While reading the book "Giving Voice To Values" recently, I began to wonder what a set of identity information values would be. After a prior employer exposed my sensitive personal information during a data breach, I was forced to learn about identity theft and fraud. That incident caused me to think about what information I need to protect, how to protect that data, and my expectations of employers, prior employers, and retail companies to keep secure my personal data.
By "values" I mean the things that are important to each of us; not necessarily current law (federal, state or local). For instance, smoking cigarettes is legal, but you may decide not to smoke. Your personal values guide your behaviors. Another person may decide to smoke cigarettes, cigars, and weed -- regardless of the laws. What you consider important, another person may not.
Values vary by person. Our values guide our behaviors; what we purchase. What we do. What we won't do.
I want to be clear. I am not advising readers to break the law. I am encouraging readers to seriously consider what your values are regarding your identity information. If you don't know what your identity information values are, you probably cannot evaluate if a retail company or social networking site meets your needs. You can't tell if that company is treating you well or abusing you. In short, you can't be an informed shopper.
By "identity information values," I mean what you consider important about the list of data items that describe you. your values guide what, when, and how you decide to share and protect your personal information. When I first started this blog, I compiled a crude list of the personal data companies, schools, healthcare organizations and government agencies compile about consumers. As technology advances, that list of data items grows.
Today, smartphone and other mobile devices can attached a geo-tag to photos and videos you take. Social networking sites ask you if you want to attach a geographic indicator to your posts or tweets. There are many more examples.
I think that we can agree that there is a lot of information we consumers can share about ourselves; and a lot of information companies can collect about us. To paraphrase a line from the first Spiderman film: "with great power, comes great responsibility." That may sound hokey, but I strongly believe it applies to personal identity information.
So, what are your identity information values? Here is a start at my list of identity information values:
- It better be accurate: I expect any identity information about me to be accurate. It should not portray or convey something that isn't true, unless I authorize it.
- Online profiles are not comprehensive: I don't share everything online, especially the most sensitive data items (e.g., birth date, SSN). So, don't assume that everything you read provides a complete view. It doesn't. And it never will.
- I read website polices: that includes the privacy and terms of service policies. So, they have to be accurate, complete, and current.
- I prefer opt-in: opt-out systems may be easier (and more profitable) for companies, but I prefer opt-in. If your product or service is so great, tell me about it and I will decide to register, sign-up, or opt-in. Don't include me automatically and force me to (continually) sign-out or opt-out. I view companies that use opt-out systems as lazy marketers whose business model is probably flawed. If you refuse, I will look to take my business elsewhere at the earliest opportunity.
- I expect to be paid: if you want to use my words, my image, or both in an advertisement, I expect to be compensated. As the economist Milton Friedman said, "There is no free lunch." If you really value my participation in your advertisement (online or otherwise), I expect to be paid since you expect your ad to generate revenue for your purposes. If you refuse, I will look to take my business elsewhere at the earliest opportunity.
- If you impersonate me, there will be consequences: if you pretend to be me, or assist somebody else to use my personal data pretending to be me and I did not authorize this action, you have made an enemy.
- I am the decider: I decide what information about me that is inaccurate. I get the final say or word about what is accurate about me, since I know myself better than any corporation, data broker, or data mining entity.
- I may share it, or not: I choose whether or not to distribute or share with others identity information about me. I may grant or give away that right to people I trust: doctors, lawyers, accountants, certain government agencies, and a few retail companies.
- There are consequences if you abuse it: if you abuse my identity information, use it in ways I did not agree to, decide in the future to make things public that we previously agreed to as private, or take/steal identity information I didn't authorize, then there will be consequences. I may stop doing business with your company, or take stronger action.
- I can change things: I can revoke any rights I have given to others to have, store, or distribute identity information about me. Just because I gave a social netowkring company some of my personal information today means that they can keep it forever, unless I agree to that.
- I expect companies to practice sound data security: when a company archives my sensitive personal information, it had better adequately protect it. If not, then you really aren't prepared nor trustworthy. If you promise that you are prepared, and then a data breach or similar event proves otherwise, I will take my business elsewhere at the earliest opportunity.
- Actions speak loudest: While what your company may comply with federal, state, and local law, if an offer or business practice looks or smells deceptive, then that is how I will view it. What a company does (or doesn't do) tells me more about its values than anything it says. Most companies have sufficient cash to hire skilled public relations staff, so its words mean far less. If I find that a company's actions conflict with or contradict my values, I will tell you, and expect a correction. If no acknowledgement and correction, I will take my business elsewhere at the earliest opportunity that is convenient for me.
What do you think? What's your list? Do you even have a list? Did my list miss anything?