Thursday, December 11, 2008

Personal Data Expiry

Today the Dutch technology Magazine Emerce published an interesting article on privacy and expiration date of personal data:

It's time for marketeers, banks and other institutions to consider the disposal of personal data says Tom Kok of the DDMA. According to Tom not all collected data is always needed to serve customers.

"There must be a principal discussion about the clearance and clean up of databases. Actually I prefer talking about a clean up duty. That discussion is not limited to one single sector, such as Direct Marketing but across multiple sectors."

This is said by a former CEO of a Dutch insurance company, FBTO and former D66 Party Chairman Tom Kok in an interview with Emerce. Currently he is the chairman of the DM-DDMA organisation.

Read the Google translation of the full article here, or the original Dutch version here.

The DDMA is a Dutch Direct Mail branche organisation which also launched a new privacy code recently, effective January 2009. I think this is a very important issue. We leave tons of personal data all over the web, often without thinking, or without remembering. These bits and pieces can be pried together quite easily and lead to identity theft.

Just recently I was confronted with this issue when I received an update from Fortune City, where I registered an account in the early 90's. I haven't used that account since 2001, but they still have my data and just recently send me a mail to keep their records up to date.

Same goes for domain registration. I received an email earlier this month by a US Based registration company with the offer to renew a domain registration. The specific domain name was registered by me in 1997 when I was thinking of setting up a business directory on the internet and ended the registration in 2000. I registered with a completely different company, here in the Netherlands, but the email I received this month contained my full address and all sorts of personal detail. Okay, they didn't know I had moved, and I sure as hell didn't tell them, but it's been over 8 years, and still my personal data lurks in dark database corners across the ocean.

It doesn't take an expert in computer forensics or information security to piece things together and sell your identity for a couple of bucks on a Russian site. So first and foremost, think about where you leave your private data in signing up, secondly, the industrie needs to take a first step to clean up obsolete data a lot sooner than 8 years but eventually a whole new concept of identity management needs to be applied to the internet and online identities.

Labels: , , , ,