Now that the USA Freedom Act has been enacted and signed into law and the republic is, at least for the time being, safe, why stop there? Particularly in the wake of the hacking of Sony and the multiple credit card exploits over the last year or so, we should turn our attention to the ways in which private companies save and retain data.
Here’s a radical idea. The personally identifiable information that’s being gathered and retained by businesses from your phone company to Google or Amazon doesn’t belong to them. It’s the property of the persons who are identified by it. That includes names, email addresses, phone numbers, IP addresses, and geolocation information. There should be restrictions placed on the information they retain, how long they retain it, and the manner in which it may be retained. Just as an example, these companies have no excuse for retaining your information indefinitely in unencrypted form.
How’s that for a single step?
I like it!
I love it! Unfortunately, the marketing department of every major business hates it.
As I pointed out in the comments thread to James Joyner’s post reacting to mine, I’m just suggesting that the U. S. follow the OECD privacy guidelines. The U. S. is an outlier in this as in so much else and in the particular case of privacy I don’t think we’re an outlier in a good way.