Social networking privacy – where are your details stored?
This post follows on from two previous social networking posts:
Interestingly, out of the eight sites that I looked at, six process and store data in the US, where data protection laws are notoriously lax compared to the UK. For a start, the Privacy Act first came into effect over 30 years ago in 1974, a time hardly comparable to today’s reliance on technology and online behaviour. However, many of the sites also adhere to something called the ‘Safe Harbor’ framework: “The European Commission’s Directive on Data Protection went into effect in October of 1998, and would prohibit the transfer of personal data to non-European Union nations that do not meet the European “adequacy” standard for privacy protection.” But adherence to Safe Harbor is on a self-certification basis and is voluntary. Its documentation states: “The United States uses a sectoral approach that relies on a mix of legislation, regulation, and self-regulation” rather than the EU’s “comprehensive legislation that, for example, requires creation of government data protection agencies, registration of databases with those agencies, and in some instances prior approval before personal data processing may begin.” Adherence to the Safe Harbor framework conveys that the adhering organisation ‘adequate’ protects data by EU standards. Issues covered include security (“Organizations must take reasonable precautions to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction”), sharing with third parties and data integrity (“Personal information must be relevant for the purposes for which it is to be used. An organization should take reasonable steps to ensure that data is reliable for its intended use, accurate, complete, and current.”).
I realise that social networking sites’ very purpose involves you being ready and willing to disclose your personal information online, but how much of it should you be prepared to give away when signing up? Sites need to ask for some pretty reasonable details such as name and email address, but do they really need to know whether I’m employed or what my postcode is? Surely that’s for disclosing to all and sundry online if I want to rather than upon registration? Also, none of these sites explain whether they use or store the information that you so kindly provide them with when you post new blog entries, upload photos or IM your friends.
Coming soon … Social networking privacy – inviting your friends to sign up
Random Posts
If you enjoyed this post, please leave a comment or subscribe to the feed and get future articles delivered to your feed reader.
Comments
“The question remains what can we do about it?”
David,
This might sound crazy, but I believe that in the future changing identity info (legally I mean) such as your full name will be done regularly by most citizens as a way to reduce the risk of identity theft.
The same way it is considered good practice to change our passwords often, will also apply to information that makes us who we are.
If you think about it changing your passwords often is a form of protection against identity theft. That’s because getting someone’s password allows us to impersonate the victim.
The only difference in the future is that more info besides passwords will be changed regularly (or at least encouraged!) as an attempt to minimize identity theft.
What is identity theft really; its just about knowing enough about a person or entity to assume that person. Social networks are the perfect breeding grounds for social engineering based attacks. The question remains what can we do about it?