Guarding personally identifiable information
Guarding personally identifiable information
Posted Jun 12, 2017 19:33 UTC (Mon) by dskoll (subscriber, #1630)In reply to: Guarding personally identifiable information by Cyberax
Parent article: Guarding personally identifiable information
What do you mean, it doesn't say anything "about" you? How do you define "about"?
Your name doesn't say anything about you. It's just an identifier that (probably) your parents assigned to you. It might help someone guess at your sex, but even that's not foolproof.
Your marital status doesn't say anything about you. Plenty of people are single. Plenty are married.
Basically, you can define "about" as absurdly as you want to the point that no information is personal.
Posted Jun 12, 2017 20:18 UTC (Mon)
by nybble41 (subscriber, #55106)
[Link] (16 responses)
That's the thing, very little information _is_ personal on its own. "There exists a person with this credit card number." "There exists a person with this birthday." "There exists a person with this ethnicity." "There exists a person with this common first name." None of that is particularly personal; many other individuals share the same characteristics. It's only when multiple facts are aggregated together that one can start to draw conclusions about specific individuals—and that remains true even if the individual facts do not appear to be the least bit "personal".
We should not be looking at this as a question of whether a particular bit of information is or is not "personal data". The question is what conclusions can be draw from a complete data set, not one isolated fact. Trying to classify types of information as either "personal" or "non-personal" leads to the equally absurd position that _all_ information is personal, because _any_ form of information can potentially be used for that purpose.
Posted Jun 12, 2017 22:42 UTC (Mon)
by flussence (guest, #85566)
[Link]
People think they're safe leaving this information in public, and then things like this happen: https://medium.com/@CodyBrown/how-to-lose-8k-worth-of-bit...
Posted Jun 13, 2017 15:57 UTC (Tue)
by ssmith32 (subscriber, #72404)
[Link] (14 responses)
If that's not personal information, what do you define as personal information?
Posted Jun 13, 2017 21:43 UTC (Tue)
by nybble41 (subscriber, #55106)
[Link] (13 responses)
Here's a credit card number: 4024007129431648. Just from the number, what can you tell me about the owner's shopping habits or location?
Of course that number was fake, but the point remains: on its own a CC# says very little. To get shopping habits or location you would need to correlate it with other data about where and how the card was used. It is the connection between the CC# and this other data (e.g. order history) which is "personal", not the CC# itself.
Posted Jun 14, 2017 9:33 UTC (Wed)
by dgm (subscriber, #49227)
[Link] (2 responses)
Posted Jun 14, 2017 9:39 UTC (Wed)
by Cyberax (✭ supporter ✭, #52523)
[Link]
Posted Jun 14, 2017 12:58 UTC (Wed)
by paulj (subscriber, #341)
[Link]
Posted Jun 14, 2017 10:13 UTC (Wed)
by tao (subscriber, #17563)
[Link] (5 responses)
The information doesn't even have to be recent. Let's say I find 5-year old account info, with a CC used at two different sites. The former being "Explicit gay porn!" and the latter being "Reactionary Bible-thumpers united".
Now simply obtaining the CC:NAME tuple would yield pretty damn good material for blackmailing.
So yes, CC might not be a breach of personal integrity, but as soon as you have the CC:NAME tuple you're well on your way towards nasty integrity violations. This goes for all kinds of tuples of data; NAME:EMAIL, NAME:NICKNAKE, NICKNAME:EMAIL, NAME:FAVOURITE RESTAURANT, etc. A typical tuple would be <just about anything>:IP ADDRESS.
I always read the same set of webpages in the morning. I open them all at once. If you could track this + the IP-address you could easily find out that "Oh, tao is at the airport today" no matter which of my laptops I use, even if I use a brand new one, simply by recognising the pattern + the IP-address ("This address belongs to airport X").
Individual pieces of data are almost never personal information. A city, a gender, a CC number, a film. Even a license plate. But as soon as you can correlate the data "X lives in city Y", "X is of gender Y", "X owns credit card Y", "X likes film Y", "X has at some point driven car Y".
Enough data points will tell a story. Whether the story is the right one or not isn't always clear ("X has driven car Y" doesn't discern between "X owns car Y", "X borrowed car Y" or "X rented car Y", but finding out more facts about car Y might be enough to clear that up, without finding out anything else about X).
Some information might seem trivial; "X is male", for instance. But if you combine that with "X regularly buys women's underwear"?
Posted Jun 14, 2017 14:21 UTC (Wed)
by nybble41 (subscriber, #55106)
[Link] (3 responses)
Exactly. It's those connections which are personal, not the individual pieces of data.
Posted Jun 14, 2017 14:38 UTC (Wed)
by anselm (subscriber, #2796)
[Link] (2 responses)
But that doesn't mean that the individual pieces aren't worth protecting on their own, on general principles.
In any case, in practice if a cracker steals company XYZ's customer database, chances are that it will already come with people's names, street addresses, e-mail addresses, and credit card numbers nicely prepackaged.
Posted Jun 17, 2017 5:08 UTC (Sat)
by jtc (guest, #6246)
[Link] (1 responses)
I don't think that's particularly useful or practical, if you're talking about, e.g., protecting an individual CC#, street address, etc. I could, for example, take a walk around my neighborhood and write down a house's address, the license plate # of a car parked on the road, or look in the phone book and write down a phone number, etc.. I could then publish this information (with no other associated data), legally, on the internet and, of course, anyone else could do the same. That can't be prevented, which shows why it's not practical.
Furthermore, publishing such info without any other data to go with it (such as a name, or, worse [whether true or false] an accusation that the person owning the car/house/etc. committed a felony or a particular crime) is extremely unlikely to cause any harm to the person associated with that data (house owner, car owner, ...).
To extend my example to the point of absurdity, I could write in a blog: "somebody has heart disease and his or her doctor has recommended heart-bypass surgery" (As a matter of fact, I've just done that!). This is certain to be true for more than one person in the world right now. But since there's no identifying data to go along with this claim, it does no harm whatsoever.
Maybe this is not what you meant, but if so, what you meant is not at all clear, IMO.
Posted Jun 19, 2017 9:14 UTC (Mon)
by farnz (subscriber, #17727)
[Link]
Have you read up on Data Protection legislation (which is about to be beefed up by the GDPR)? It actually implements the sorts of protections we're talking about.
Posted Jun 16, 2017 15:50 UTC (Fri)
by Wol (subscriber, #4433)
[Link]
We had a classic case a few years back. Rape victims are supposed to be kept anonymous. But one newspaper printed a story about "a vicar's daughter" while another said "from Ealing". Both bits, in isolation, could refer to many thousands of people. Put together, the victim's identity was revealed almost instantly.
Cheers,
Posted Jun 14, 2017 12:20 UTC (Wed)
by hummassa (subscriber, #307)
[Link] (3 responses)
If I have the access to the Visa/Master/AmEx database (even hacked, dated versions of it), you bet I can. Try posting your real CC# in this forum and you'll see.
Posted Jun 14, 2017 14:17 UTC (Wed)
by nybble41 (subscriber, #55106)
[Link] (2 responses)
You're making my point for me. To get any personal information you need those databases, not just the CC#.
Posted Jun 19, 2017 12:07 UTC (Mon)
by hummassa (subscriber, #307)
[Link] (1 responses)
Posted Jun 19, 2017 15:01 UTC (Mon)
by nybble41 (subscriber, #55106)
[Link]
Agreed, but the point still stands. You can't get anyone's shopping habits or location from just a credit card number. When combined with additional information, sure, but not from the number alone. It's not the number itself which is personal, but rather the web of connections linking the number to other (likewise individually non-personal) pieces of data.
Guarding personally identifiable information
Guarding personally identifiable information
Guarding personally identifiable information
Guarding personally identifiable information
Guarding personally identifiable information
Guarding personally identifiable information
Guarding personally identifiable information
Guarding personally identifiable information
Guarding personally identifiable information
Guarding personally identifiable information
"But that doesn't mean that the individual pieces aren't worth protecting on their own, on general principles."
Guarding personally identifiable information
Guarding personally identifiable information
Guarding personally identifiable information
Wol
Guarding personally identifiable information
Guarding personally identifiable information
Guarding personally identifiable information
Guarding personally identifiable information