The Dangers of Too Much Data Privacy

(07/08/2007)

Data privacy is a real hot topic now-a-days. 36 states plus Washington D.C. have passed data privacy laws requiring that companies notify consumers if their personal data has been stolen. In addition to the disclosure laws, there are a whole slew of laws restricting the use of social security numbers, credit/debit card numbers and other types of sensitive information.

The federal government has passed its own slew of laws including; HIPAA, SOX, GLBA and more that require companies to protect the privacy of the non-public personal information that they have about all of us. On the whole, this is a very good thing. Nobody wants to be the victim of identity theft, or get unwanted solicitations. How many of us would love to cut out even half the amount of junk mail we receive on a regular basis? The problem has gotten so bad; that some companies now offer services to protect consumers from identity theft.

The private sector as a whole has not always been responsible stewards of the non-public personal information that consumer entrust to them. It is axiomatic that when the private sector fails to act responsibly, the public sector will enact regulations to mandate changes in behavior. The slew of highly publicized data breaches and the accompanying public outcry are at least partially responsible for the stampede of data privacy laws passed in recent years.

The issue is that a certain amount of data sharing is important. Businesses routinely send personal financial information about all of us to the credit bureaus. (Experian – Equifax – TransUnion) The bureaus assign us our credit scores, and companies use that information in deciding whether or not to loan us money for major purchases such as cars, homes, etc.

Here’s the problem, there is such a thing as too much data privacy. A certain amount of responsible data sharing is important to reduce fraud, combat terrorism and even fight crime.

Financial institutions combat fraud by sharing information about people who are going from one bank to another, committing illegal acts such as trying to cash pass checks. In an effort to combat terrorism, banks are required to notify the federal government when certain transactions meet the guidelines that by law are deemed suspicious.

Too much data privacy can be deadly. Seung-Hui Cho massacred 32 people at Virginia Tech. This is despite the fact that he had serious mental problems, and was considered very dangerous. This tragedy might have been avoided if this type of information was included in the normal background checks that are performed when somebody tries to purchase a firearm. The precise nature of the mental condition wouldn’t have to be disclosed, just the fact that the person was not eligible to purchase a gun.

To take matters to the next logical step, the attempted purchase itself should notify authorities if the person has been advised they are forbidden from owning a gun. If the attempt is a violation of the conditions of parole, the person should go right back to prison.

The federal government is currently considering passing more data privacy laws. As they conduct their deliberations, they need to keep in mind that the bad guys thrive on secrecy. All levels of law enforcement need to be able to freely and responsibly share information about criminals.

For example, as a parent, I want my school district to be able to know that somebody that was arrested for child molestation in another state is now applying for a job where my kids go! If somebody is wiring money out of the country from several different banks that information needs to be captured and submitted to the authorities. Such activity is not normal, and is an indication of possible illegal activity worthy of investigation.

Information is power, and we need to make sure that in the rush to protect our privacy that we don’t hamper the legitimate uses of data sharing. Our founding fathers new the power of government, and how in the wrong hands it could be very destructive. They also knew that unless the people in power were of high moral character, no amount of laws could prevent abuses of our freedoms. So, a certain amount of data sharing is critical, with the appropriate safeguard in place, managed by people of high integrity.

About the author: Philip Alexander is an Information Security Officer for a major financial institution and the author of the new book Data Breach Disclosure Laws: A State-by-State Perspective by Aspatore Books

Related topics:  Data management and data security   Security management and policies 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources