Identity, Privacy and Dataveillance (II)

The TJX data break-in has gotten the Boston press all a-twitter about data privacy, so we get this great discussion of some of the fundamental disconnects that seem to underly the problem: We’re helping the hackerspdf

There is no doubt that the true victim in identity theft is the individual, who must bear the worry, cost, and aggravation of fixing personal data and finances. But in many cases, the legal victim is the institution that was attacked and robbed of their data. This fact only underscores that we do not own our personal data. The institutions with which we do business own our information and, in their practices of storing and sharing such data, expose millions to the consequences.

[…] The problem perhaps is best illustrated by the fact that pornography has more legal protection (copyright) than anyone’s Social Security number. Too often the problem of identity theft is considered a failure of technology, but the true failure is that neither culture nor the law recognizes personal data should be owned and controlled by the individual. [….]

Sadly, this writer’s solution to the problem illustrates exactly why this one in so hard — the solution is meaninglessly impossible to achieve:

Consumers, it is up to us. Think of the benefit of shopping your corner store where their database is maybe a paper notebook and their service is friendly and effective. Shred your credit cards; both your mailbox and bank account will thank you. Get yourself and your kids off social-networking sites. Peer pressure was bad enough when it was the size of a classroom; don’t make it the breadth of the Internet.

Related: this letter to the editor (pdf); ask yourself how the direct marketing associations might react to such a proposal:

With regard to TJX Cos. and the latest breach in security to threaten consumers, I am disgusted that retailers such as TJX feel they are entitled to keep my credit card number and personal information in their databases (“TJX facing customer complaints,” Jan. 20 [pdf]). Once the retailer has been paid and the transaction completed, there is no need for TJX to keep that data. It is time for the public and our lawmakers to demand that this practice stop. My credit card number and personal information are personal. They belong to me and to the bank that issued the card, not to retailers.

See Turow’s Niche Envy, Solove’s The Digital Person and O’Harrow’s No Place To Hide.