The more I read blogs and contemplate what I should and should not blog about, I keep coming back to a series of conversations I had with Alex Morrow, and IBM Fellow, on the topic of on privacy and personal data. Those talks were before all of the blogs, the existence of MySpace.com, personal websites, and the like and the issues then are even more relevant today.

Assuming your personal information is stored in a common repository such that the necessary people can get to it quickly, how do you protect the content such that only people who should get to it , can *and* how do you change those settings quickly ?

In the conversations with Alex, the topic was medical information but it applies to al personal information including financial information.
Let’s assume you have an car accident; it would be very helpful if the ER could know quickly of any drug reactions you might have, if you are diabetic, or if you have been undergoing radiation or chemotherapy treatments. The care givers could pull your family history even if you were unconscious. However, should law enforcement have access to your medical records ? The insurance company needs to know your treatment but should they also be able to find out you have one parent, a cousin, and a grandparent all died of cancer ?

The above scenario calls for compartmentalizing data.

Now, you go for mortgage. The banks need all sorts of financial information. It’s all on computers today. It would be so easy to authorize them to pull your credit report and get current account and debt information. It’s pretty safe since you have to authorize it *somehow* ?! I’ll skip the fraud aspect for now. The question comes up, “for how long after authorization, should the bank have rights to access the information, and for what purposes should they be permitted to use your financial data ?” Should they be able to find out, 10 years later, long after you refinanced and moved away from their financial institution, that you are worth 10x or you have a trust with all of your assets and you are late on your current mortgage payments ( due to that car accident that happened above - but the bank doesn’t know that, hopefully). Can the bank use your financial status to push lots of bank services at you ?

Now, most people don’t post they medical history on MySpace.com - but some do (search on chemotherapy to see what I man). And the same goes for accident reports. In many cases, you can find out a lot of personal stuff from blogs too.

The problem is that all of that information is “public”. Banks, insurance companies, law enforcement, NSA, and anyone else is free (and sometimes encouraged) to go digging.

I’ve recently been poking around in SecondLife.com and to be honest, I can’t find much use for it. I’m not going to give out any personal information. I won’t talk about work (even if I know the “firstlife” identity of the person, and it’s a lot of “noise” for not a lot of return.

So, what have I decided ? First, I will blog about world issues, technology issues, and occasionally about the farm or my dog but only after I consider if the information is something I wouldn’t care if it were repeated 1000 times over and was known by the best and worst of the world. (I did post a Google map pointer to my property and I’m still questioning that action - it may disappear one of these days if I get really paranoid.)

My suggestion to everyone is a page from something a manager once told me - “don’t tell a salesperson anything you would not tell a customer directly” - there is no “off the record” … at least not in the world wide web !

Related tangests ...   Sad news that Randy Pausch has lost his battle with Pancreatic Cancer   How much do you pay for the pipe ?   Using Prism to access web applications

Posted in Cancer, Gmail, Law Enforcement, MySpace.com, NSA, Privacy |

You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.