Mobile mashing means more headaches
Jinfo Blog

15th September 2007

By Tim Buckley Owen

Item

Data mashing offers enormous opportunities for corporate information managers. So recent guidance from the Information Commissioner’s Office, called Determining What Is Personal Data http://digbig.com/4tpns should give food for thought. ‘Means of identifying individuals that are feasible and cost-effective, and are therefore likely to be used, will change over time,’ the guidance says. ‘If you decide that the data you hold does not allow the identification of individuals, you should review that decision regularly in light of new technology or security developments or changes to the public availability of certain records.’ So cleverer ways of adding value to data could turn what was previously anonymised material into means of identifying individuals – and that would bring it into the scope of data protection law. It’s a point coincidentally reinforced in an article in Science magazine http://www.cmu.edu/news/archive/2007/August/aug30_duncan.shtml by George Duncan, a professor of statistics at Carnegie Mellon University in Pittsburgh. Traditional methods of ‘de-identifying’ US Census records, for example – such as stripping away Social Security numbers or birthdates – are inadequate to safeguard privacy because a person who knows enough about the data pool could use other characteristics to identify individuals, Professor Duncan maintains. For example, he is the only person who holds a PhD in statistics and teaches in Carnegie Mellon's H John Heinz III School of Public Policy and Management, so any dataset that included that information, even with his name removed, could be used to determine his identity. Although you do admittedly need to know quite a lot about Professor Duncan to crack this particular piece of anonymisation, the scenario translates very easily to, say, a company that holds lots of information on customers and their purchasing habits which it exploits for business development purposes. At which point a further ingredient to bring to the mix is mobile computing. According to research commissioned by networking company Cisco and the National Cyber Security Alliance http://newsroom.cisco.com/dlls/2007/prod_082107b.html employees can be extraordinarily lax about data security when using wireless networks. Nearly three quarters of those surveyed said that they didn’t always consider security threats when working away from the office, and well over a quarter said they ‘hardly ever’ paid attention to proper security behaviour. At least a third of mobile users were prepared to use any available wireless network, in any country, regardless of security considerations, and shrugged off responsibility for their actions as well. ‘It's IT's job, not mine,’ said one. The buck is unlikely to stop with IT for much longer. With the merging of public domain information, internal resources and personal networking, it’s the corporate information manager who’s likely to be in the firing line next.

« Blog