|
First and foremost, put severe restrictions on the use of SSNs by anyone but the IRS and SSA. No private company can use that number as a primary ID.
Second, enforce existing laws and enhance them for modern modes of surveillances. Many states have laws that make it illegal to tape a telephone conversation without the consent of all parties. The same sort of rule should be applied to video surveillance, email, etc.
Third, as consumers, we should have the unrestricted right to demand that companies do not store data about us beyond our purchasing and service usage history. This includes no SSNs except when required for IRS or SSA reporting, no data mining of outside sources without the express written permission of the customer, no renting, selling, or sharing of customer data without the express permission. Privacy policies should always include a summary chart like the reference charts for credit card terms to make it easier for consumers to pick companies based on the strength of their privacy policies.
I worked with confidential databases (public and private) for other 20 years. We had to scrub data from individual records if there was no informed consent document. We were required to strip individually identifiable data as soon as possible after merging data sources. We used algorithms to define unique study IDs and purged individually sensitive data from the main server. The decoder was kept off line and access was restricted. When the final report was approved, the decoder was sent to storage and kept for seven years, then destroyed.
On government sponsored studies, we were also prohibited by policy from doing cross-agency data matching at the microlevel. For example, if we were looking at the long term effects of a welfare to work program, a good source for measuring earnings would be the IRS or UI data, but there was no way we would be approved to access it as a third party vendor. This sort of brick wall happened routinely. It made it harder to do the work, but the confidential, private data on individuals was considered to be more important. From my experience I know that it's possible to respect privacy. -- it takes more effort and costs more to do so.
|