the data collected. If you know your information is being shared and re-shared without your permission, make the company aware of your desire for that information to not be shared.
Finally, at a minimum, be aware of your phone privacy settings and restrict what you are sharing, your permissions with regard to whom your data is shared with; and, most importantly, place a higher value on relationships with companies that put privacy on a pedestal and not in the corner.