A journey through the business of collecting information

Recently, I found an email in my spam folder. It promoted a service contract for a vehicle that I owned a few years ago. For mere mortals, the delete button solves this annoyance. Instead, I dug in and will share some things about the collection, privacy, and who owns our information.

Lets unpack a few things here. This email was on behalf of a local car dealer where I’ve had some service done years ago. At the time, there was a legitimate reason for them to collect and store my information. The email included the general manager’s name, a nice touch. There were no phony email addresses or links. Ths was a legitimate sales promotion and not malicious. There is questionable benefit to sell or share my information for affiliate marketing purposes. Particularly, after many years since I had been a customer. What else did they share? I may never know.

Companies, organizations and governments (I’ll refer to these as orgs) often engage in this behavior. It starts with collecting detailed information related to an interaction, not merely a sale. This includes doing any business with orgs, online, offline, buying, selling, going to school, church, surfing the internet, our physical presence, and other directly related activities. We often permit this, implicitly. It’s in the privacy policy, that dense legalese which I didn’t read it until now. This is a “buyer beware” situation and it’s up to the consumer to be aware of what they’re getting into.

A win-win?

Everyone involved can benefit from our information. Take YouTube, for example. Algorithms recommend what you’ll want to watch next based on your viewing habits and other variables. The better the match is, the longer you stay on the site. The more you laugh at funny cat videos, the more ads you watch, and the more revenue YouTube makes. Another example is how the Barack Obama campaign studied huge data sets to determine exactly who and where to target with their limited resources. This worked for Obama and it sets a precedent for how political races will be run into the future.

This collected information may be “enriched” with other data such as where we live, work, drive, our viewing and browsing habits, living habits, and vast amounts of information that has been collected about us. Some is “scraped” from public sources, often not to our knowledge and beyond our control. On the surface, there may not be a direct link to an individual. This may be true, yet these things don’t exist in a vacuum. Data scientists have learned years ago how to distill this seemingly anonymous data to link it to an individual. It takes surprisingly little effort with today’s technology to build a profile on someone. That can be equally scary and enlightening, as this article discusses. Enrichment makes information more valuable, more useful, and possibly more risky to the owner (you and I) if it is lost. Unfortunately, organizations losing information is pretty common these days.

Do the right thing

To be clear, I’m not against ethical methods of collecting information. So long as the activity is disclosed, allows an opt-out, purged when it is no longer needed, allows the consumer to request deletion, and is properly secured. We should have issue when these things are missing. Further, how will we know of the legitimacy of any third (fourth, fifth, and so on) parties who get involved?

So who owns our data? At stake are one’s identity, intellectual properly (creations such as this writing, photos, or video), social media profiles, postings, and other contents, Google activity, and the various random bits of information left in the wake of general internet usage. An individual should have the right to request it to be purged and forever deleted. Some orgs allow you to do just that, and some don’t. In the US, they don’t have to. This is precisely what the European Union’s General Data Protection Regulation “GDPR,” hopes to accomplish. This has been years in the making and becomes effective in the spring of 2018. There is already massive controversy about the feasibility and harshness of the fines due to non-compliance. I’m not in the position to make predictions about this, yet we’ll see exactly how this plays out in 2018 and 2019.

This would be a perfect transition to talk about the pros and cons of government regulations and penalties, yet I’ll save that for another posting.

Finding Balance

There is a clear desire to vacuum up as much information as possible. This can lead to a situation where these valuable assets become crippling liabilities for everyone involved. A business who trades in information must find this balance and stay firmly on the side of ethics. It can be safer, and potentially less profitable, to collect only the bare minimum and dispose of it at the earliest opportunity. It’s your duty as an individual to know what information you leave behind, who collects it, and how it is used. I’ll help you identify these things over the posts on this site so you can make informed decisions.