Consider the story of John: a 36-year-old medical doctor who lives in San Jose, California. He got his first mobile phone in the early 2000s – like most people – and jumped into the “smartphone era” a couple generations after the first iPhone launched in 2007. He started to see fancy phones with large screens on top of tables as he sat for lunch with his work colleagues and thought it was time to discover what the whole fuss around apps was about.
Every morning, John plugs his phone into the car and programs his favorite GPS navigation app to guide him to the hospital, avoiding in real-time the traffic jams and accidents. On this particular morning, what is normally a 30-minute drive full of frustration has been quite satisfactory.
Earlier that morning he opened a letter from his car insurance company stating that his premium is now $25 lower per month for being a good driver. He doesn’t think about how they figured that out. Little does John know that the app that guides him to work is also collecting information about his acceleration, braking, direction and speed.
When aggregated, this data is very useful for detecting and predicting traffic jams, but it’s also worth quite a lot of money on its own. Money that insurance companies are willing to pay because most drivers are not as prudent as John.
As isolated as this incident may sound, the issue of companies having access to, packaging and selling its users’ personal information has far wider implications on our daily lives than we think. Despite the fact that many think they have nothing to hide, personal information leakage can have a huge impact on our day-to-day lives. It could be as mundane as how much we pay for items such as airfare, to being a determinant in our chances during a job interview. Many people may think that government regulation is designed to protect the basic human rights of privacy, but look at Kodak, which introduced instant permanent capture of our image in late 1890s. Regulation on the use and ownership of those images came much later and is still in its infancy in terms of effectiveness in the 21st century.
Much more worrying is that digital data itself is nascent, because the technologies we use to process it are as well. The unharvested personal data amassed by companies ranging from small, 10-people startups to multibillion conglomerates that we interact with daily can become accessible to the public or unintended parties at any time in the future, as records on the internet are permanent. Moreover, data that might seem meaningless now may become extremely valuable as we discover new ways to process and interpret it.
The challenge is not only about us willingly or unwillingly giving out these pieces of personal data; it’s about how well the companies and governments that hold it are able to protect it. In February of this year, Anthem – the second largest health insurance company in the US – reported the largest security breach in their history.
At least 80m medical records were stolen, including those of the CEO, containing not only extremely sensitive clinical data, but also full personal details, social security numbers, employment data and more. This amount of information is enough for a criminal to request a loan on behalf of an affected citizen at their bank, to blackmail any public figure with sensitive data in those files, or to cost billions of dollars in losses to the affected company.
However, it’s not a time to fear. Innovation should be embraced, even if it always presents new challenges as well. It’s our personal duty as citizens that care to begin taking control of our own data and holding accountable those in whom we place trust for hosting pieces of our digital life.
Stricter regulations and policies always come late (if they come at all), so education and self-awareness are the best weapons we have for this fight. It’s a fight worth winning if not for noble reasons such as the human right to privacy, at least for the selfish personal interest of every one of us.
The list below provides some helpful tools and tips you can use to take back control of your data and privacy:
- Not all encryption is equal
- Privacy in the mobile-first world
- 10 data protection tips for Data Privacy Day 2015
- Take the test: How secure is your business?
- What can you do when private data goes public? – video
Follow Chief Scientist, Devices Javier Agüera