There are laws and regulations in every country articulating what is considered “private data.” Personally identifiable information (PII) is defined as “information that can be used to distinguish or trace an individual’s identity (e.g., name, social security number, biometric records) alone or combined with other personal or identifying information linked or linkable to a specific individual, such as date and place of birth or mother’s maiden name.”
PII has strict requirements in how it should be managed and shared, and who can (or can’t) see it. Although the laws and regulations may lag technology’s capability, they still need to be followed.
But what about the “creep” factor of using PII?
“In the Information Age, everybody leaves a digital trail,” states a Wikihow article. “And if the person doesn’t have one, well, let’s look harder. With Google, Facebook, Tumblr, LinkedIn, and countless other social media sites, whoever you’re looking for is bound to have some of their personal information online. Although sometimes creepy, it’s easy to follow this trail all the way back to the person you’ve been looking for.”
That goes well beyond creepy to downright scary.
I know many people who happily share a lot of information that I’d consider personal and private on Facebook, Tumblr, and Pinterest, and via Twitter, Instagram and Snapchat. They thoroughly enjoy the reach and actively look to distribute that information far and wide.
Users must look a little harder at what they are sharing and really decide whether sharing information that can lead to the identification of yourself, your children, your home address, your car, and the last place you visited on holiday is worth the “likes” you may receive.
Private Information Made Public
This is the concern in our social age: private information that’s happily shared by others. I hope we are moving into “self-managed” or “self-governed” personal data. There are few guidelines available beyond the laws and regulations to direct how a company or a person treats information that is outside the scope of the law, so it leaves the individual to be accountable to share or manage his or her own data based on their individual preferences.
Unfortunately, we are not always clear when we provide information that is going to be used in a manner in which we may not approve.
When we provide credit card information to be saved within a website, we understand the risk of that site getting hacked. Cookies, tags, and pixel trackers can follow you around the Internet and track what sites and pages you visit most commonly, and deduce what we like, what we buy, where we go, and other behavioral information that we don’t explicitly provide.
In many cases, we just assume this is happening so that Amazon’s recommendation engine is accurate and the ads presented to us are at in line with our tastes and desires. Most people have accepted that as the cost of using the Internet.
But what happens when the Internet is embedded into our cars, our homes, our televisions, our refrigerators, and even our bodies through wireless pacemakers? Are we recognizing that when we turn on the car to drive to the store, our location, and movements are potentially always tracked? Did we authorize that use of our data?
Understanding Secondary Use of Data
All the examples above are primary sources of personal information. When the companies that gather the information above share that information with their partners, it becomes secondary information. We may have opted in to the primary use of our data without realizing we needed to opt out from the secondary use of data.
Often, proactive disclosure to secondary partners (i.e., notice and consent) around the use of that information to in a timely and regular way is not made clear to the individual. Worse, that information can potentially be shared again, and so on. This is why Alex “Sandy” Pentland created the New Deal on Data that aims to “rebalances the ownership of data in favor of the individual whose data is collected.”
All of this information and discussion has been around for a while, so why are we still talking about this now?
Stewards of Data
As we continue to build out best-practices in data governance and data management, we need to maintain the viewpoint that—when we are dealing with customer data—it really isn’t our data. Yes, it is a best-practice to define data owners in an organization and make their role and accountabilities clear. But in reality, we are all just stewards of the information owned by our customers.
When we create new policies and standards, whether in regards to using data sharing or determining primary addresses, the decisions need to be made from the eye of the customer, not just the eye of how the company wants to use the data.
For example, we have one client that tests his data governance and data management decisions on a segment of customers who are also employees because some of the people making those data decisions would be affecting the way their own information is consumed and shared within their company. That is a wonderful approach. As they are deciding where their own company draws the line between creepy and appropriate, they are considering how they themselves would feel as the recipient of the interaction by the company.
The connection among the customer experience, data-governance process, and data decision makers is tightly linked to ensure that the interests of the true data owners are always placed first.
This entry passed through the Full-Text RSS service – if this is your content and you’re reading it on someone else’s site, please read the FAQ at fivefilters.org/content-only/faq.php#publishers.
Recommended article from FiveFilters.org: Most Labour MPs in the UK Are Revolting.