On Secondary Use of Information

On Secondary Use of Information

In their enthusiastic charge to protect people from privacy invasion, privacy advocates sometimes get to focused on preventing the disclosure of information. He see bunches of client based tools, often browser plugins that warn people that they are about to submit personal information to web sites that don't have published privacy policies. Some of the more sophisticated tools will compare an end-user's preferences to a site's published policy and inform the user if the site policy is consistent with the user's preferences.

But focusing on preventing the disclosure of information isn't enough because people _want_ to disclose their information to companies, both electronically and directly.

This happens all the time. Just as two parties reach an agreement about the amount of money to be paid in exchange for a product or service, there is also an implicit negotiation about the personal information that will be exchanged as part of the transaction. If I want to subscribe to your magazine, then I have to give you my mailing address. In many cases, the disclosure of sensitive information is required by law and I have no choice in the matter. If I am going to buy sticks through your brokerage service, I will need to give you my SSN so you can report gains to the IRS.

Seth Godin's book Permission Marketing, opened my eyes to this phenomena. In the book, Godin argues, convincingly I think, that people will give you personal and sensitive information if you are totally up front about it and can clearly articulate the reason for collecting the information and the benefit that the end user gives them. Furthermore, he discusses in great detail the need to offer multiple levels of disclosure. During an initial contact with a company, a person might be willing to give you their address, but not their household income level. But later on, as the relationship between the customer and the company deepens, the customer may trust the company enough to disclose more detailed profile information in exchange for more services and benefits.

I had a recent experience that brought this home for me. I opened an investment account with Fidelity using their on-line web site. The website walked me through several steps where I entered a lot of information about myself. Most of it was the usual personal contact information plus my SSN. I accept the fact that they need my SSN for IRS reporting. But at one point they asked me for my Driver's License Number. That raised my hackles a bit. It seemed to me that a driver's license number along with my address would be almost as useful as an SSN for identity theft. So I balked at offering my driver's license number. This caused me to read the text of the page in more detail. On the page they clearly stated that they needed to collect additional information as part of requirements from the PATRIOT act to better establish identities of their customers and that was why the driver's license number was being requested.

Now, regardless of how I feel about the PATRIOT act, I felt better having known the reason Fidelity was asking for my driver's license. I would have felt better if Fidelity had stated that my driver's license number would be used for no other purpose and that they would delete my driver's license number as soon as allowed to by law. But in any case, the notice I was given put me at ease enough to continue opening the account. I decided that the value of the account was worth the risks associated with giving out my driver's license number.

What makes people worry so much about disclosing personal information is what happens to their personal information _after_ it's been disclosed. Bruce Schneier, in an essay published by the Minneapolis Star-Tribune , makes the same point:

Most of us are happy to give out personal information in exchange for specific services. What we object to is the surreptitious collection of personal information, and the secondary use of information once it's collected: the buying and selling of our information behind our back.

So the challenge for privacy advocates then is not how to prevent the disclosure of personal information, but how to establish agreements between the data subject and the data collector at the time of the disclosure about the purposes that the data may be used for and the limitations on secondary usage. I suspect that's a much more difficult challenge.