Data Strategy

July 17, 2007

Data reuse versus privacy concerns

Filed under: Data Collection, Datamining, People and Data, Privacy — chucklam @ 7:08 pm

Bruce Schneier, a noted security expert, has written a Wired column titled Strong Laws, Smart Tech Can Stop Abusive ‘Data Reuse’. In the article he notes that most privacy violations are the result of data reuse.

When we think about our personal data, what bothers us most is generally not the initial collection and use, but the secondary uses. I personally appreciate it when Amazon.com suggests books that might interest me, based on books I have already bought. I like it that my airline knows what type of seat and meal I prefer… What I don’t want, though, is any of these companies selling that data to brokers, or for law enforcement to be allowed to paw through those records without a warrant.

From a data strategist’s point of view, ‘data reuse’ is in fact a broad tool that’s usually innocuous. Almost all analytic applications look at data that was originally collected just for transaction purposes. Pagerank reuses link data for ranking web pages (considering that link data was originally designed only for navigation). Even Bruce’s Amazon book suggestion example is a reuse of data. Your purchase data’s ‘first use’ is for purchasing, and using it for recommendation is secondary.

However, when it comes to personal information, Bruce does have a point in that people have certain expectation of control. European laws legally respect such control by forbidding the sales of personal information and the cross-referencing of different databases on people. (At least that’s my limited understanding.) Besides law, technology can also play a role. The Stanford database group has published a Vision Paper: Enabling Privacy for the Paranoids that examines the use of agent and security technologies for individuals to retain control of their information. Specifically, their P4P framework “seeks to contain illegitimate use of personal information that has already been released to an external (possibly adversarial) entity.” That is, to contain the illegitimate reuse of personal info. They start off with simple examples such as (automatically) generating a unique email address for each merchant that you come into contact with. You can audit and turn off any email address that’s found to be used for inappropriate purposes. The paper goes on to suggest other techniques for other forms of data and purposes. It’s only a vision paper and by no means are all the issues dealt with, but it certainly is food for thought.

Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: