Data intermediaries would act for the consumer rather than the organisation
Firms storing too much personal data
/v3-uk/news/1978980/firms-storing-personal
17 Oct 2008, Madeline Bennett , V3
A new type of intermediary is required to offer a secure way of storing and managing personal data in light of the recent spate of data breaches, according to analyst firm Burton Group.
Gerry Gebel, vice president and service director for the Burton Group's Identity and Privacy Strategies division, said that the huge amount of personal data currently being stored by organisations means the threats to that data will continue for the foreseeable future.
"The model we currently have means that organisations have too much data. In a typical e-commerce transaction, for example, the merchant wants to collect more information as the value of that transaction goes up. But then so does their liability and risk," he said. "There should be a change in that thought process."
Another example is the amount of employee data stored by companies, including for background checks, medical insurance and salary payments.
One possible solution is for companies to develop third-party data verification services, and act as intermediaries for e-commerce merchants and other organisations.
"If you take a typical e-commerce scenario, a company might want to carry out age verification and try to match the name, address and date of birth against that," said Gebel.
"If there were an intermediary who could vouch for the buyer's age, that is much safer for the merchant as they do not need to collect lots of data, and safer for the consumer as they are not sharing data."
Possible contenders to serve as data intermediaries could be communications providers such as BT or Vodafone, the Royal Mail or banks, according to Gebel.
"But they would have to operate in different ways to how they do today, acting for the consumer rather than the organisation," he said. "It could also be a new type of business that evolves, for example the next Amazon or eBay."
However, Gebel did not see an opportunity for this intermediary notion to be linked with the UK government's ID cards plans. In the past, it had been suggested that businesses would be able to use the ID cards scheme for employee authentication purposes.
"The UK government has such low credibility, both around ID cards and losing laptops. I do not see how they could do anything in the short-term; they first need to demonstrate proper handling of data."
Gebel was also concerned about the continuing problems with data breaches. " The fact that we are actually seeing more data leaks than ever is incredible," he said.
"Is it sloppy handling or incompetence? At this point you would expect government departments and companies to have improved their processes. Organisations need to change, as we have reached a precipice.
"But rather than more privacy laws being introduced, I would prefer to see the consuming public reacting in a way that punishes businesses and their actions, although that does not help with governments."
© Incisive Media Investments Limited 2010, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093
Do you agree?
Gebel must be a loonie!
Any BT customer who was recently the victim of the leaking of personal and private data via their forum must wonder if Gebel is a string short of a complete database record...
Another member of the BT forum concerned posted elements of one member's personal and private information in a forum posting to illustrate that he/she had seen it.
He says that he never met them and has never given them the information they posted. Worryingly, the data they have obtained can easily be linked to other information available on the internet in order to decide who he is and where he lives.
So, Gebel, perhaps you want to reconsider your comment about BT seemingly being trusted enough to provide such a service as the one this article is about?
Now before I leave, a little annoyed by the statement given the circumstances, I would also like to point out something further:
If BT had not run two secret, covert trials of technology to spy on their customers communication without permission and without a legal warrant to do so, then I would never have taken interest recently in what they have been up to.
Customers and owners of data should have the right to challenge anyone who loses such data in a court of law. BT is clearly inept and incompetent. The very idea that they could be tasked with the security of more data than they are already struggling with is utterly farsical!!!
Posted by Steve, 17 Oct 2008
Personal data
The problem is that Companies want to store far more information than they need to and for far longer than is necessary and that should be stopped. There is a culture prevailing at the moment that seems to accept gross invasions of privacy and an irresponsible approach to data storage - that's why BT is able to defend the indefensible phorm trials so successfully. As for proposing BT as a guardian of personal data I am left, perhaps fortunately, speechless.
Posted by Robert Hay, 18 Oct 2008
BT?
BT?
Their customer feedback forum is currently down because its leaking personal data left right and centre. BT ran the covert 'stealth' Phorm trials in 2006/7 without telling customers their private communications were being shared with a third party advertising company. And Youtube has several videos showing hacks for their Home Hub.
I'm not sure they'd be my first choice. Lets put it that way.
Posted by Pete, 17 Oct 2008
BT as a data guardian? Are you serious?
Are you seriously suggesting that BT would be a suitable choice for a data guardian?
This company that did covert trials of internet interception technology without telling its customers?
This company whose own customer forums leak email addresses like a sieve (and are locked right now because of that failure which has existed for months?)
Any BT customers reading this article must be having apoplexy. I know I nearly did.
But yes - we do need data guardians. I peronally wouldn't ask Ronnie Biggs to guard the Royal Mail. And in an entirely unrelated thought, it occurs to me that I might think twice before asking BT to guard my personal data. Or the government, or EDS, or the MOD, or the banks, or the Inland Revenue, or the RAF --- need I go on?
Posted by revrob, 17 Oct 2008
You couldn't have chosen a Worst Company if you Tried!
Having had an "illegal interception device" on my BT connection for 2 Years, courtesy of Phorm & BT I really don't think BT are fit to be proposed as a candidate to protect Online Data.
They cannot & are not capable of protecting their own Customers,& actively sell to other private companies Our Personal Data without Express Permission!
Posted by Jonah, 19 Oct 2008