July 16, 2019 at 12:00 am
Comments posted to this topic are about the item The Changing Nature of Data
July 16, 2019 at 10:52 am
I would argue that in the UK that even the linkage between a person and an address is not private. If you are registered to vote you will be on the electoral roll. You can opt out of the open register though. If you don't then you will appear in the open register which is available for anyone to buy.
https://www.gov.uk/electoral-register/opt-out-of-the-open-register
July 16, 2019 at 12:43 pm
I have to disagree with the author. If you aren't paranoid about security/privacy (which converge in this matter) you aren't doing due diligence. Addresses being a case in point. I like the "linkage, not address" is private data POV, I think that's a wonderful insight.
The problem is any information, used creatively, isn't something you want the bad guys to have. That includes the simple fact you exist. Our society's current security mindset is based on the antiquated notion of how difficult information about a person is to acquire. In the 19th century this was a perfectly valid approach. Information was siloed and guarded. Compiling information from public sources was literally too difficult to be practical, especially on a large scale.
Now, of course, not so much. But everyone is still acting like it's the 19th century. Governments, businesses, private citizens...
Add to the fact that information aggregation is a multi-billion dollar business (*cough* Google *cough*), businesses don't care to spend money on security (*cough Facebook *cough*) and you have our current problem and ham-handed government backlash like GDPR and its brethren.
Here's a thought. Make it illegal to store PII. I'm not talking about over the top things like names, but why does every business want my credit card number? Sure, it's convenient to not have to type it in every time but is that convenience worth the potential of being bankrupted? Or having my credit score (and that's another topic you shouldn't get me started on) ruined?
After all, what you don't know you can never give away!
To those who answer businesses need that info for analysis I answer BS! I do not exist to offer any business competitive advantage. I do not exist to allow others to profit from information that they scavenge from my giving them money for goods they possess.
While a magazine may need my address to deliver said magazine to my home why does Facebook need it? Further, why does Amazon need it? Surely I can give it to them for each delivery? They don't need it in between deliveries. I don't want advertising from them. I don't want constant harassment, tons of paper that ends up in the landfill. If I want to know about their special offers I'll go to their website and look!
Can you tell I haven't had my caffeine yet? (laughing)
July 16, 2019 at 1:09 pm
This year, I became eligible for US Medicare; I am still working and on my employers health plan and declining Medicare B while I'm working. But I've gotten email from two different insurance companies, one that I never heard of. From the one that I never heard of and it said in the subject line, "Thank you for your interest" and in the body, it mentioned that I had expressed an interest in their Medicare product. Um, no; that is an outright lie. I never heard of them before, so how could I have expressed an interest in them? The other emails were from a well known insurance company and at the footer of their email, it said "You are receiving this email because you expressed an interest in our products." Once again, I am not signing up for Medicare B or other supplemental plan, so that is also a lie.
I hate to think that the Social Security Administration is providing insurance companies with email address and telephone numbers. But they probably do. I don't answer my home telephone if it is not a recognized number; leave a message.
July 16, 2019 at 2:12 pm
Just wanted to make a note that Google already had to blur out houses and the likes in Germany before GDPR came into effect.
Or if you want to look at it the other way around: German law told Google's Streetview it's not a good thing to do, no f*ck was given back then except for specifically requested deletion requests.
Looking at what happens in Vienna: We told you so, it's not that good of an idea to generally crawl a country for information.
Now GDPR is in effect, let's find out when the next lawsuit will s*it the hell out of Google, literally looking forward to it. You don't have to understand everything they might be doing or not with Street View, just that you cannot understand it is worth sueing until the public knows definitely.
My guess by then would be everyone would be sueing Google, doesn't take much to correlate BSSIDs, GPS Data, Street View and a few searches from that Building in order to be able to perfectly identify at least up to household level individuals by last name, just takes someone to prove them doing so - yeah I do pray for that.
July 16, 2019 at 3:58 pm
I'm very ambivalent about this issue. I certainly don't think that an address, by itself, identifies anyone. At my old job the clients we served were almost guaranteed to never be at the same address on December 31st, as they were on January 1st. It's the nature of substance abuse; that population tends to be highly mobile, changing addresses several times during a 12 month period, up to and including sofa surfing or sadly, living on the streets. The odds of you identifying anyone even knowing who they were and where they lived on January 1st, later on December 31st is practically zero.
And the other thing about identifying a place by its street number address is, I find, very helpful at times. For example, I am unfortunately a very light sleeper. And I live in the suburbs. I have been awaken at 2 AM by a dog barking 2 doors down, in the street behind me, on a very cold November morning. I do NOT want to get out of bed just to walk around the street corner so I can find the address of the house where the offending dog lives, so I can report it to the police. I much rather bring up Bing Maps/Google Maps/whatever-your-flavor-of-maps app is, with the house number on the picture of the top of the house, to identify the house number when I call the police to report the disturbance. At the end of the call I still don't know the name of the people who live in the house; I'm more concerned with reporting a noise violation of a city ordinance.
Kindest Regards, Rod Connect with me on LinkedIn.
July 17, 2019 at 1:51 pm
For a highly selective and sensitive database, something like AIDS patients or voter records, address should be protected. Not only can it be used in conjunction with other public databases to identify people, but it reveals where the people live.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
July 17, 2019 at 2:01 pm
For a highly selective and sensitive database, something like AIDS patients or voter records, address should be protected. Not only can it be used in conjunction with other public databases to identify people, but it reveals where the people live.
Here's an interesting thought. It might not even be impractical. Since A) it's the linkage of person and address that's a problem and B) in cases of limited purpose (like an AIDS patient database) where addresses are themselves sensitive, what about creating a generic address database and linking to that? For example, including every single address in the city where the facility is located, or the entire country. 🙂
Hide the needle in a stack of needles!
July 17, 2019 at 2:52 pm
Now that's an interesting idea, Roger. Imagine we could easily store every address in an area, or maybe a whole host of fake addresses that we don't even link or use elsewhere. Not sure it provides extra security, but if you had the whole domain, maybe it would.
July 17, 2019 at 2:58 pm
Now that's an interesting idea, Roger. Imagine we could easily store every address in an area, or maybe a whole host of fake addresses that we don't even link or use elsewhere. Not sure it provides extra security, but if you had the whole domain, maybe it would.
I believe Eric was concerned that the address table consisted of nothing except the addresses of AIDs patients (or whoever) and thus the address itself was sensitive information. After all, there are many different ways of finding out who lives at an address in the public domain.
But if the address table included every address in the city/country then it no longer reveals which addresses are for patients. Thus it's no longer sensitive as it doesn't reveal anything the bad guys didn't already know.
July 17, 2019 at 3:17 pm
Eric M Russell wrote:For a highly selective and sensitive database, something like AIDS patients or voter records, address should be protected. Not only can it be used in conjunction with other public databases to identify people, but it reveals where the people live.
Here's an interesting thought. It might not even be impractical. Since A) it's the linkage of person and address that's a problem and B) in cases of limited purpose (like an AIDS patient database) where addresses are themselves sensitive, what about creating a generic address database and linking to that? For example, including every single address in the city where the facility is located, or the entire country. 🙂 Hide the needle in a stack of needles!
I don't know if you noticed it, but you solved the problem by compounding the problem. If you link ANYTHING to said generic address list... it isn't generic anymore, and the associations now reveal who's there. Using the example before, even if the MEDICAL repository didn't actually do the linking to whoever is at that address, if any marketing database did on any other service, data aggregator services still will detect the link.
There unfortunately is no innocuous version of this.
Not to be blunt about it but this particular type of scenario has already happened. some medical/country-wide healthcare initiatives in the last decade have pushed for the emergence of "state registries" of patients and their conditions, and thanks to what's been made available to pretty much anyone who is running a medical test can access that content including name and address, without getting the patients' permission to access said content.
----------------------------------------------------------------------------------
Your lack of planning does not constitute an emergency on my part...unless you're my manager...or a director and above...or a really loud-spoken end-user..All right - what was my emergency again?
July 17, 2019 at 3:28 pm
roger.plowman wrote:Eric M Russell wrote:For a highly selective and sensitive database, something like AIDS patients or voter records, address should be protected. Not only can it be used in conjunction with other public databases to identify people, but it reveals where the people live.
Here's an interesting thought. It might not even be impractical. Since A) it's the linkage of person and address that's a problem and B) in cases of limited purpose (like an AIDS patient database) where addresses are themselves sensitive, what about creating a generic address database and linking to that? For example, including every single address in the city where the facility is located, or the entire country. 🙂 Hide the needle in a stack of needles!
I don't know if you noticed it, but you solved the problem by compounding the problem. If you link ANYTHING to said generic address list... it isn't generic anymore, and the associations now reveal who's there. Using the example before, even if the MEDICAL repository didn't actually do the linking to whoever is at that address, if any marketing database did on any other service, data aggregator services still will detect the link. There unfortunately is no innocuous version of this. Not to be blunt about it but this particular type of scenario has already happened. some medical/country-wide healthcare initiatives in the last decade have pushed for the emergence of "state registries" of patients and their conditions, and thanks to what's been made available to pretty much anyone who is running a medical test can access that content including name and address, without getting the patients' permission to access said content.
Ok, I'm confused. The linkage has to be in the patient record, not the address table itself. By itself, the address table is not distinguishable. So unless the actual patient table is available, no sensitive info is exposed.
Or are you saying that the patient table is exposed, because that's what it sounds like you're saying?
July 17, 2019 at 3:28 pm
My take on it is that the nature of data has never changed. It's always been private data and people are just now having their feet held to the fire for it.
I'm thinking that, thanks to a recent personal event, it's much worse of a problem in the USA than even I imagined. I recently had a medical episode that required me to start taking blood thinners. I called my Dentist to tell him that I'd have to hold off on some major work he was doing for me.
The other day he gave me a call and told me that he sent a fax to my doctor to request medical clearance for work to continue. Here's the rub... I never told him which hospital I went to nor the name of my doctor. How in bloody Blue blazes did he get that information???
Major Whiskey Tango Foxtrot here.
It also brings up another question though. Why is it that every new doctor I visit has me fill out paperwork that asks the same bloody health history questions over and over? Again, Whiskey Tango Foxtrot? Considering what my Dentist was able to pull off, why can't there be a common repository of that kind of information that I can provide authorization to access to new doctors?
Like I said, nothing has really changed with data. Stupidity and ignorance still abound. The only thing that has changed is that some people are being fined and some people are getting rich because of it.
--Jeff Moden
Change is inevitable... Change for the better is not.
July 17, 2019 at 3:58 pm
Matt Miller (4) wrote:roger.plowman wrote:Eric M Russell wrote:For a highly selective and sensitive database, something like AIDS patients or voter records, address should be protected. Not only can it be used in conjunction with other public databases to identify people, but it reveals where the people live.
Here's an interesting thought. It might not even be impractical. Since A) it's the linkage of person and address that's a problem and B) in cases of limited purpose (like an AIDS patient database) where addresses are themselves sensitive, what about creating a generic address database and linking to that? For example, including every single address in the city where the facility is located, or the entire country. 🙂 Hide the needle in a stack of needles!
I don't know if you noticed it, but you solved the problem by compounding the problem. If you link ANYTHING to said generic address list... it isn't generic anymore, and the associations now reveal who's there. Using the example before, even if the MEDICAL repository didn't actually do the linking to whoever is at that address, if any marketing database did on any other service, data aggregator services still will detect the link. There unfortunately is no innocuous version of this. Not to be blunt about it but this particular type of scenario has already happened. some medical/country-wide healthcare initiatives in the last decade have pushed for the emergence of "state registries" of patients and their conditions, and thanks to what's been made available to pretty much anyone who is running a medical test can access that content including name and address, without getting the patients' permission to access said content.
Ok, I'm confused. The linkage has to be in the patient record, not the address table itself. By itself, the address table is not distinguishable. So unless the actual patient table is available, no sensitive info is exposed. Or are you saying that the patient table is exposed, because that's what it sounds like you're saying?
I'm actually saying both. You really cannot start linking to any "generic" content as you had with the addresses, without whoever might have the "lower sensitivity" invariably starting to publish their data WITH the linkage to said generic items. Then you start publishing crime statistics at that location, and tax records, and whether annoying phone calls come from said address, of what the caller ID might say there, and ... the linkage is made. once that starts happening every aggregator service know how to knit all that together.
I'm also saying that the sensitive content around patient records got a severe drop in "sensitivity" when someone watered down the barriers set up in HIPAA and related initiatives by adding state medical registries tot he mix with VERY low standards as to who can access. As said before you don't even need the actual address tied in, but the phone number or name and age are there, so it's still enough to make the link
----------------------------------------------------------------------------------
Your lack of planning does not constitute an emergency on my part...unless you're my manager...or a director and above...or a really loud-spoken end-user..All right - what was my emergency again?
July 17, 2019 at 4:03 pm
One design pattern is to separate the PII database from the operational database using a service oriented architecture and that PII database could even be hosted by a 3rd party MPI (master person index). That way, even if the hacker who breached the database can decrypt or bypass the encrypted columns, they won't have (or shouldn't have) the security token needed to access the MPI service. It would be similar in concept to a small clinic or law firm using a service like DocuSign to archive all their documents, so they don't have all that paperwork lying around the office, but taking it to the next level and outsourcing the MPI. No operational data (ie: medical or voting history) is contained in the MPI; it's just an index of names, addresses and other contact info similar to what Reuters maintains.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
Viewing 15 posts - 1 through 15 (of 20 total)
You must be logged in to reply to this topic. Login to reply