Do We Need an FDA to Protect Our Data?

It’s time we take data protection out of the realm of futility and treat our vital data like a food or a drug that needs serious oversight and safeguards.


You Can't Detect What You Can't See: Illuminating the Entire Kill Chain

On-Demand Webinar

(Page 1 of 2)

There's a government agency you may have heard of, the Food and Drug Administration, that's charged with ensuring that the food and drugs you put in your body are safe to ingest. In general, most of us think the FDA isn’t just a good idea, but an absolute necessity in a rough and tumble commercial market with too many opportunities for misrepresentation, fraud, and life-threatening criminal activity.

Meanwhile, in cyberspace, the applications and services that make use of your data have no such regulatory agency overseeing their activities, despite being a rough and tumble commercial market with too many opportunities for misrepresentation, fraud, and life-threatening criminal activity.

So, in case you haven’t figured out where this is all leading, I pose the following question: is it time for a regulatory regime that makes sure that the myriad online uses for private data – from credit cards numbers to genealogies to our LinkedIn or Facebook profiles – are actually designed to ensure the safety of that data and us, the nominal owners of those data?

I ask this question in the face of the enormous growth in free online services that are effectively capturing individual data and… well, what they do next is the problem.

Let’s take my favorite, LinkedIn. LinkedIn is a member of an industry group called TRUSTe (no relation to Wall-E, apparently) that guarantees your privacy, and claims to give you, the consumer, a place to go to complain when something goes wrong with your privacy and its data. More on the wealth of claims TRUSTe has processed in a second.

I’ve always worried about the LinkedIns of the world, which are largely providing free services in the hopes of one day becoming a real company with real revenues and a real business model. This dose of reality is something that the investors could force on such a company at any time, particularly in a recession like this one: get me some revenue, or else.

And with “or else” being a potential asset sale, one guess which is the asset that the LinkedIns of the world have that’s really worth something. Try saying it with me: the data I gave them when I signed up for my free account.

Faced with the reality of someday having to make a buck, what I find intriguing is how much valuable information they are collecting about business contacts and business relationships, and how little any of us know about what they are doing with that information.

(To be fair, LinkedIn seems to be doing some very useful networking, and I am told its revenue-producing job postings are top notch. But the consensus seems to be that the revenues aren’t anywhere near what a company with almost $100 million in VC money needs to be generating to set it up for a decent exit for the investors.)

Like everyone else in the market that is collecting gobs of free data from customers – and that includes everything from Facebook to eBay to Craigslist – the protections for those data are suspect. Much of this has to do with very sketchy language in terms of service and privacy policies that seem to be written with the intent of driving a revenue train through a web full of gigantic loopholes.

To whit: LinkedIn’s privacy policy has some vague assurances about never copying “personally identifiable information,” without ever defining what that actually means.

Does it mean that any information about me that I post in LinkedIn is private? Probably. Does it mean that information about my contacts are private? Well….. Not sure, but a literal interpretation of the term makes it very easy to say that most if not all of my contact data is not “personally identifiable information, ” insofar as Steve Jobs’ private email address, were I to have it, doesn’t identify me in the least. Though it would really piss Steve off to have someone realize the commercial value of that email address in a service like LinkedIn.

I’ve re-read LinkedIn’s privacy policy about five times, and this distinction between “personally identifiable” and everything else isn’t clear. Nor is the issue of my social network and its connections. My name, rank and serial number are private, but is the graph of my LinkedIn network private too?

Page 1 of 2

1 2
Next Page

Tags: Facebook, consumer, privacy, LinkedIn, policy

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.



IT Management Daily
Don't miss an article. Subscribe to our newsletter below.

By submitting your information, you agree that datamation.com may send you Datamation offers via email, phone and text message, as well as email offers about other products and services that Datamation believes may be of interest to you. Datamation will process your information in accordance with the Quinstreet Privacy Policy.