…you don’t own that information. Stop treating it like you do and making decisions with how to deal with it like you do.
In particular, you do not have the right to determine that it is safe for you to put my information on your mobile devices (say like laptops) even if you put your own personal info there. While it is ok for you to make the decision to put your own personal information there, that doesn’t in any way shape nor form imply that it is ok for you to make a decision for me on whether I think it is ok for that information to be there. In fact, you should ask me directly whether or not I want you putting my information on mobile devices. No need to ask, the answer is NO! The fact that you feel it is safe enough for your own personal information does nothing to make me think that the info is safe, you could be a complete moron when it comes to security and what can and can’t be done and if you look at the odds, you probably are.
The fact that your business model needs that data on mobile devices is not a good enough reason to me for you to put it there, find another model that doesn’t have that requirement. It is my information you are gambling with and you don’t have the right to gamble with my data and consequently cause me possible future grief when you are compromised and I have to deal with the consequences. It isn’t going to be your credit record that is going to be trashed.
Actually I would not mind seeing a requirement that any company that decides to put personal information onto any device that isn’t permanently secured in a place signed off by the owner of the personal data (i.e. the person the data is about) or transmits personal data outside the walls of that secured place this includes wireless, internet, removable media, laptops, PDAs, etc then that company must sign every person involved up for a year of free credit monitoring and post a $50k bond PER PERSON payable directly to the people the data is about. I think that is still low because if I am compromised it will likely be worth more than $50k to me but it is a start. Anyway, if a laptop or other device or media goes missing (EVEN IF ENCRYPTED) or it is proven that data has been lifted from some dynamic transport mechanism (internet, wireless, cellular connection, etc) by someone else, that company must immediately start paying out the bonds at their expense (i.e. every person gets the whole $50k, not $20k with $30K in expenses the company acrued to find and pay them) and none of it can be written off as losses on a tax statement. No damage to the individuals whose data has been taken needs to be proven, the damage is that the information is now available due to the companies lack of whatever you want to call it, brains, capability, technical skills, whatever.
I think something like that may help convince companies that they need to find a better way of handling that information. Right now there is no real impetus to find some other way, just slaps on the wrist. I myself have been involved with a company who happened to lose a laptop with my personal information on it. Why did some gomer from their company feel it was ok to run around with my personal information when I won’t even do that with my personal information? That company should be in the middle of paying out $10 billion to the people ($50k x number of people involved) involved. I expect that would prevent them from ever doing that again and would make every other company in the world think quite hard about it as well.
Again, you have no right to feel that in any circumstance it is ok for you to put my personal information in a place that I wouldn’t personally put it myself.
Â
Oh, this all came up because of a thread I read on one of the private listservs I am signed up for combined with the fact that my info was stolen because of some moron or set of morons at Fidelity who had no reason whatsoever to have my data on their laptop.
Â
Yeah, what you said…
Seems a little extreme of a reaction…
Okay, so I’ll preface my remarks with a note that I’m the author of the piece that so irked joe, and that I work for a company whose business model requires the most private of information – medical history.
What joe’s asking for (whether he realises it or not) is that while my company’s representatives are visiting joe’s boss, they should use a network link to access this extraordinarily private data.
joe, if you don’t trust encryption enough to allow us to put your data (and it is definitely your data – I’m with you on the concept of “I own every piece of data about me, everyone else merely rents or borrows access to it”) on a laptop, why would you allow us to put your data on networked systems?
Remember that those networked systems are owned by people who will not sign medical-quality privacy agreements, because there are essentially no medical-quality telcos, in terms of privacy and regulation.
If the data is encrypted, and access to that encryption requires that the employee of your chosen medical and insurance provider grant that access, a physical carriage of that data – in other words, a laptop – is far more secure than is a network transfer.
[Excuse me if I over-emphasise this a little – I’ve just spent a week explaining to two different projects that “dedicated line” doesn’t really mean that the telco drags new lengths of virgin copper, and that the data still travels over the public network, so requires encryption.]
I see more exposure in having all of the data permanently on the laptop than asking for specific discrete pieces over the wire, especially if what is coming over the wire is more like a presentation layer than hard data.
Certainly I am not saying slap the info up on your corporate website and tell hackers have at it, but VPN into the corporate network and then another layer of two of security you have to get through before you can even ask for the info. Then once there, it is set up in such a way that it isn’t possible to pull vast quantities of records without setting off alarms. What legitimate use could someone need with simultaneous access to the records of thousands or hundreds of thousands or millions of individuals in one fell swoop?
Finally, I am arguing that maybe the whole mechanism in which the info is retained and called up may be wrong. I don’t really have a problem with a lot of medical or other data on a machine that can be compromised assuming the identity can not be ascertained. Maybe we shouldn’t be maintaining soc numbers and names and addresses, maybe there is some hash and in order to access the record you have to properly enter the info to get the hash to pull up the data. It depends entirely on the systems in question and what exactly they are doing but I don’t have confidence that this is being looked at effectively now.
People and companies assume that they need all of this info and feel that encryption solves all issues though no one can actually prove that any given form of encryption hasn’t been compromised. Encryption isn’t a guarantee, it is a “best effort” at a particular point in time. Since you can’t guarantee something, then you must reduce the surface area that can be exposed.