Archive

Posts Tagged ‘databases’

On Being Personally Identifiable

September 15th, 2009
No comments

The Electronic Frontier Foundation has an informative article called What Information is “Personally Identifiable”? I was surprised to learn that if I know your gender, zip code, and birthday, there’s a high likelihood that I know exactly who you are.

Gender, ZIP code, and birth date feel anonymous, but Prof. Sweeney was able to identify Governor Weld through them for two reasons. First, each of these facts about an individual (or other kinds of facts we might not usually think of as identifying) independently narrows down the population, so much so that the combination of (gender, ZIP code, birthdate) was unique for about 87% of the U.S. population. If you live in the United States, there’s an 87% chance that you don’t share all three of these attributes with any other U.S. resident. Second, there may be particular data sources available (Sweeney used a Massachusetts voter registration database) that let people do searches to bootstrap what they know about someone in order to learn more — including traditional identifiers like name and address. In a very concrete sense, “anonymized” or “merely demographic” information about people may be neither.

Coaching moment: Think of how many grocery store, membership applications, and online accounts have your name, zip code, gender and birth date. Many of the contractual terms that we agree to when we apply for these services make reference to how the company plans to use their data. In some cases, they claim to use “aggregated data” which does not identify us by name. However, if we put a few of these databases together (you know this is happening, right?), there’s a lot of data available about us. Specifically.

Think about who is asking for your data, and what need they might have for it. I encourage you to think more critically about your data sharing practices. It might not be safe to think that anonymized data stays that way.

[del.icio.us] [Facebook] [LinkedIn] [Ma.gnolia] [Technorati] [Twitter] [Email] More »

records, tools , , , , ,

Getting to know you

August 20th, 2009
1 comment

National ID cards and programs are problematic at best, and an ongoing nightmare for citizens and visitors alike when the programs are poorly designed. The U.S. government has made earlier attempts at developing such a program, which have failed. However, the dream lives on in the minds of certain government officials and representatives.

The Electronic Frontier Foundation (EFF) has been following these efforts for years. EFF’s Richard Esguerra has a post, PASS ID: REAL ID Reanimated that offers an informed look at the latest effort to create the next version of a national identity card.

The PASS ID Act (S. 1261) seeks to make many of the same ineffectual, dangerous changes the REAL ID Act attempted to impose. Fundamentally, PASS ID operates on the same flawed premise of REAL ID — that requiring various “identity documents” (and storing that information in databases for later access) will magically make state drivers’ licenses more legitimate, which will in turn improve national security.

An ID card is only a small part of the picture. The government program that supports the card is where the devils live. I recommend to you Bruce Schneier’s testimony to the Senate on why this whole idea is seriously flawed.

Coaching moment: Have you ever filled out a form for a new service, at a web site or store, where the form asked for information that they might not have needed for the transaction you were seeking? Long forms that ask a lot of questions about you, your preferences, your income, and other personal information, are unnecessary. If you’re just buying something, why might the vendor need your income, your birthdate, or any information about other family members?

The fact is that they often don’t need it. They’re collecting information about you because they can, and because you might volunteer it. Even when certain information is marked as “required,” it might be in your best interest to think twice about doing business with companies that would be so invasive and demanding.

Treat your personal information on a “need to know” basis. What that means is don’t give out more information about yourself than you think the companies need to know in order to carry out the transaction. If the company or form require more information than you’re comfortable giving, think hard about your future well-being as a trade-off for today’s discount. Your mindfulness is a low-cost insurance on your future.

[del.icio.us] [Facebook] [LinkedIn] [Ma.gnolia] [Technorati] [Twitter] [Email] More »

friends/family, future, history, records , , , , , , , , , , , , , , , , ,

Your Health Records: Are they really YOURS?

June 22nd, 2009
2 comments

Let me start with three stories illustrating why you might care about having access to and control over your personal health records:

  1. Fred lived in Florida. As he was elderly, he had a regular care provider that he saw for his health needs. As was customary, the health care providers maintained a file of records for each patient, including Fred.

    One day Fred went to see his family in New York. Fred woke up one morning and was feeling quite ill, so his family took him to the local hospital where Fred was admitted to the Emergency Room. Fred’s doctors in New York needed to have access to Fred’s prior medical history and medicines in order to provide proper diagnosis and care. However, when the New York doctors called the Florida doctors for copies of Fred’s records, they were denied access. The Florida provider’s office told the New York doctors that they would only share the records with the patient in person, and that if the patient was unable to fly back and get them, the Florida providers couldn’t help the New York doctors–even if all parties knew that Fred was in the emergency room.

  2. Keisha and Bob lived in a nice house. One day a natural disaster struck their neighborhood and devastated many of the houses, including Keisha and Bob’s. As natural disasters strike suddenly, Keisha was seriously harmed and was taken away to another county’s health care facility for treatment. Bob knew that Keisha was taking medicines for some condition, but Bob had been away recently and had not heard what Keisha’s condition was or the names of the medicines. Also, Bob knew that Keisha had just changed their health care provider but didn’t yet have an identification card for the new insurance plan. Bob could give permission for medical care, but did not have the proper information to assist his wife.

  3. George had been diagnosed with cancer of a mysterious kind. The first oncologist suggested that George undergo certain tests, which he did. The second oncologist interpreted the tests for George. A third doctor prescribed medicines. George’s cancer did not abate, and he was referred to a specialist at a different hospital. George got additional tests and additional medicines. However, because George was ill he did not remember that he was taking medicines prescribed by the other doctors, so George was over-medicating himself. That made George really sick. After some months of going round and round, George got so sick that he called 911 for an ambulance, which arrived to find George unconscious. The ambulance doctors had no way of knowing what might be wrong.

In each of these cases, accurate and informed care could be provided to the doctors if they could get access to existing medical records.

HeathDataRights.org is a site that can tell you more about this and why it’s important. Here’s their FAQ. The basic idea is this:

  1. Have the right to our own health data
  2. Have the right to know the source of each health data element
  3. Have the right to take possession of a complete copy of our individual health data, without delay, at minimal or no cost; if data exist in computable form, they must be made available in that form
  4. Have the right to share our health data with others as we see fit

I endorse these rights. I hope you will join me in talking about this important matter.

Coaching moment: You are represented in many ways. For example, there are several databases that include information about you, including databases maintained by your bank, your employer, and your health care provider(s). The medical records that pertain to doctor’s appointments, past surgeries, current medicines and allergies, and other forms of health care could save your life.

If something happens to you and your medical care providers can’t get access to your data, what would you do? What would you like to see happen? Is this information about you really yours?

[del.icio.us] [Facebook] [LinkedIn] [Ma.gnolia] [Technorati] [Twitter] [Email] More »

future, history, records , , ,

Who Knows You?

March 11th, 2009
1 comment

This is an ad from a couple of years ago that Microsoft Digital Advertising Solutions ran.

It’s stunning to see such a clear visual representation of just how out of touch advertisers can be with us. Databases are being compiled by our every move, our every transaction, our every query. The databases are used and sold to assist corporations who wish to manipulate and shape our needs and beliefs (as in, we need their products).

But do we really?

Coaching Moment: What would life be like if you could choose whom you wanted to share information with, which information you wanted to share, and under what conditions the sharing would occur (for example, the duration of their access, or no storing of your data)?

We are not there yet, but there are people working on developing such “user-driven services.”

[del.icio.us] [Facebook] [LinkedIn] [Ma.gnolia] [Technorati] [Twitter] [Email] More »

future, records, tools , , , , ,

How much of your identity do you own?

November 14th, 2008
No comments

Credit card companies (Visa, Mastercard, et al) have long held that they own your purchasing data. It’s your purchase but it’s their data. Moreover, they can buy/sell/trade/compile/organize/use it in any way that makes them a profit (providing it’s not explicitly illegal).

Similarly, the telephone companies consider the phone numbers you dial and the numbers from people calling you to belong to the telephone company. That’s why they can charge you extra for publishing a “caller ID.”

At the Internet Identity Workshop I attended earlier this week, some people were pointing out that your fingerprints are not really yours either. They are considered “public” because you leave them all over. Your fingers are yours, but as far as using prints for identification they’re more akin to, say, a signature.

What other little bits of you are you leaving behind for others to own?

Coaching moment: There are people who have been working for years on each side of this problem. The efforts are still early, but some of the people I met at the IIW conference are working on ways to let you take control of some of the bits of “you” that you leave behind. Watch this site for more information.

[del.icio.us] [Facebook] [LinkedIn] [Ma.gnolia] [Technorati] [Twitter] [Email] More »

history, records , , , , , ,

Switch to our mobile site