Strong Laws, Smart Tech Can Stop Abusive ‘Data Reuse’

When we think about our personal data, what bothers us most is generally not the initial collection and use, but the secondary uses. I personally appreciate it when suggests books that might interest me, based on books I have already bought. I like it that my airline knows what type of seat and meal I prefer, and my hotel chain keeps records of my room preferences. I don’t mind that my automatic road-toll collection tag is tied to my credit card, and that I get billed automatically. I even like the detailed summary of my purchases that my credit card company sends me at the end of every year. What I don’t want, though, is any of these companies selling that data to brokers, or for law enforcement to be allowed to paw through those records without a warrant.
There are two bothersome issues about data reuse. First, we lose control of our data. In all of the examples above, there is an implied agreement between the data collector and me: It gets the data in order to provide me with some sort of service. Once the data collector sells it to a broker, though, it’s out of my hands. It might show up on some telemarketer’s screen, or in a detailed report to a potential employer, or as part of a data-mining system to evaluate my personal terrorism risk. It becomes part of my data shadow, which always follows me around but I can never see.
This, of course, affects our willingness to give up personal data in the first place. The reason U.S. census data was declared off-limits for other uses was to placate Americans’ fears and assure them that they could answer questions truthfully. How accurate would you be in filling out your census forms if you knew the FBI would be mining the data, looking for terrorists? How would it affect your supermarket purchases if you knew people were examining them and making judgments about your lifestyle? I know many people who engage in data poisoning: deliberately lying on forms in order to propagate erroneous data. I’m sure many of them would stop that practice if they could be sure that the data was only used for the purpose for which it was collected.
The second issue about data reuse is error rates. All data has errors, and different uses can tolerate different amounts of error. The sorts of marketing databases you can buy on the web, for example, are notoriously error-filled. That’s OK; if the database of ultra-affluent Americans of a particular ethnicity you just bought has a 10 percent error rate, you can factor that cost into your marketing campaign. But that same database, with that same error rate, might be useless for law enforcement purposes.
{Security expert Bruce Schneier writes about the systemic re-use of all personal electronic data, made possible because technology makes it cheap and easy to create vast databases overflowing with identifiable electronic information. Sadly, there are no laws that affirm or grant Americans ownership of their own sensitive personal financial, commercial, or demographic information. None. I agree with Schneier that “Data privacy ultimately stems from our laws, and strong legal protections are fundamental to protecting our information against abuse.” Health information is the ONLY personal information we have the right to control as a matter of law and medical ethics. Incredibly powerful and long-standing state laws, common law, Constitutional law, physician-patient privileges, tort law, and medical ethics all require patient permission before ANY health information is ever shared. But the technology industry is acting as if health records are as unprotected and free to steal and misuse as every other kind of personal information. Today electronic health system facilitates data mining and theft of the most sensitive personal data that exists on Earth: our medical, prescription, and genetic records. The greatest use of electronic health data is for data mining and sale. The technology industry is FLAUNTING centuries of strong laws and medical ethics which prohibit and use and any re-use of health data without patient informed consent. Urge Congress to add basic privacy principles to all legislation building the national electronic health system. ~ Dr. Deborah Peel, Patient Privacy Rights}

Leave a Reply

Your email address will not be published. Required fields are marked *