“Privacy is not something that I’m merely entitled to, it’s an absolute prerequisite.” — Marlon Brando
Bricks and mortar businesses are inexorably coming to the realisation that a substantial amount of their business value is intangibly trapped in information. For online businesses, practically 100% of their assets are made up of information and the most valuable of all happens to be related to individuals. Information such as visitor, member, and client contact details are eagerly captured by online companies. The deeper and more detailed it gets, the better it is for the online enterprise. The ability to create an accurate client profile is true power and online businesses know it. They fight tooth and nail to attract new members, sign up subscribers and remain in front of as many contacts as possible. Individuals’ contact information and whatever other identity-related data they can cram into their customer databases is precious and allows them to put a value on their company, even if that value is largely theoretical.
If companies go through all this trouble to get data, would it not follow that their executives would rather part with their coveted reserved parking spots before they consider allowing a single, hard-earned entry to be removed from their customer relationship management database? Absolutely! As long as the online businesses we deal with are subject to a privacy law based on the OECD data protection principles, we can count on the fact that limited retention is legislated and should expect our data to be purged from their systems after a ‘reasonable period of time’. What we should concern ourselves with is keeping track of all the data that is out there in detailed online and offline profiles. Social networking sites, email systems, other data sharing systems, e-commerce marketplaces and online auctions all try to build detailed profiles to allow for customisation of marketing messages, the likes of which deliver real value to online advertisers.
With the near complete penetration of the Internet across all age groups, we are increasingly likely to hear the term ‘digital estate planning’ (DEP) from tech-savvy lawyers. A search for this term yields a mere 70 hits on Google at the time of this writing, but give it a try in a year or two, and it be entrenched in the legal vernacular.
With our information now spread across dozens, perhaps hundreds of Internet sites and corresponding numbers of back-end databases, DEP is easier said than done. Social networking sites such as Facebook likely consider their early policy of ‘no deletion, only deactivation’ to have been a key driver of explosive growth as their user base shot past 100 million. Other sites that may have been more ethically inclined did not have the same opportunity to rekindle relationships with returning users. With global pressure to adopt data protection best practices, more and more firms are finding that they need to offer options for purging individual information from their systems.
The potentially vast amounts of information about deceased, Internet-active individuals may well turn into an insurmountable task for many, or an expensive task for a legal professional who wants to delve into DEP provisioning. Sites such as Hotmail, Yahoo! and Google all allow next-of-kin access to the deceased party’s information upon presentation of proof of death and proof of relationship, but a process needs to exist to manage all such related activities. Such a process can be based on a solid foundation of privacy legislation but, from the subject’s perspective, it must be consistent with existing best practices for password management and profile maintenance.
It is important to remember that information represents the building blocks of our identity and beyond the proper disposal of our data-based estate resides the very real threat of identity theft. That threat is real and has been for years. Husnain Kazmi is Vice President for Bank of America in Southern California. Kazmi says that in 2004 alone, some 400,000 checking accounts were reportedly opened in the US and millions of dollars in car loans were approved in the names of deceased individuals. This particularly effective type of identity theft is called ‘ghosting’ and most often occurs as a result of orphaned data being harvested by IT-savvy criminals looking to profit.
Governments need to step in and proactively install legislation that will protect citizens. Provinces in Canada, for example, are taking steps to establish privacy legislation around medical records. Many in the health care system view the legislation as crucial to the successful implementation of the Pan-Canadian Electronic Health Record (EHR) system under development across the country.
Following best practices is vital, but not enough. While the discussion is rather morbid, we must encourage clients and loved ones to exercise common sense when writing obituaries and safeguarding death certificates. Donald Kerr, Deputy Director of National Intelligence in America, is quoted as stating the following on the Office of the Director of Naval Intelligence website, “Too often, privacy has been equated with anonymity; and it is an idea that is deeply rooted in American culture… but in our interconnected and wireless world, anonymity – or the appearance of anonymity – is quickly becoming a thing of the past… we need to move beyond the construct that equates anonymity with privacy and focus more on how we can protect essential privacy in this interconnected environment. Protecting anonymity isn’t a fight that can be won. Anyone that’s typed in their name on Google understands that.”
We may all soon be in need of an internet-savvy, privacy aware, digital estate planner.