Open data or privacy breach?
- It seems that one person's open data policy is someone else's privacy breach. Can the tech industry resolve the conflict?
As the UK's national tax agency, HMRC, discovered over the holiday weekend, that often makes it difficult to do the right thing. There was outcry as HRMC plans emerged "to release anonymous tax data to third parties including companies, researchers and public bodies."
For government bodies in particular, there's a lot of public sensitivity about what happens to the data collected about all of us in the course of their activities. But there's also pressure on them to get value for money in the way they operate — and a government strategy committed to "opening up government data to boost entrepreneurship, economic growth and accountability".
So on the one hand, public servants are encouraged to abandon their old habits of official secrecy and make as much data as possible available publicly. This is seen as a driver of commercial innovation, convenience and even prosperity. At the same time, they are castigated if they fail to realize the full commercial value of data, as happened when the Royal Mail was privatized along with its national postcode database.
But on the other hand, they have to weigh up the risks of being assessed as "borderline insane" for such actions — this was the verdict of David Davis MP, a senior Conservative MP and former home secretary, on HMRC's plans for releasing anonymized data for commercial purposes. He went on to tell the Guardian:
"The officials who drew this up clearly have no idea of the risks to data in an electronic age. Our forefathers put these checks and balances in place when the information was kept in cardboard files, and data was therefore difficult to appropriate and misuse.
"It defies logic that we would remove those restraints at a time when data can be collected by the gigabyte, processed in milliseconds and transported around the world almost instantaneously."
It seems one person's open data is somebody else's data privacy breach. Getting the balance right between these apparently conflicting priorities is an important challenge that digital enterprise — whether in government or in the private sector — needs to come to terms with. It may take a bit of myth-busting first.
Headline writers in the popular media eagerly exploit our perception of the Internet as a wide open space frequented by bandits and miscreants. When the Internet industry prevaricates about personal privacy rights or takes liberties with the 'big data' it collects about our online activities, it feeds those fears. Whereas in truth our data is mostly a great deal safer online at a cloud provider than it is in a typical enterprise data store (witness HRMC's embarrassment a few years ago when a motorcycle courier delivered a CD containing several million taxpayers' personal information to the wrong address).
I empathized with those involved in the recent case of NHS healthcare data that was uploaded to Google's cloud services for analysis. NHS data sold to consultants and uploaded to Google servers screamed the headlines (oops that was us, but Derek's report was a balanced account).
I'm sure it would not have aroused the same controversy if the data had been 'uploaded to Azure' — thanks to its eponymous search engine, the name Google is one that we associate with instant discovery of information by anyone. But of course that's different from using Google's cloud services under a proper security regime.
The point here is that public perceptions are important. The technology industry eagerly promotes all the advantages of data collection and analysis but is less good at recognizing and allaying public fears.
I can't help thinking about Benioff's toothbrush — the digital device that keeps his dentist informed about the Salesforce.com CEO's brushing habits and oral hygiene. He's excited about the potential benefits but there's also a story to be told about protecting that personal data — making sure it doesn't reveal his whereabouts or health issues to outsiders who would misuse the information.
In the Internet of things, people and customers that the tech industry is instrumenting around us it's important to acknowledge that we are also individuals and citizens and to ensure our rights are respected.