« January 2004 | Main | March 2004 »

1 posts from February 2004

February 20, 2004

Social Networks, Privacy Policy & Privacy Data Protection

I see several different areas in privacy issues of social network sites. these are just some thoughts.

- privacy policy:
some people are upset about the content of site's privacy policy. but it may be not the core issues. what important is how the site and operation organization is complying to its own privacy policy and how they manage it. then a queation is how to measure the level of compliance.

- damages to site's reputation and site's obligation to comply policy:
since businesses on the net popped up, there have been number of law suites on privacy matters. corps are learning that mishandling of user's privacy info is disastous to their biz and reputation. but what they don't know is how to manage the info.

- privacy policy in opration:
if managing privacy policy depends on human factors such as ethics, there's pretty good chance that the policy fails. to prevent this, there are technical measures such as encrypted data base, etc so called Privacy Enhancing Technologies. (yeah, I'm promoting PETs to gov with same logic)

- different values of personal info to differint group of data gatherers:
people feel threats about their personal information, but who are giving them such threats? gov? law enforcement? spy agencies? marketers? spammers? ID thieves? religeous cults? political campaigners? if you think values of the info, it's different to different groups.

- privacy info self defence by jamming
probably gov, and law enforcement are happy if they can get your name, living and work address, phone#. but marketers see more values in what you like and what you buy. and religeous cults want to know what is your religion. political campaigners want to know your political view. then, you may want to choose what types of info you want to reveal when registering. or you can put fake info and pseudonyms for more self defence.

- issues with USA PATRIOT
if the site had good privacy policy and good data control, but what will happen if the FBI comes to them with USA PATRIOT claims? this is real problem in site operators in the US. if the site operation has encrypted databases only allows original users to have decryption key, then may it be going into trouble?