<EM>Andrew Want:</EM> Keeping a watch on Big Brother

Andrew Want

Anyone travelling in the United States recently couldn't miss the headlines reporting two of the biggest data security breaches ever discovered.

Specialist data brokers Lexis Nexis and Choicepoint revealed that personal biographical records of almost 500,000 Americans had been illegally accessed and details stolen.

These two huge examples of identity theft, although unrelated, renewed public concern about the issue and triggered a wave of law reform proposals.

New Zealanders and Australians enjoy a level of real privacy protection that Americans don't.

Our privacy laws prevent the sale or transfer of personal information without the individual's consent except under tightly defined circumstances.

In the US, where the trade in private data developed before the creation of laws to control it, no such general ban exists.

Europe is more advanced in its thinking about these issues, but in New Zealand and Australia, there is no reason we cannot do better.

The privacy commissioners in New Zealand and Australia have mandates to protect individual privacy and to balance those protections against society's need for efficient government and business.

The commissioners can investigate breaches of privacy laws following complaints from consumers. This protection has worked reasonably well, but the rate of increase in society's use - and criminal misuse - of electronic information is outstripping the regulatory framework.

One of the big issues for our century is the exponential growth of electronic information.

The volumes of data now held by Choicepoint and Lexis Nexis will be dwarfed in the near future. And wherever there are large quantities of data, there is risk as well as opportunity for consumers, regulators, politicians, business, and information managers.

Data storage is doubling every 12 to 14 months in Australia. By 2007, Australia will be storing 176,000 terabytes of data each year, up from 36,000 in 2003. That roughly equals an additional 176 million copies of the Encyclopedia Britannica added to stored data every year.

Some of this data is depersonalised - MP3 files, timetables, archived newspapers and books and the like - but much of it relates to individuals.

We are moving into a world where everything - financial products, health records, plane tickets, your right to social security benefits, even your identity - exists at least as much in its digital as its physical form and where your biographical identity is the key to social and economic participation.

The tensions between the free circulation of information and speech (freedom of information) and relative anonymity (freedom of identity) have never been so stark.

Data commerce is here to stay. Our expectations as consumers and citizens demand that businesses and governments pass on the benefits of efficient electronic information sharing. Yet, at the same time, our democratic right to define who we are and how we are recognised has never been so important - preserving it remains the antidote to the Orwellian nightmare of 1984.

The tension between these two conflicting forces has been highlighted by the US data theft in America.

Into this wound pour a huge wave of 'cures', among them proposals that data specialists should be banned.

America is now awash with proposals from legislators for tighter controls, as data specialists seek to reassure consumers that their economic identity is safely held and security controls are adequate.

Legislation can only achieve so much. Specialist data management organisations are the bankers of the information age.

Banks evolved in earlier times as custodians of value - a relatively safe means for individuals to hold money in its various forms and to share the cost and risk of that security.

In our modern world, digital information is a key source of value and the development of modern economies requires the development of "information custodians" - organisations specialising in holding and managing sensitive data.

Just as best practice in the operation, governance and regulation of banks has evolved over many decades, the models for governance and regulation of data specialists will need to evolve.

There will be inevitable trial and error as society debates the balance between freedom of information and freedom of identity.

We can build a better balance between freedom of information and freedom of identity.

But rather than depend on legislators to do all the heavy lifting, business and consumers can make a start themselves, and this can happen right now.

I have three suggestions. First, business can help by placing a premium on earning and holding the trust of consumers. Assisting individual consumers to monitor information held about them, seek corrections, make complaints and exercise their rights is a good start.

Business can supplement individual rights by recognising the legitimacy of consumer interest in data quality, accuracy and security, and by engaging with consumer organisations that represent these interests.

Specialist data custodians, such as my organisation, have a higher responsibility.

As the information economy develops, we must find and promote ways for consumers to take a more active role in the oversight of the data we hold for and about them.

It should be possible to build valuable relationships directly with consumers themselves.

 

We must find ways to shorten the distance and build more direct links between the consumer and his or her data.

Second, consumers themselves must take greater responsibility by checking and correcting their own data. Very few people do this.

Our experience reveals that of 2.2 million New Zealanders who have credit records, only 32,000 a year check them.

Of 14 million Australians with records, only 200,000 a year check.

For a 21st-century information society, this just isn't enough.

Checking their own data will help consumers pick up inaccuracy and, even better, restrict identity theft.

Consumers can also make much better use of their own data in an information economy, for example by using it to negotiate better interest rates in a credit application.

Third, parliaments and governments can act too. Reform of privacy laws in coming years will need to deal with the reality of massive data growth and create a regulatory environment that enables society to realise the benefits of the information economy while ensuring individuals can protect their private details.

Making this balance a practical reality will require the capabilities of specialist data custodians.

Regulation of data specialists needs to move from fearful, prescriptive regulation, to regulation that recognises that technology is not the issue.

Technology is neutral and actually assists the development of our society and our economy.

The issue is how society can optimise the benefits and manage the risks technology provides.

The pay-off for business? Winning and keeping the trust of consumers and the recognition and support from society of business's right to grow and prosper.

And for all of us? The fruits of an information democracy.

* Andrew Want is managing director of the credit information company Baycorp Advantage.