Sigh, yet another personal information leak.
You see I told you before that corporations just don't get the first thing about privacy and it is more than abundantly clear that when they send us their pledges about maintaining privacy of our personal information, well they ain't worth the paper they are written on. Seriously. I kid you not.
You see all those pledges are saying are "we'll try our best" with no guarantee of what their best should be and certainly no guaranteed recourse if they don't meet that standard. All this will continue indefinitely because our governments refuse to regulate storage and trade of personal information with the seriousness they would, say government secrets. The only other thing that might reign in this total disregard for our personal information would be widespread, tabacco industry scale, class action suits with massive punitive damages. Of course it wont benefit us, the victims, but it might send a message.
Now all these corporations will whine and tell you these were not intentional breaches of privacy, they were just accidents. You know, like chemical companies always say when something bad goes wrong, like say Bhopal. Its up to the victims to prove after the fact it wasn't an accident. But it really seems like these financial companies have completely inadequate protocols for protecting this data. Sure better controls will make doing business more expensive for them, but it should be that way.
Think about it - when it's, say, music industry assets at question they will use the full force of the law to track down and prevent trading of them. I want my private data protected with the same rigour that RIAA and the MPA is now dictating for music and movies. I want my private data encrypted by technology that means only me and the users I authorize can have access to it. In the absence of my renewed permission I want their rights to access that data to expire in a timely fashion - at least yearly, maybe monthly, maybe even instantaneously.
For instance I could let someone keep and access my data for the next year - say a magainze company that has my name and address, and use my credit card info once per month for billing purposes. Indeed they shouldn't even need to have access to my credit card info - I should be able to grant them permission to present my encrypted card info to my credit card company who knows how to decrypt it. Along with my digital signature on the bill presented to me, there should be no need for the magazine company to ever know my credit card info. And if they try to present the encrypted version without a digitally signed bill, well then its worthless. Now that is what I call privacy.
Furthermore:
It should be a felony crime for any corporation to store my data in any form other than that originally agreed on i.e. with the same time limits and access restrctions. This would prevent them making an unprotected, or less protected copy of my personal data without my permission. So they can't take my social security number out of my personal data and store it elsewhere unless I also have the same encryption and data access expiry guarantees.
It should be a felony crime for linking identifiable unencrypted personal data to my records. So if I they know my name, address and credit card and they find out my date of birth or social security number, by whatever means - even if I tell it to them - they can't store that and link it to my existing identity without also guaranteeing the same restrictions applying to my other info.
It should be a felony crime for sharing their access keys and unencrypted data outside of a well defined limit defined by such parameters as specific personel, a geographic location or a computer network definition. That definition should be declared to me, a regulating body and audited and policed.
Finally all crimes should carry a jail term and fine per record so compromised, and a defined limit should be placed on who many instances of the above are tolerated before an entity loses its license to handle personal data completely. So when a company looses 40 million records its going to be paying billions in fines and someone is going to spending years, if not the rest of their life in jail for it. I believe that would do the trick.
All this may seem like a big inconvenience. But ask yourself - when its a case of single track of music leaked onto the Internet you can be fined thousands of dollars, if not actually sent to jail. Corporations are devoting huge resources to the issue of digital rights management and have successfully deployed it onto consumer desktops allowing "renting" and copy protection of their data. So why not insist they turn similar resources to the protection of our, the consumers, data?
Labels
advertising
(1)
android
(6)
android g1 tmobile
(1)
apple
(6)
att
(1)
banking
(1)
bluray
(1)
business
(1)
computer
(1)
energy
(1)
fail
(1)
finance
(1)
firefox
(1)
flash
(1)
flying
(1)
g1
(3)
g33
(1)
google
(3)
googletv
(1)
gps
(1)
hardware
(1)
hdtv
(1)
internet
(1)
ipad
(1)
iphone
(2)
itunes
(1)
mac
(3)
microsoft
(3)
mobile
(2)
music
(1)
nagios
(1)
netflix
(1)
osx
(1)
pc
(1)
phones
(1)
privacy
(1)
recommended
(1)
science
(1)
security
(2)
software
(2)
sprint
(1)
symbian
(1)
tmobile
(4)
tmobile g1 android
(1)
toshiba
(1)
tv
(3)
twitter
(1)
ubuntu
(1)
web
(1)
wifi
(1)
windows
(3)
xp
(1)
Blog Archive
Followers
Pages
0 comments:
Post a Comment