My Digital Footprint

where your privacy is someone else's business ...

The PII Problem: Privacy and a New Concept of Personally Identifiable Information Paul Schwartz and Daniel Solove

On SSRN: The PII Problem: Privacy and a New Concept of Personally Identifiable Information

by Paul Schwartz University of California, Berkeley – School of Law, and Daniel Solove, George Washington University Law School

Abstract: Personally identifiable information (PII) is one of the most central concepts in information privacy regulation. The scope of privacy laws typically turns on whether PII is involved. The basic assumption behind the applicable laws is that if PII is not involved, then there can be no privacy harm. At the same time, there is no uniform definition of PII in information privacy law.

Moreover, computer science has shown that in many circumstances non-PII can be linked to individuals, and that de-identified data can be re-identified. PII and non-PII are thus not immutable categories, and there is a risk that information deemed non-PII at one time can be transformed into PII at a later juncture. Due to the malleable nature of what constitutes PII, some commentators have even suggested that PII be abandoned as the mechanism by which to define the boundaries of privacy law.

In this Article, we argue that although the current approaches to PII are flawed, the concept of PII should not be abandoned. We develop a new approach called “PII 2.0,” which accounts for PII’s malleability. Based upon a standard rather than a rule, PII 2.0 utilizes a continuum of risk of identification. PII 2.0 regulates information that relates to either an “identified” or “identifiable” individual, and it establishes different requirements for each category. To illustrate this theory, we use the example of regulating behavioral marketing to adults and children. We show how existing approaches to PII impede the effective regulation of behavioral marketing, and how PII 2.0 would resolve these problems.

full text of the article, The PII Problem: Privacy and a New Concept of Personally Identifiable Information by Paul Schwartz, Daniel Solove :: SSRN.

Resource - thoughts about your digital self after your body stops working

So the infographic is from http://www.lifeinsurancefinder.com.au/  An Australian comparison site for insurance, therefore looking for hits and sales  :) They have a walk through webpage that talks to :

  • Digital Privacy After Death - What Will Happen To Your Online Profile When You're Gone?
  • Why You Should Get a Digital Will & A Digital Executor
  • Personality Predictors + Artificial Intelligence = Digital Resurrections
  • What Will Be Determined to be of Digital Importance & How Will it be Preserved?

It is a good resource and well researched and I am delighted that they touched on issues for business owners, however, all Will’s become public at death so please don’t put your identity and passwords in any document.  Further the site does not address the thorny issue of “shared”  accounts. This could be the family email account that is in the name of the person who died.

<br />Produced by Life Insurance Finder

#Forrester Report Predicts a "World of Consumer-Managed Data" - but miss lots of other scenarios

Image001

Forrester Research has finally caught up with some future thinking on “personal data management.” In their new report they care to forecast that shifts in the economy will allow consumers to gain control over all of the data available about them online. This will be achieved primarily though the use of “personal data lockers,” or individual repositories where individuals can store and access their data to share and sell with marketers. Currently, the data economy is balanced towards advertising. Often, consumers don’t understand how their data is being tracked, collected, and sold, while those that do understand the complexities of data tracking don’t have the resources to protect their information. - well in simple terms.

There is a perception that as more and more consumers become aware of the significant value created from sharing their data, they will dig in their heels and demand more control over their "personal/ behaviour/ identification information". Rather than slowing the economy, however, this change will further spur the growth of a “privacy economy,” which will empower consumers to engage with companies on their own terms and, with time, give marketers even better and more actionable data. (may be this is one scenario)

So your digital footprint has value and putting it in a locker makes it really easy to steal........

Startups in Personal Data from PDC

Personal Data Ecosystem Consortium

http://personaldataecosystem.org/startup/

image

Azigo. Wellesley Hills, Massachusetts
Your data defines you. Own it.
“We’re a happy band of developers, designers and entrepreneurs dedicated to the idea that the more control you have over your own data the more compelling your online experience will be, and the more privacy you will enjoy. Although the data wallet app is new and yet to launch, it stands on a technology platform that has evolved over several years by building solutions for PayPal, Google, Mydex, IBM, Equifax, Acxiom, BBB.org, and others.” Private beta signup.
Paul Trevithick, CEO. Blog post: Why must a personal data ecosystem emerge?

Buyosphere. Montreal, QC, Canada
“Buyosphere is a tool to help you take control of your shopping history: organize it, share it and track how you influence others. Our aim is to turn around consumer culture so that customers have more control over their own data. We have a pretty good inkling that this data will become more and more valuable as time goes on. Ever see Minority Report? You know that scene where Tom Cruise’s character is walking through the passageways and being bombarded with ads? That is what is happening today with every transaction we make on our credit cards and anywhere we leave a trail of our information (aka Internet). Sure, some of the results of this will be positive (better recommendations), but imagine if we could turn some of this around? I think we could set our own parameters and have our future look a bit less invasive.” Buyosphere’s Data Portability policy.
Tara Hunt, Jerome Paradis, Cassandra Girard, co-founders. Email.  Twitter.

imageConnect.me. San Francisco, California
Get more out of your connections.
“Connect.Me is a San Francisco based company creating a personal layer for the social web. Build your reputation and gain access to respected people and communities across Facebook, Twitter and LinkedIn. Vouch for people you respect and get vouched for your skills or passions. At Connect.Me, we believe that privacy, control, and reputation are the big challenges and opportunities for the social web. We published the Respect Trust Framework as the first personal trust framework that gives individuals control over the personal data they share on the Internet or social networks.”
Joe Johnston, CEO and co-founder.
Media contact: Drummond Reed on twitter, skype. +1.206.618.8530. Blog post: Connect.Me Joins PDEC Startup Circle for quotes from Johnston, Reed.

imageGluu. Bulverde, Texas
A New Dawn for Federated Identity 
“The Gluu Identity Appliance turns a public or private cloud instance into an organizational identity provider (IDP). The primary reason an organization would want to have an IDP is for single sign-on to several websites. Gluu leverages the Shibboleth SAML platform, which was developed by universities and is deployed at hundreds of institutions. The Identity Appliance greatly reduces the complexity of deploying and managing an IDP infrastructure.”
Michael Schwartz, CEO and Founder. +1-646-558-0023. info@gluu.org.

imageMydex.org. Larbert, Stirlingshire, UK
Your data, your way
“Mydex’s mission is to help individuals realise the value of their personal data. We do this by providing individuals with Personal Data Stores and related services. Personal Data Stores help individuals gather, store, manage, use and share the information they need to manage their lives better. They provide individuals with tools to control what information they share with which people and organisations, when they choose.”
William Heath, Chairman. +44 (0)7973 115 024.

imagePersonal InfoCloud. Bethesda, Maryland.
A social interaction design and analyst firm specializing in personal data reuse and vendor relationship management.
Thomas Vander Wal, Principal. email. skype. +1 240.481.8063. blog.

image
Personal Washington, D.C.
Personal is a web and mobile platform that enables individuals to own, control access to and benefit from their data by organizing and managing their information within our private data vault. We believe that people, not companies, should own their data and decide how it’s used.
Shane Green, Co-Founder and CEO. Media contact: Karen Sippel, email, +1-202-559-7318. Twitter.
Video about Personal.

Privo. Vienna, Virginia
Privacy, Permission & Trust
“Privo is the trusted third party provider of age verification for minors and parent permission management solutions, enabling our customers to provide a safe online environment for minors.”
Denise Tayloe, CEO. Media: Carol Altarescu, +1-914–523–9578, caltarescu@privo.com.

imageProject Danube. Wien, Austria.
Open-Source Sofware for Identity & Personal Data Services
Project Danube is an open-source project offering software for identity and personal data services on the Internet. The core of this project is an XDI-based Personal Data Store – a semantic database for your personal data, which always remains under your control. Applications on top of this database include the Federated Social Web, the selective sharing of personal data with organizations, and much more.”
Markus Sabadello, CEO. twitter, +43 664 3154848.

PDEC Statup Circle Statement from Markus Sabadello on Vimeo. (2:01)

Reputation.com. Redwood City, California.
Take Control. Get Results.
Reputation.com is the global leader of online reputation management and privacy solutions. With customers in more than 100 countries, the company is working towards its mission to empower individuals and businesses with control of their information online.
Michael Fertik, CEO and Founder, World Economic Forum Technology Pioneer 2011.
Media contact: skype. +1-650-409-7371. twitter.

Singly. San Francisco
“Locker pulls together all of my personal data – my tweets, my photos, my contacts and all my social relationships. It holds things like my email, call logs, and purchase history. It does a bunch of complicated things for me, so that developers don’t have to. It puts me at the center of the web, and allows me to choose where, when and with whom I share copies of my data.”
Jason Kavnar, CEO.

SwitchBook. Santa Barbara, California
Complex Searches Made Simple
“SwitchBook helps manage user-driven searches across multiple search providers and websites, creating a powerful new way to explicitly express search intent anywhere on the Internet.”
Joe Andrieu, CEO. email. +1 (805) 705-8651

imageThe Customer’s Voice. London, UK.
You at the centre of your online buying
The Customer’s Voice helps individuals better manage their supply relationships, and in doing so provides organisations with the reasons and means to engage with VRM-enabled individuals, to the benefit of both parties. Our service will launch as an application on the Mydex platform in late 2011.
Iain Henderson, CEO. email. twitter. Blogged remarks on joining the PDEC Startup circle.

Peer Craft Denmark https://www.peercraft.com/

Peercraft provides consumers with tools for user-centric and privacy enhanced management of their vendor related transactions and data.

Individually and collectively, consumers may let their data work for themselves rather than being exploited by todays 3-party data snoops.

The Peercraft service will be launched by 2011 Q3.

 

Or compare Identityedge http://www.identityedge.com/, Lifelock, Identityguard, trusted ID and ID watchDog at http://be-safe-online.org/comparing-identity-theft-protection-products/

Identity Hawk http://www.identityhawk.com/IdentityHawk(SM). Stop Fraud Before It Starts.

 

 

Identity Edge

good read about the "Tenets of Digital Trust"

 
Good thinking  http://blog.lockerproject.org/tenets-of-digital-trust

Authenticity is essentially the digital identifiers that are associated with someone and the confidence in whatever system generates those identifiers, that they represent the same person when repeated.

Verifiability is the degree of your ability to establish the authenticity of someone, either actually in person or via another trusted person or system.  It typically precipitates and helps build authenticity, and comes into question when something unexpected or important happens.

Security is the confidence in the integrity of the computing system both that you're using, and that the other person is using.  There's less trust when using public terminals or if suspicious dialogs happen on your own system, and equally so you wouldn't share something important to a friend who's using a possibly compromised system.

Transparency is all about user interface and messaging, it's how clear and consistent the tools and dialogs are in communicating what is happening.  It's about creating complete expectations and delivering within those without trying to hide anything.

Consistency is the complete experience over time and the most obvious one. Fundamentally, does the interface and do the identifiers create a predictable pattern that build confidence in someones digital experience.

Intel is focussing on giving users control of their data

Image001

Inspiring consumer confidence through data privacy legislation is the title of the post by David Hoffman. The full / original source is here

Essentially this is about new US law from Sen. John Kerry (D-Mass.) and Sen. John McCain (R-Ariz.) introducing the "Commercial Privacy Bill of Rights Act of 2011", which is aimed at protecting individuals privacy. David Hoffman, director of security policy and global privacy officer at Intel Corporation believes that federal privacy legislation is essential to individuals’ continued use of and trust in technology, and urges Congress to begin discussion of the bill, so we can establish such a framework of trust.  To which I actually have no major issue with the underlying ideals and principles.  Assuming these principles are : what is yours is yours and you should able to protect it. aka the digital locker,

and you should be able to chose how to share your data/ content and with whom and on terms you can control.

Here comes the complexity of the issues

As argued in this post - controlling your data controls the source but not the true value to the market.  Knowing where you are is important and so if offering control over it; but knowing what you want to do at that location based on analysis is where the market value is and because the analysis is based on an algorithm built by a company who use it to differentiate themselves it is protected by IP law.

Privacy allows you to control your location, but nothing here is about control of the analysis/ algorithm or what is implied or released by others about you based on their analysis of your data.  If you want to hide and protect this is valuable legislation, however if you want to add to a global community and help build reputation, identity, influence and authority - this will not help at all.

Digital locker vision misses the point - controlling data does not control the value

The Personal Data Locker Vision Video is from David Siegel @pullnews (professional) and @_dsiegel (personal)  http://thepowerofpull.com/pull/the-personal-data-locker-vision-video

 

I am not disagreeing with the vision, idea or concept but rather that controlling your data means you can control value.  This concept of a personal locker ignores reputation, influence and authority as I comment on in this post - however would it make sense to expand this vision to include the analysis of your data or not - the core issue being you probably don't have access to it.

 

As an elegant way of looking at some of my data - no issue! - enjoy

 

 

Rule 31 - make sure someone knows how to manage your digital estate after death

I have written a number of times on dealing with death and the relationship to your digital footprint

Rule 31 from my 31 new social rules for living in a digital age is about finding someone you trust to ensure that your digital estate can be managed.  Digital Estate Planning appears to be growing   AssetLock.netLegacy LockerDeathswitch.com  and

My Webwill  aim to address the issues raised  by enabling online users to securely store online information like logins and passwords to be passed on to relations after death - however you need to tell someone and  Excel does work as a cheap alternative.

On a related but different slant there is E-Tomb which is a solar powered tomb with bluetooth to enable relatives to visit your online profiles and memories after you passed away.

Image001

Tending to Your Digital Remains

Tending to Your Digital Remains is a dead interesting post on a topic I have asked the same question about – what happens when you die.

First you need to make sure you hand on the keys (passwords)

At least three companies — AssetLock.net, Legacy Locker, and the charmingly named Deathswitch.com — have arisen to keep customers’ passwords, usernames, final messages, and so on in a virtual safe-deposit box. After you’re gone, these companies carry out last wishes, alert friends, give account access to various designated beneficiaries, and generally parse out and pass on your online assets. Digital remains that are not bequeathed to an inheritor are incinerated, closing the book on PayPal accounts, profiles, even alternate identities (especially alternate identities: You don’t want your mother knowing about, or worse, playing, the wife-swapping giant badger you became in Second Life).

A second post on the same topic is Logging out after snuffing out  - which is much more about what happens to your digital data, domains and do you want appoint a digital executor to take care of online assets after death?