In whom do we trust?

11/21/2008 13:40

It’s one thing when private and personal information is breached through accident, theft, or the occasional cracker hacking the systems. While damaging, these occurrences can be defended against and the risk can be mitigated and managed through various means.

That being said, it is quite another matter when people who are authorized to use this data abuse their power. Today, it was disclosed that a number of Verizon wireless employees accessed President-elect Obama’s cell phone records without authorization (https://www.cnn.com/2008/POLITICS/11/21/obama.cell.breach/index.html?eref=rss_topstories). This is yet another example of broken trust involving our private and personal information.

This type of incident should be considered a grievous breach of the public trust, regardless of the profile of the citizen affected. While this particular incident made headlines because it happened to our future President, this issue is not limited to just the rich and famous. Locally, we recently had an incident involving a hospital employee improperly accessing a patient’s records, and the records of the patient’s entire family. Apparently, the employee gave these records to her boyfriend, who promptly posted the records online (https://www.thedailymail.net/articles/2008/09/11/news/news2.txt). It turns out that the patient victimized was his ex-girlfriend…Not an actress, politician or any other type of celebrity; just a regular person this guy apparently didn’t like very much.

Every day, each of us trusts a countless number of faceless individuals with our private and personal information. This information includes not just the vital data that should be safeguarded to prevent identity theft (social security numbers, credit card number, drivers license numbers, etc), but all sorts of other information that could be of interest to someone wishing us harm, or even just being nosy.

Below is a brief list of some of the data collected on each of us every day, and some of the organizations that collect it. Keep in mind that law enforcement agencies can access this data as well, but (hopefully) require a court order to do so.  Also, this list does not include voluntary disclosures, such as information posted to social networking websites...

• Who we call

phone companies

cell phone companies

• Where we call from

cell phone companies

• What we purchase

credit card companies

stores with discount cards

• Where we drive or go

some road side assistance companies (such as GM’s OnStar)

state and local highway agencies (if electronic toll passes are used)

cell phone companies (if your phone is E911 enabled)

• Where we surf online

internet service providers

employers, if utilizing their internet access

• What we download

internet service providers

employers, if utilizing their internet access

• Who we email

internet service providers

email providers

employers, if utilizing their email systems or internet access

• What we email

internet service providers

email providers

employers, if utilizing their email systems

• What medications we take

doctor’s offices

pharmacies

insurance companies

• What medical conditions we suffer from

doctor’s offices

pharmacies

insurance companies

• Most of the above, if a shredder is not judiciously employed

refuse collection companies/agencies

Having said all that, for the most part these organizations have very legitimate reasons for needing this information. For example, your doctor needs to see your medical history and medications in order to treat you; the 911 system needs to be able to locate you if you call for help from your cell phone; and highway agencies need to be able to bill you for highway tolls. For the most part, safeguards are in place to prevent rampant abuse, but we need more checks and balances to limit abuse by the very people trusted with this information.

As citizens and customers, we need to be cognizant of who has what of our personal and private data. Just as importantly, these organizations need to recognize the trust we are placing in them, and be worthy of that trust.