 FRONT PAGE Archive Index Feedback |
|
|||||
|
|||||
|
| |||||
Law and Technology: "I have nothing to hide." Should you care?
By Deborah Pierce
Aug 29, 2002 -- A LOT OF people's initial reaction to privacy issues is to ask some variation of the question, "I have nothing to hide so why should I care?" One reason that's very easy to overlook is that much of the information floating around in many databases is wrong; and when you combine a lot of bad data about somebody, you can easily get to the wrong conclusion – even if they really have nothing to hide. There are a few laws that protect personal information contained in databases, but, as usual, are behind the times in terms of actual protection. This column will explore data sharing, and how personal information can be compromised, and the paucity of comprehensive laws in this country, and of course, what you can do.Information in Databases
Some of the major categories of databases include governmental agencies, commercial (including financial, medical, insurance, and data aggregators), those that contain public records (such as property and voting records), and court records.
Information contained in all database depends on the nature of the entity collecting the information. Generally though, basic information about the person is kept, such as name, address, phone, and transactional data.
A profile of an individual person is created by combining data from many different sources. When each database is kept separate from every other database, it is harder for any one corporation or government organization to create a detailed profile of you. This is analogous to the “privacy by obscurity” that we once had when everything was stored in filing cabinets.
Data in, data out
Thanks to technology, it is now much easier to share data. This, by itself, may not raise an eyebrow; after all, we need public records, for example, in order to keep government accountable. We also want to be able to do title searches so that we can know the true owner of a piece of property that may be for sale.
Often, however, when merging from multiple sources (that is, when creating a profile), errors creep in, and that is where trouble begins. Government agencies often use the social security number (SSN) as an identifier, and use that number to access different files kept on you by different agencies. If numbers are transposed, your files can get confused with someone else’s files. Many corporations use SSNs (or some other assigned number) as well, with the same likelihood of errors. If entities aren’t using SSNs or some other number, they often use names – but here the problem of similar or identical names is even worse.
Case in point: ChoicePoint
From its web site, ChoicePoint describes itself as:
“Through the identification, retrieval, storage, analysis and delivery of data, ChoicePoint serves the informational needs of businesses of all sizes, as well as federal, state and local government agencies.” ChoicePoint collects data from a number of sources, including public records, and credit reports, and makes this information available to government and commercial businesses. This information can be used for background checks, among other things.
Richard Smith, a security expert, got a copy of the file that ChoicePoint had on him and his family. Along with all of the correct information contained in the report, were some striking errors, including that he had been married twice before, incorrect names of his children, and that he was dead! He tried to opt-out, but was told that he couldn’t.
Incorrect information like in the above example can easily be cleared up. If you’re applying for a job, and the background check from ChoicePoint comes back with a statement saying that you’re dead, someone is obviously going to dig a little deeper in order to find the error.
But what happens if you don’t have the luxury of time? ChoicePoint has offered its services in aid of airport security. Right now the “Trusted Traveler” program is still on the drawing board, but has a lot of support in some circles. In order to get a Trusted Traveler card, the passenger would have to submit to an extensive background check – offered by ChoicePoint. What if your profile is incorrect? How do you fix it? Can you still fly if something iffy shows up in your profile? The only answer today is “I don’t know.”
Privacy Laws
The Freedom of Information Act allows you to request that the government show you what information it has collected about you and to correct it if it is inaccurate (although exceptions abound). Commercially, there is no overarching law that compels a company to show you the information it has collected about you. Many companies have policies in place that allow you access to information, but many don’t.
Of course, this is one of many answers to the question, “why should I care?” I hope I’m beginning to convince you that even though you really may have nothing to hide, it’s far too easy for others to create a profile of you (based on incorrect information) that paints a very different picture.
What you can do
• Limit the amount of information you give out to corporations and to government. In some cases this may be very difficult to do.
• As usual, write to your local elected representatives and let them know that you value your privacy. Any laws that protect privacy should be constructed around Fair Information Practices so that you can access and amend incorrect information.
Reader Comments
Discuss this article in the forums!
No comments yet!