Bruce Schneier, a noted security expert, has written a Wired column titled Strong Laws, Smart Tech Can Stop Abusive ‘Data Reuse’. In the article he notes that most privacy violations are the result of data reuse.
When we think about our personal data, what bothers us most is generally not the initial collection and use, but the secondary uses. I personally appreciate it when Amazon.com suggests books that might interest me, based on books I have already bought. I like it that my airline knows what type of seat and meal I prefer… What I don’t want, though, is any of these companies selling that data to brokers, or for law enforcement to be allowed to paw through those records without a warrant.
From a data strategist’s point of view, ‘data reuse’ is in fact a broad tool that’s usually innocuous. Almost all analytic applications look at data that was originally collected just for transaction purposes. Pagerank reuses link data for ranking web pages (considering that link data was originally designed only for navigation). Even Bruce’s Amazon book suggestion example is a reuse of data. Your purchase data’s ‘first use’ is for purchasing, and using it for recommendation is secondary.
However, when it comes to personal information, Bruce does have a point in that people have certain expectation of control. European laws legally respect such control by forbidding the sales of personal information and the cross-referencing of different databases on people. (At least that’s my limited understanding.) Besides law, technology can also play a role. The Stanford database group has published a Vision Paper: Enabling Privacy for the Paranoids that examines the use of agent and security technologies for individuals to retain control of their information. Specifically, their P4P framework “seeks to contain illegitimate use of personal information that has already been released to an external (possibly adversarial) entity.” That is, to contain the illegitimate reuse of personal info. They start off with simple examples such as (automatically) generating a unique email address for each merchant that you come into contact with. You can audit and turn off any email address that’s found to be used for inappropriate purposes. The paper goes on to suggest other techniques for other forms of data and purposes. It’s only a vision paper and by no means are all the issues dealt with, but it certainly is food for thought.