Recently, I received a letter in the mail from a company I have never heard of. The letter has some alarming news to disclose. It's also a standard letter that any American has probably received more than once in our lives.
The company apologizes for having lost my personal data in a recent data leak.
Don't worry, the letter writer continues, because we're paying for two years of subscription to some kind of monitoring program.
Receiving this letter unnerves me for the wrong reason.
Why is my data found in the database of a company I have never heard of, much less patronized? Do companies now keep "shadow profiles" of everyone, rather than just their customers?
Yes, I'm well aware that industry has always paid for databases of prospective customers - people who are likely to become customers but aren't currently. In the past, these databases contain only contact information and basic demographics but not sensitive data like driver's license numbers or social security numbers.
The letter came from an auto insurer, who says they leaked my driver's license number (among other items not disclosed). Not only am I not a customer, I don't even own a car. Any decent predictive model should have rated the chance of getting my business to be an outlier event.
The letter explains that someone was able to steal my license number by using their "online quote form and application process". How does that even work?
What's more, a driver's license number is one of those personal data that can only be lost once. It's like a password except we can't change it willy-nilly. The damage of losing this type of data is immeasurable, much more serious than, say, losing a credit card number.
***
Think of your data as having different degrees of mutability.
- Data like your date of birth, your ethnicity, and social security number are immutable. Once any organization leaks it, your privacy has been permanently violated. Most of the time, they only know that their servers have been breached, and sometimes, who did it but once the data exit the servers, it's impossible to trace and delete all copies of it.
- Data that are effectively permanent. A driver's license number belongs to this category. In theory, one can move to a different state, making the stolen number obsolete. For most of us, our residential address is semi-permanent. If you're a homeowner, it's more immutable, until you move.
- Data that can be changed with a price of inconvenience. If our cell phone number or email address gets stolen, we are free to switch it. However, rewriting these data causes inconvenience. We have to let everyone else know about the change.
- Data that can be easily changed. Credit card companies have figured this one out long time ago. The minute your credit card number is lost, they issue you a new one. You may still get penalized later, for example, when your old credit card number bounced for a subscription.
- Data that are temporal. What book are you reading? What's your favorite movie?
A sensible data privacy policy ought to take the degree of mutability into account. The harm to people differs by what type of data is leaked.
The value of immutable data is far higher than data that can be easily changed. This also makes them more desired. One hopes that the penalty for losing such data is sufficiently high for businesses to make real efforts at safeguarding the data.
Comments