«  
  »

This isn't business, this is personal

Picture credit: selva

Picture credit: selva

All too frequently we hear of large losses of personal data. But who owns your “personal” data?

Do you always own your data, or does your data belong to someone else once you have entrusted it to them?

And, of course, the fundamental question is: do you care about who owns your personal data?

I recently attended  a parliamentary/ industry roundtable meeting, convened to consider the effects of data losses on stakeholder confidence.

The roundtable meeting was a major disappointment [to me] because the majority of delegates failed to address the challenge. But there was a lively debate about the real nature of “personal” data, particularly in terms of ownership.

At the roundtable, some delegates argued strongly that “ownership” of personal data passed from the individual to the data gatherer/ holder; other delegates argued equally strongly that personal data remained the property of the individual and that data gatherers/ holders merely had limited rights of stewardship/ license to use, rather than ownership. 

I strongly favour the “individual ownership, gatherer stewardship” model because I feel this should strengthen the accountability of the data-gatherers to act responsibly with the data entrusted to them and to protect the integrity of my personal data while in their care.

As long as the data gatherers continue to believe that they own our personal data, they are less likely to start looking after it properly and we will remain seriously at risk from their laxity and carelessness.

Do you care about who owns your personal data?

FREE COPY OF INFORMATION GOVERNANCE GUIDELINES.

Please enter your details below if you would like a copy of my paper (updated November 2010), about Information Governance, which sets out a summary of straightforward measures that should help organizations preserve stakeholder confidence in their information governance. :mrgreen:

  1. (required)
  2. (valid email required)
  4. Captcha
 

cforms contact form by delicious:days

You may also like to read:

Email this post Email this post
  • http://www.dominicbarrow.com Chris Potts

    Colin

    This is one of the fundamental questions of the ‘Information Age’. Thank you for reminding us how distant we still seem to be from resolving it.

    Along very similar lines, one of the longstanding tenets of Information Architecture is ‘single source, copy managed for performance’. Which means we need to ask: who has the single source of someone’s personal data, and who has the copies? And if there are discrepancies between copies of the same data, which one is taken to be authoritative, and why?

    This is not quite the same as your question of ownership, I know, but I think the two questions are worth considering together.

    Chris

  • http://blog.brendanmitchell.com brendan mitchell

    Colin I couldn’t agree with you more. It’s a personal bug bear of mine when personal data or identities are mismanaged by incompetent gatherers. So much so that I’m planning to launch a forum in the very near future named http://www.youridmatters.com that advises visitors on identity issues & gives them a place to discuss these issues.

    I agree entirely with “individual ownership, gatherer stewardship”, gatherers need to be aware that I own my ID, not them, if I trust them & share my ID with them, they are responsible for keeping it safe and shouldn’t be surprised when I come after them if they break their promise & misuse my trust.

    Good paper you submitted to the roundtable, thanks for sharing.

  • http://www.eradar.eu Will Roebuck

    Unfortunately, no-one owns their personal data. Having any personal data is a legal requirement that sets up a relationship between individual and state from birth. We do have more control over our personal data held by non-state organisations (e.g. commercial companies), but this has become less so with new commercial opportunities for government, e.g. the re-use of public sector information.

    I pose some questions with some suggested answers…….

    1. Who owns our name? It’s a legal requirement on a birth certificate

    2. Why am I a British citizen? It’s a legal requirement based upon international laws

    3. Why am I given a National Insurance Number? It’s a legal requirement so that the state can tax me when I’m working

    4. Why am I required to register my address. It’s a legal requirement for council tax collection

    5. Who owns my bank account? The bank, although I have chosen to deal with them (and them me)

    6. I can go on and on…….

    The problem is that we don’t own and can’t have complete control over our personal data. We have to build a fail-safe, data and information management system that protects both the personal and economic rights of each and every citizen in the UK and globally to achieve this ……. and pigs will fly!

    Like it or not, if we engage in society we have less control over our personal data. We first need to educate ourselves better in how society uses this information and to take sensible steps in order to prevent misuse. Democratic governments and businesses also have a duty to protect the misuse of our personal data – if only for selfish reasons to protect their economic base which contributes to the greater stability of us all. Of course, right-minded governments and businesses are also hugely supportive of corporate social responsiblity and not just the business bottom line.

  • http://sweeneyit.com Sean Sweeney

    Hi Colin, Thanks for raising this subject, I also agree with Brendan’s sentiments and also have a view that personal information although vastly different to collated information, such as card spending habits, should not be accessible for any price. Unfortunately it does go beyond our own personal data, if I use the example above, card spending habits, whilst our personal bank details and passwords remain loosely personal, it is the card owner or transaction provider that owns the information on our spending habits, and we, by using their services, are the subject of their own internal use or abuse of such information.
    Unfortunately determining what is personal has become less clear. Especially in the light of the money that can be made by providing information to enable direct selling to us.
    But I do believe it is our own responsibility to take care of our own personal information which could ultimately result in identity or physicl theft. Would any of your readers leave their house key with a stranger? Or would they ensure the integrity of that person before doing so?
    We treat information in such a flippent manner then wonder why people lose it or sell it on. Do we really trust the key keepers? And I especially include government in this question of trust.
    Ultimately our personal information is not safe, it never has been, and Data Protection is a smoke screen set up to try and hide the fact of such ease at which any data collated can be abused.
    We permit governments to read private emails, yet if they opened every letter sent via royal mail, we would soon have something to say about the integrity of Royal Mail in allowing someone to open our mail,yet because there is no “real” money in an email we permit such technological theft.
    We are to blame – plain and simple, as we have sanctioned this technological trespass as trustworthy in motive, yet soon cry out when our identity or money is stolen.
    So the actual question should be:- Data Protection,Myth or Red Herring? As it is only a pipe dream in reality and has never been proven, other than to add more red tape to easily accessible information.

  • http://sweeneyit.com Sean Sweeney

    I must have been writing at the same time as Will,I have also got to agree with Will, and having seen a pig fly, briefly, (it lasted 4 seconds, Newton remains undefied) upon it’s sudden stop, it resembled a Picasso or the work of a very bad butcher.
    Pigs might fly, but in reality it is less impressive than the dream we compile in our minds.
    Data security is that pig attempting to fly in a world where reality brings us down to earth with often devastating results,or at the very least ends up broken.