Thursday, June 26, 2014

I Control the Keys to my Castle of Data

So much of our data is spread across systems all over the world. Whether it be Google, Microsoft, Apple, Yahoo, NSA, CIA, IRS, and so on. Your personal data is everywhere.

What private companies do with this data is normaly for purposes of profit. So whatever data they can sell to third parties or provide better marketing in your search results. This data is VERY valuable. Typically your private data is protected but any systems can be hacked.

When it comes to government agencies the story is different. They are collecting data, sometimes with your permission and sometimes without, for purposes of control. This could be "good" or "bad". Ranging from your DMV records to emails captured that could be opposition to a government.

The bottom line is that we have no control over this data at all. It's a permanent record that could possibly have long term consequences in our lives.

Here is what I suggest. That as individuals we have two sets of keys kinda like a safety deposit box at a bank. You have one key and the bank has the other. Both keys are needed to open your box.

So now all your private information can be stored on all of these systems and some pieces of the data can be accessed without both keys. But the very private and uniquely identifying data cannot be accessed without your half of the key. Plus I suggest that you can expire data as well or change your key every so often to make that old data inaccessible forever.

Let's put this to practice... Let's say you go to school and the school tracks your progress and even tracks all of your learning disabilities, medical records, home address, phone numbers, information on your parents/guardians, etc. This information is mostly necessary to the school administrators to ensure your safety and improve your experience in the learning process. Problem is that this data should only be accessed by certain people and not all the data needs to be accessed by each administrator.

You could limit this access by providing your half of the key when needed. This way if your teacher needs to access your home number to call your parents they need your permission. You would delegate just that access for that one time by approving a request for access. This approval process could be through your smartphone, an email, or even a pin number on the teachers computer.

The point is that you have control of your data. Who accesses it, how much data they can see, and where. Same would go for medical records, financial records, your emails, phone calls, as well as all your private information online.

To implement this will take time and cooperation. Systems will need to be in place to encrypt this data and then allow you to approve access. Gateways will need to be setup to allow systems to make these requests. Very much like a payment processing gateway for credit cards.

The mindset of who owns our data needs to change too. We own our data. Those collecting and holding it do NOT. They need our permission to use it and identify to us what it will be used for.

In the end WE have control of our data! So when the next system gets hacked and all of your personal data is in there. The hackers have worthless bits and bytes without each individuals keys to their castle if data.

No comments:

Post a Comment