Shostack + Friends Blog Archive


A downside to data warehousing

A long story in the New York Times ends:

Still, as Wal-Mart recently discovered, there can be such a thing as too much information. Six women brought a sex-discrimination lawsuit against the company in 2001 that was broadened this year to a class of about 1.6 million current and former female employees. Lawyers for the women have said that Wal-Mart has the ability to use its human-resources database to calculate back pay for the plaintiffs as well as to determine whether women were fairly promoted and paid. The judge hearing the case, which is pending in a federal court in San Francisco, has agreed.

The database is unusually detail-rich, said Joseph Sellers, a lawyer for the plaintiffs. “They’ve put into their work force database the information that bears on virtually every facet of compensation,” he said. “They have performance reviews, along with seniority, the time spent with the company, which store they worked in. So you can compare people working in the same store, to measure whether men and women are paid differently.”

There’s an distinction I use: Data protection is someone else promising to keep their information about me under control. Privacy is them not getting the data. I fully expect that one of the ways in which we will start to claw-back privacy from the companies that conflate these concepts is liability and compliance costs.

Collecting my social security number may well bring you under the Financial Services Modernization act (GLB). Store any health data on me, and spend big on HIPPA compliance. Don’t store that data, don’t incur those direct compliance costs or liability risks.