Data security is a hot topic in privacy circles. We have already accepted that corporations and other big institutions collect data about us. But do they keep it safe? Not always. Brad Edelman, a privacy researcher at the Harvard Business School shows a glaring vulnerability in Sears’ data protection scheme:

Sears offers no security whatsoever to prevent a ManageMyHome user from retrieving another person’s purchase history by entering that person’s name, phone number, and address.

Which is not OK. They have since fixed it, but the incident does highlight issues regarding the ways that companies do protect the large amounts of data that they collect from you. Granted, Sears has been scrimping on IT, but what is to say that this is not the case elsewhere? Last June, Privacy International rated Google as bottom-ranked in terms of data protection and privacy, which myself and others found surprising. And some found outrageous.

So is this really a big deal?

Well, it could be when you consider as well the notion that the United States is ranked as being one of the worst “endemic surveillance societies” in a report released by Privacy International and the Electronic Privacy Information Center. Of concern in the report is “Extensive data-sharing programs across the federal government and with the private sector.”

So even if one institution does implement solid security guidelines, it is pretty common for data to be swapped and shifted among a number of different parties, each of which could introduce a new set of vulnerabilities. As far as I know there is no comprehensive set of data protection policies that would cover this type of thing.

This becomes especially disconcerting when biometric data becomes involved, which the report cites as a concern in and of itself. As I asked in the Brunei post, who will have access to this data? What governments? What private agencies? Who will set international standards as information is passed between multinationals and national governments? What happens when other data is associated with this biometric data?

It is naturally a global issue, and even though(as I just mentioned) Google has taken a poking in the past, it is working with the European Parliament to pioneer what they hope to be an industry-wide approach to consumer data protection:

Privacy is a global issue that knows no borders. We need all stakeholders — governments, businesses, political parties, privacy groups industry associations, and others — to work together to ensure a global solution.

Which is to say that the issue is not confined to one company or one government, but is something that must be addressed by all of the parties involved. Which is fairly common tactic in addressing many issues in a globalized world.

This entry was posted on Thursday, February 7th, 2008 at 6:58 pm and is filed under Globalization, Privacy. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.