Protection of Personal and Sensitive Data

Personal data generally identifies us (names, date of birth, social security number, address, etc.) and sensitive data could be more generally used to form an opinion about us (religious beliefs, habits, political views, sexual orientation, etc.).

Issues of data protection are not limited to those regarding computing technology; the internet, closed systems or the systems of those we deal with. In addition to the use of technology we provide this data through our physical interaction with our environment from being caught on CCTV and being recorded on the telephone to disposing of paperwork and in general conversation. In these respects we submit a huge amount of data to various technology and social systems that can be misused.

As this amount of data is huge, even if we spent all of our time attempting to protect our data, we would be likely to fail as the systems are not in place to allow us to know what data has been collected, proactively protect against it or reactively have it removed. Without reliable system(s), and it is difficult to see how such a system could exist without itself being considered pervasive, data protection is long-winded and for those with specialist knowledge so extremely costly, to the point of being unobtainable, to the ordinary person. Hence, this protection, certainly in the UK, is largely left to toothless regulation and self-policing.

You may glean from this that only those with more resources will be able to protect their own data however there are many more factors to consider than wealth when judging data protection availability. Many people today do not trust the systems that gather data about them yet are unaware that they are often the weak link in data protection. In the same way that we wouldn’t inform those we did not trust personally in face to face communication of our personal and sensitive data when they may use it against us somehow to our detriment, so it begs the question why user of computing technology would use an e-commerce site they too did not trust. In addition to phishing scams I see technology in this respect, taking e-commerce as an example, as a confidence trickster as it uses the ordinary person’s ignorance of technology trust signs (SSL, certificates, validators, etc.). Through advancing education of users and regulatory requirements of those processing and storing personal data, with enough power to punish wrongdoers sufficiently to make breaches less attractive, we should see a most trustworthy data protection environment.

References

Adams & McGrindle, (2008) Pandora’s Box: Social & Professional Issues of the Information Age. University of Reading: Wiley.

BBC (2009): Warning over ‘surveillance state’ [Online]. Available at: http://news.bbc.co.uk/2/hi/uk_news/politics/7872425.stm (Accessed 14 February 2010).

MRS Professional Standards (2009): data protection and privacy issues [Online]. Available at: http://www.mrs.org.uk/standards/dp.htm (Accessed 14 February 2010).

Wikipedia: Information privacy [Online]. Available at: http://en.wikipedia.org/wiki/Information_privacy (Accessed 14 February 2010).