jueves, 21 de noviembre de 2013

From impersonal data to personal data

The appearance of new devices, the so-called Internet of the Things, is the cause behind the production of an overwhelmingly amount of information. This should not be a problem when the information is about the environment where we live (natural or man-made). The more information we handle, the better decissions we will be able to take. Nevertheless, the problem arise because a great part of this "things" are quite personal for us, and therefore the information connected to these devices could be classified as "Personal identifiable information" (PII).

According with the definition given by the National Institute for Standards and Technology (NIST), "Personal identifiable information" (PII) is

any information about an individual maintained by an agency, including 
  1. any information that can be used to distinguish or trace an individual‘s identity, such as name, social security number, date and place of birth, mother‘s maiden name, or biometric records;
  2. any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.
This definition is the basis to consider an IP address a piece of PII. Although the assignment of an IP address is not permanent, it can be established a connection betweeen this address and a person if we analyse other pieces of information handled by telecom operators.

Some pieces of information contained or linked to our personal and/or wearable devices are now starting to be used as the basis for new business models. Perhaps one of the best known cases has been the story around new London bins deployed last summer.  The company in charge of the maintainance of the bins offer you targeted ads as you pass close to them with your Smartphone. The ads are chosen based on information the company has captured about your Smartphone whereabouts, that has been compiled with monitor stations that observe which Samartphones are around. The way the Smartphones are identified is using its MAC Address, an element that until now has not been considered a PII.

It can be said, and the company responsible of the bins did it, that no person is being identified in this case, only Smartphones. But it is clear, at least for me, that it is possible to establish a connection between the person and the MAC address through the Smartphone whereabouts. What is more, due to the fact that the Smartphone is always close to us even it would be possible to link it to specially sensitive information about ourselves. For instance, it can be established that we have had a health problem because our Smartphone has been tracked in a medical cabinet.

But the case of  London´s bins is only the herald of thousand of similar cases. With the spreading of wearable gadgets, there will be not only more chances to be monitored, there will be also an enrichment of the knowledge about the owner of the gadgets and the possibilities to identify him. And this open the door also to more control of ourselves also in our work post, something that could be danger on the hands of some employers.

What we once thought impersonal data generated in the Internet of the Things is getting more and more personal. 

No hay comentarios:

Publicar un comentario

palyginti kainas