Forget privacy, I want prizes

I've been having an interesting dialogue with Jacques Bayens re information usage versus privacy and intrusion after my blog about information as a competitive weapon yesterday.

The gist of Jacques point is that there should be limitations on data usage, as a bank pushing loan drugs to thirsty gamblers outside casinos is not a pleasant picture.

But it’s one that I think we live with, and will become even more pervasive over time.

Jacques feels this should be limited by user choice and law.

So what exactly is the state of the law in the UK on this?

Well, it’s mainly covered by the Data Protection Act which came into force in 1984 – a good year for data proection to be regulated Goerge Orwell would have said – and was updated in 1998 to harmonise with the EU Directive of 1995.

The main principles for data protection are:

• Data may only be used for the specific purposes for which it was collected.
• Data must not be disclosed to other parties without the consent of the individual whom it is about, unless there is legislation or other overriding legitimate reason to share the information (for example, the prevention or detection of crime). It is an offence for Other Parties to obtain this personal data without authorisation.
• Individuals have a right of access to the information held about them, subject to certain exceptions (for example, information held for the prevention or detection of crime).
• Personal information may be kept for no longer than is necessary and must be kept up to date.
• Personal information may not be sent outside the European Economic Area unless the individual whom it is about has consented or adequate protection is in place, for example by the use of a prescribed form of contract to govern the transmission of the data.
• Subject to some exceptions for organisations that only do very simple processing, and for domestic use, all entities that process personal information must register with the Information Commissioner's Office.
• Entities holding personal information are required to have adequate security measures in place. Those include technical measures (such as firewalls) and organisational measures (such as staff training).
• Subjects have the right to have factually incorrect information corrected (note: this does not extend to matters of opinion)

Great.

But it’s very tardy, loose and not necessarily monitored unless someone objects.

For example, even the courts have been fined for misuse of data when recycling court documents, and banks are well known offenders for leaving customer data in bags outside branches or gifting customer data to unauthorised parties and having to suffer the results ...

It’s something that has to be continually monitored and clamped down upon.

And yes, as just mentioned, it’s not really monitored unless someone objects.

And most people don’t object because they don’t suffer losses due to giving away their privacy.

OK, OK, some do ...

“More than 11.1 million adults in the U.S. were victims of identity theft and fraud in 2009, a record number that illustrates both the volume and sophistication of online hackers and phishers, according to financial services researcher Javelin Strategy & Research.

This 12 percent surge in new identity theft incidents translated into a loss of more than $54 billion by consumers and businesses, a figure that security experts predict will only increase this year and through the rest of the decade.”

And when that happens, it’s bad, but for most they don’t see the consequences.

This why we’re happy to take out loyalty cards for small discounts in our favourite stores.

Let them know what we’re doing.

Or happy to have firms call us with special offers.

Or mail us with deals.

Now, you can opt out of such service by using the telephone preference service for example, but even when you do that, yhou still leave yourseful massively exposed trhough Facebook and such like, a point I’ve raised often.

So the only way to really avoid being traced is to go completely off the network.

Oh dear, you can’t even do that ...