What to do, What to do?
Over at Open Society Paradox, Dennis Bailey challenges me:
Emergent Chaos documents some problems but ends with a personal slam against ChoicePoint’s CEO. [Ed Note: Technically, we call that the “middle,” not the end.] What would Emergent Chaos have us do? Should we follow the Fair Information Practices and allow 300 million citizens to be able to verify their data? This may be manageable when you are talking about a single company. But what about the thousands upon thousands of companies that are holding personal data? What would be the cost for companies to start complying with new privacy regulations that would allow individuals to verify their data in company databases?
It’s a fair question, and I suppose the first question is “Who is us?” I’ve been deeply ambivalent about new laws. However, given what Choicepoint is now facing, I think that pursuing a Fair Information Practices driven approach, and pushing for their industry to do the same, may be one of the few ways that they can stave off legislation. But if us is the American people, it seems to me that 145,000 angry citizens have called their legislators and said “What are you going to do about this?” Unless the industry acts, and acts credibly, then there will be new laws. Not because of the blogosphere, but because of the democratic process in action.
What would the cost be? Its another good question. But what are the costs of not allowing access? It’s jobs denied, homes not bought, cars not financed, because of inaccuracies in the database.
I actually really don’t get this argument, coming from a fellow who talks about a need for a more open society. How are we going to have openness with closed databases?
Now instead of the Choicepoints of the world having to verify the data of a few thousand businesses, now they have to verify the identity of millions of individuals who are asking for access to personal information. For an identity thief this becomes a false identity paradise.
This argument has been raised against every privacy law ever passed. I’m not aware of any company, anywhere, having exited their business because of an inability to solve it. These companies have lots and lots of data about you, and can use it to ensure that (for example) only someone living at your address can get your records.
Or take the notification law. Does this really solve the problem? How many companies have their databases violated without even knowing about it? Would it make a dent in the number of cases of identity theft?
It’s about openness. It really does help people if they can get a jump on ID theft quickly. It may not prevent the crime, but it can limit the damage very substantially.
I’m working on a longer post about other things that can be done. It turns out there are some interesting opportunities.