Sometimes a blog post pulls you up short. Ben Goldacre, respected journalist and a personal hero, recently made this blog post: What does the Sienna Miller / Virgin story tell us about data security?
Someone at Virgin Airlines has been selling information on the movements of celebrities to a paparazzi agency, allowing them to stalk people:
This illustrates one very important point about large databases:
When you give people poorly restricted, poorly audited access to an entire database full of information, you allow them to realise the full financial value of that data, for any of its imaginable uses.
This is often poorly recognised by the people running databases in large organisations (the suits rather than the dorks) and it has important real world implications that go way beyond one airline: think banks, hospitals, tax offices, and so on.
The sensible thing to do, of course, is (1) constrain access wherever possible, and (2) run audits of who has accessed records, to see if they had any need to for their job, and so on. But more than that, if you run a database, for any purpose, you should always be thinking: what value might this data, have outside of the purpose for which it was intended?
- A Social Business platform that lets them deliver Social Collaboration to their employees, their partners, their customers and the rest of the world, integrating with internal collaboration, knowledge management and business application platforms and with their external web site and public Social Networking services in an appropriate, controlled manner – delivering not just open knowledge sharing, but also appropriate access control and compliance monitoring tools.
- A Social Business adoption strategy that manages a cultural change so that employees know how to use these knowledge sharing tools and the information they makes available, in an appropriate manner, articulated in a transparent way that is clear to its customers and partners, as well as its employees.
Which are the core topics that I created this Blog to discuss, and of which I will explore other aspects in coming posts.[Note: This post is very Facebook focussed as it seems to be at the forefront of discussion in these areas, but the same issues apply to other online services like Twitter, LinkedIn, Flickr, YouTube, Pinterest, iTunes, Google, etc. Facebook also seems to be force to take a lead in terms of addressing these issues in order to evolve an acceptable economic model for financing its service, to position itself against new, innovative services, and to manage the parallel (and, inevitably, much slower) evolution of regulatory frameworks. This should not be taken to indicate that the issue is more important on Facebook than the other services – in fact, because the issues tend to be discussed more in the context of Facebook, there is probably more potential for users to fail to understand the issues with other services. It is the whole industry that is immature in this respect.]