It probably doesn’t surprise you that the most valuable commercial asset you own is not actually property, it is data about you and the data you generate as you live your life. Sure, it may not have a monetary value to any particular provider that compares to, say, your house or your car (which, odds are, you don’t meaningfully own anyway if you take into account the financing arrangements you made to buy those assets), but your identity and your preferences are enormously valuable, especially when aggregated with other datasets about you.
This isn’t necessarily negative. When brands know more about us, they can personalise the way they approach us and offer us more relevant products and services. We look to our family for recommendations (when was the last time you looked in the Yellow Pages for an electrician listing?) and if our friends recommend a restaurant, we’re more likely to go there, especially if our friends have similar tastes to ours (which we may discover through a variety of social apps in addition to personal experiences, of course).
A recommendation about a local lunch spot would be far more useful to us than a highly rated spot across town if we only have half an hour for a quick bite and don’t have time to Google random locations.
Whether you have a meaningful right to privacy or not largely depends less on controlling whether commercial providers may use our personal information and more whether you retain some sort of effective control over how these brands may use our personal information. When most people think about privacy, they think about it as secrecy (in other words, whether you are known or somehow remain invisible to commercial eyes) but what privacy really is in the 21st century is your ability to influence how your personal information is used?
This is the privacy model most popular services use and the fundamental basis of the Protection of Personal Information Act. It is also the premise on which privacy policies operate.
An important question to ask is how secure your personal information is in a provider’s hands. The Protection of Personal Information Act will require both the responsible parties collecting your personal information and their agents to implement a series of systems and processes to protect data security and integrity. Appropriate measures are usually taken to secure corporate networks and clearly define users’ permissions but what about the USB drives many of us carry with us and which we use to transport data between our office and home, for example?
Misplaced USB drives are a common reason for data breaches and with the capacities these drives have, losing a single drive can mean a loss of a substantial amount of data. Failing to adequately secure these drives in some form or another could well amount to a failure to comply with the Protection of Personal Information Act’s data security and integrity requirements, not to mention losing customers’ trust.
Customers generally lack tools that enable them to control how their data is used, let alone track that data use effectively. Until customers have something comparable to comprehensive APIs which they can use to authorise data use and monitor what is done with their data by various providers, they are forced to rely on their providers to make responsible decisions and abide by their promises to customers in their privacy policies and agreements.
These providers will increasingly come under criticism for not securing the various options their staff have for moving customer data around, especially data transfer channels and storage media that operate outside secured corporate data networks. As customers, we should ask our providers more questions about how they process our personal information. Without more transparency, we have little idea what goes on once we click “submit” and the less we know, our right to privacy diminishes.