Value your personal data



Just before the Australian Government was about to force us all to provide sensitive information to the ABS I started this article off the back of Anna Johnston's great piece on "Why I won't be filling out the census".

I was rudely interrupted when the Census site exploded in a hail of fire - eroding even more of my small confidence in their ability to manage my information appropriately. 

Anna had really valid external reasons of why we shouldn't hand over our data so easily (although we almost always do).

I agreed with many of her points and wasn't going to fill out the Census for privacy concerns.

But the main reason I wasn't going to do it is what Anna couldn't reveal was an internal real-world perspective on why you would be careful about  who you hand your data to.

I couldn't trust them.

In my view our Government has fallen very very low on the trust scale.

See one of my secret super hero powers is that I am privileged to have joint custody of the responsibility for the privacy of millions of Australians data and information. 

I am tasked with protecting information that in essence trumps what the ABS collects in many ways. It is the kind of stuff that allowed Target to know a teens pregnancy before her parents.

It really is powerful information.

Carefully defending the rights of the people who have handed over their information is no easy task but one that is taken, at least by myself and my joint conspirator extremely seriously. 

We are constantly vigilant in our protection or use of that information outside of what it was intended to be collected for. 

As Roy Batty said in Bladerunner: "I've seen things you people wouldn't believe".

It's not that people wish to steal the information or that we are constantly fighting off against cyber security threats - those threats are there, they are very real but they are really carefully managed and don't really happen in the way fear mongering occurs in the media.

IT Security teams are all over that. 

The reality is that there are three forces in battle acting on the information people hand over in this new data era.  

Businesses that want to use the data for financial or other gain, many who operate on the bleeding edge of data science, tracking and analytics. Data is a valuable asset and the more data that can be tied together the better. 

Business that have collected data for very specific reason and are open about why they get the data, for what reason and how it is used  Often this is a mutual exchange of value or benefit for both parties - i.e. you and the business. This data drives sales, allows better personalised service or helps make decisions. Nothing in life is for free but the value trade is generally innocuous. 

But what happens between these two forces is that there are people in the middle on but on both sides. Some people understand the consequences of handling this data poorly others do not, some people are after the data, some are protecting it and so on.

Generally the real threat is people making mistakes because they have not envisaged a long term, outside of the box or technically smart way of exploiting a situation or the use of data.

For example the Statistical Linkage Key that the Census would use to tie together your data. 

Data has become big business. It's very valuable and it has become like a game of data chess. 

And there is a gap opening up between people who know how to use and profit from data and the rest of us who do not. 

Keeping corporations on notice is important but we need to keep Governments on notice as well. 

Next time you are about to hand over data to anyone it is worth imagining - do they have ethically and morally driven people on the other side who are going to handle your data with care, protect it and ensure it is used properly?

If you can't comfortable answer yes then really consider if you should hand it over. (P.S. This should not stop you from giving me your data...)

My learning from the Census debacle is that the Government doesn't care about your data or what you think... See, you are legally bound to do what they say which is why it is difficult to trust them.

This position also means it is difficult for me to imagine someone incentivised on the other end at the ABS to protect mine or your data. They probably are, they probably have all the controls and protocols in place.


The more problematic things is that if the ABS couldn't keep the web servers up to collect the data for a day, then you need to ask the question: Do they have the right people thinking about how your data might be used in ways it wasn't intended for?