The white lies you may want to tell when asked for your personal data.
We Produce More than 2,500,000 Gigabytes of Data Every Minute!
Living in the data age is both fascinating and terrifying at the same time. With the recent events at Facebook and the constant threat of hackers, it makes one think about privacy and how much data is really out there on me?
The amount of data generated, collected, stored, processed and transmitted around the world is staggering. Massive amounts of data, now and forever forward, will influence our lives for the better and for the worse.
As I sit in my airplane seat, Row 9 Seat A, I look around me and contemplate the data represented by every individual. What is our data footprint? In the moments leading up to my flight we collectively contributed about a gigabyte to the worldwide storage of data. Listed below are the things I personally added.
My Uber ride to the airport included the following records; starting point, destination, route taken, credit card transaction, receipt, my snapshot of that receipt and upload into my expense account.
GET INSTANT ACCESS
Download the RescueVault Demo!
No Credit Card Needed!
Simple, hands off, daily backup.
I purchased a meal in the food court that generated a transaction record in the point of sale that got copied to a corporate server somewhere.
I then sat down in the terminal where I really began to rack up some data. I opened my smart phone with social media apps on it that track where I am, what I click on, what I post and what I like. Some less privacy oriented apps also listen to my microphone creating even more records. Clicking on a link to an article sends me to a web page where a cookie is set in my browser and my activity is tracked and recorded. My IP address, my Facebook name and other bits of data flow freely into the databases of marketing companies where it lives indefinitely.
This is Life in the Data Age
So, what does all that mean? It means as Americans we have become desensitized to our complete and utter loss of privacy. We think nothing of giving up our name, email address and credit card data to anyone who asks and we also give them the right to use that data as they see fit. It would be one thing if the data collected were to be used exclusively for marketing to me, unfortunately it doesn’t begin to end there.
Car Shopping is Already Painful
I recently purchased a used vehicle to be shared by my twins. The day I bought it, the car dealer asked me for my social security number. Apparently paying cash for a car can raise an eyebrow with both the IRS as well as the DEA and the dealer was only complying with federal regulations. OK, I am a good citizen, so I complied. I also gave my drivers license and all of its secret bits of data. I also had to provide my insurance card as well. Up until this point I felt this was all necessary evil that goes along with the unpleasantness of buying a car.
It was the next thing that started to get me agitated. The dealer then asked me to sign a paper allowing them to check my credit. I strongly protested saying I am paying cash and don’t need credit. The response from the salesperson was that they still had to do it for all transactions. I said I won’t sign and they moved on to the next document which was a privacy document. The title of the document said PRIVACY right on the top. It should have said, "NO PRIVACY" .
We have all seen something like this at a doctors office mandated my federal law around how your medical records can be used. For those of use that spend several hours a day reading documents, the temptation is always there to skim the document to understand the intent and sign. This was a rainy Saturday morning and I had yet to be fatigued so I decided to sit back and read the fine print. I read the page in disbelief. It essentially was asking me to sign away my privacy rights for all of the data they had collected from me. They wanted the right to share (sell) my credit report, my social security number, name, address phone, to their marketing partners.
After I also refused to sign this document, the dealer looked stunned in disbelief and astonishment. Apparently, she had never heard of anyone refusing to sign. This wasn't in her training and she really had no idea what to do.
The sales manager quickly realized there was trouble in one of the cubes and came over to assist. I explained my concerns and he did his best to explain how they never would actually do what the paper said they fully intended to do.
I then asked for my cash deposit back and told them I would gladly take my business elsewhere and resume the painful search for a decent used car. At that point the dealer reluctantly gave in. Now, did I think that by not signing the paper I somehow prevented them from doing exactly what they intended to do? Not in the least! In fact, I believe they have no contingency plan at all for someone like me who refused to sign away my data. So, they took in my data and processed it with all the others, me with some meager sense of self-richeousness intact but my personal data exposed even more.
Does the EU Have it Right?
In Europe there is a new privacy law that goes into effect on May 25, 2018 called GDPR (General Data Protection Regulation). This law is very serious, complex and as ambiguous as it is aspirational. It is based on existing German law that provides protection for each person to maintain control over how their data can be used including the collection and storage and ultimately disposal.
In the U.S., we truly have few real privacy laws. Once we share our data, it belongs to the person collecting it. Now, if they have a data breach, they may be subject to some weak state privacy law that might require them to provide credit monitoring for a year, but these types of data breaches are hard to detect because we lack the ability to correlate privacy data about things other than credit cards. The credit card companies have been able to build advanced detection capabilities to identify a “common point of purchase” based on fraud statistics. They can pinpoint where a group of compromised credit cards were all commonly used in order to point a finger a merchant or processor who may have been hacked. All of the other data is often hacked with potential for being detected. Even if the company that stored it knows they were breached, unless they have very strong ethics, it is unlikely that it will ever be reported.
In Europe, they are actually enforcing and auditing for GDPR compliance and implementing fines that could be as high as 4% of the company global revenue. The assumption here is that this will help protect individuals data. This will, at best, bring only slight improvement. It does however begin to help shed light on the problem of the U.S. mindset.
I believe that this is a step in the right direction, but for those of use in our middle years, our data footprint is so broad that I have little hope of ever having control of our data.
My message is a simple one. Trust no one and question everything. If pressed for data you know you are not legally required to give, LIE.