Personally Identifiable Information

As a Records and Information Management (RIM) professional, and a librarian, I’ve always been concerned about keeping private information protected. When working in RIM, I’m constantly evaluating the sensitivity of the information I’m managing to ensure proper safeguards are in place. Typically this entails defining different levels of sensitivity (e.g., secret, top-secret, etc.) for the business documents. Once established we then determine who is allowed access to each levels.

I have to confess that managing personally identifiable information (PII) is a completely different story. On the surface, PII seems obvious and assigning a sensitivity level should be straightforward. About 10 years ago, I would have only considered protection for obvious PII such as names, birthdates, gender, address, social insurance/security numbers, government-issued identifiers, etc. However, the way different data points about a person are now used to determine their likes/dislikes or influence how s/he may vote have really broadened the definition of PII.

So much information is collected, known and unknown by users, PII needs to be expanded to incorporate other factors. For example, when I first blogged about big data I learned that people could be “outed” (i.e., identified as LGBTQ) based on their interests and other “non-personal” data points. Data was analyzed to reveal patterns, preferences, and behaviors, all without a specific admission of being one way or another.

Recently Europe’s new General Data Protection Regulation (GDPR), which goes into effect on May 25, 2018, has been in the news. Essentially the regulation focuses on protecting personal data, which is defined in Article 4 (1) in the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 as:

“(1) ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; “*

As technology changes, it’s important to reframe and contextualize our definitions. Now including things like genetics or cultural identities as personal data seems appropriate, especially considering how powerful data analytics have become. It’s easy for companies to create profiles from PII that may not initially appear to be specific, but taken in conjunction with multiple other data points can actually be quite revealing. But in order to protect it, we have to first be able to define it.

 

 

*Eur-Lex: Access to European Union Law. “Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).” European Parliament, 27 April 2016. Web. 21 May 2018.

Virtual Assistant or Virtual Spy

I last wrote about virtual assistants and using voice commands almost two years ago (Google Home). Since then, the quality and options have gotten much better. Now when I verbally dictate a message, the transcription is near perfect. This is likely attributed to a combination of the system getting used to my voice and improvements made to the technology.

Now that I’ve mastered dictating all kinds of things into my phone, the next step would be to invest in a virtual assistant, like Google Home or Alexa. Like most new technological advances, I’m both creeped out and fascinated at the same time. My first reaction was complete aversion to having yet another device hooked up, synced, and monitoring me in my home. We’re always being forced to make decisions between Control and Convenience.

In addition to my specific voice commands, I want to know what else the device will be listening to? How easy will it be for somebody to hack into it and listen to what I’m saying, or send their own commands? When I first heard about virtual assistants, which all require some kind of command (e.g., “OK, Google”) to notify the device that you’re ready to give directions, it never occurred to me that the device would stay on all the time. I assumed it would be the voice command that activated the virtual assistant, but if it wasn’t alert and ready, how would it register the command was given.

In one sense it’s like voluntarily putting a surveillance device in your home. A recent article in The New York Times, titled “Hey, Alexa, What Can You Hear? And What Will You Do with It?”  described some of the other uses being considered when one engages with a virtual assistant. Some of the options discussed included having the device listen for keywords in conversations to tailor advertisements.

I have to confess that once I started thinking about using a virtual assistant, I considered many scenarios when hands-free voice commands could be useful. For example, I like listening to the radio or podcasts while I’m cooking or cleaning in the kitchen. While washing the dishes the other night, I realized I had forgotten to turn on the podcast first. My hands full of suds, I looked longingly at my smartphone wishing I could utter a few words to automatically start the podcast.

The Golden Killer

In recent weeks I’ve been reading articles about the capture of the “Golden State Killer.” The killer eluded the police for decades. He was finally identified after a detective uploaded the killer’s DNA onto a genealogy website to locate him through distant relations. This has raised some concerns.

Many people seem to be of the opinion that if the information was used for “good,” i.e., to capture a serial rapist/murdered, then what’s the harm. I even heard some people say they were okay with having their DNA used to help catch relatives (near or distant) that had committed crimes, whether they consented to their information being used that way or not.

On the other side information should only be used for the reason/purpose it was gathered initially, unless consent is granted. Therefore if information was uploaded on genealogy websites to find relatives, then that information shouldn’t be re-purposed for other uses without consent.

Last week I heard an interview on The Daily, (a New York Times news podcast) with the detective who worked on the case for over 20 years. According to him, he created an undercover account on the genealogy website, not a fake one. He argued that being “outed” by a relative’s uploaded DNA was the equivalent of a relative calling a hotline to report you.

While we might cheer at these new methods that removed one more dangerous criminal off the streets, it diminishes the value of our privacy and our right to protect/control personal information.

What happens when this kind of information isn’t used for “good”?  Or when we disagree about what “good” means. What if one day somebody in power decides to eradicate a specific gene from the human species and starts researching potential targets through DNA and genealogy websites. What if your voluntary DNA contributions help locate relatives that are carriers of this specific gene and they end up being targeted? Would you still think this was an appropriate use of your information? Likely not, but the point is you can’t always predict how/where your information is going to be used once it’s “out there.” Where’s the consent?

The detective made a good point that we need to have discussions about how/when these databanks of information can be accessed, by whom, and for what purpose. However, these discussions should happen before information is re-purposed, especially if it’s a gray area.

Information Gain and Knowledge Loss

On a recent trip to New York City (NYC) I decided to take a cab from the subway to my friend’s place in Astoria Queens instead of walking, one chilly evening. The driver immediately knew the address, including which side of the street it would be on and how far down the block. He even knew which direction he was traveling in and could point out north, south, east, west. He knew all of this without consulting a map or technology once. I was impressed with his mastery of the streets and told him so.

He replied it was because he had knowledge. For the last 15 years he’d been driving a cab. His early years in the business had forced him to learn how to navigate the labyrinthine ways of Queens, without technology. In the beginning, he explained, he used to have all kinds of maps in his car. When someone gave him an address, he had to locate it on the map and then remember how to get there. Through doing this, he had developed expertise in getting around.

He compared himself to other cab drivers, and people in general, who can only get some where with GPS. They’re lacking knowledge, he said emphatically. They can’t orient themselves and navigate. They don’t know where they are because all they do is follow a dot following a line. They’re not aware of their location. 

I’m definitely “directionally-challenged” but I’ve always managed to learned a few tricks about the layout of every city I’ve lived in to help orient and navigate myself through unfamiliar neighborhoods. I use GPS when I need to, but try not to rely on it.

We’re inundated and overwhelmed with information, but somehow we don’t acquire the knowledge to learn anything. We can go around the world with the internet, but yet can’t manage to get around our neighborhood by the information inside our own heads.

Although I love having GPS and maps available, I still make an effort to learn how to get around by memorizing street names and observing landmarks. By identifying patterns and learning basic tips. By studying maps to orient myself and understand my location. It was refreshing for me to have a cab driver that felt the same way.

Creating Order

I recently had a new closet installed in my apartment and some supplementary storage places added under the bed and in the entryway. Part of the reason I added in new storage options was because I seemed to have a lot of stuff that was “homeless.” The storage is there, but I haven’t started filling it because I’m still deciding what needs to go where.

I was discussing the new storage options with a colleague at work and his advice was “choose carefully.” Storage options can be tricky. I love having things out of the way behind a closed door or shut drawer, but I also need to be able to reach and access them. The best is to match necessity with ease of access. For example, my extra blankets are stored on a shelf above my clothes in my closet. I need a stool to reach it, but then again, I rarely need to.

It’s necessary to be strategic about which items are placed where in cabinets, drawers, closets, etc. This is especially important when unpacking a new home. It may take a few tries to get everything in the right place to optimize flow and convenience. Although items can be shuffled around after, it’s kind of a pain. Rearranging closets and drawer contents is a time consuming activity, one that almost always has to be done in one session because stuff will be everywhere in the transition process. I prefer to wait until I have a plan before filling my storage areas to try and avoid shifting things later.

Here’s my plan:

  1. Assess which areas are overcrowded and in need of some storage options. For me the priorities are my tiny, over-stuffed kitchen, hallway closet, and bits of random, orphaned “stuff.”
  2. Determine which items specifically need storage and how often you will need to access them. For example, I stored my towels with the sheets because there were no other spaces available until recently. As these are both frequently used items, it’s definitely something I’m flagging for a better option.
  3. Look at all existing storage options, including ones that are already filled and/or rarely accessed. It may be time to shuffle things around.
  4. Purge anything and everything possible that you no longer use and/or need.
  5. Clear out the calendar for several hours to fill storage areas and rearrange, as needed.

Stay tuned for progress updates.

Contractors: Offline

Every time I’ve had to hire a contractor, it’s always been done through word-of-mouth and referrals. For some reason, it’s not the kind of thing I search for online. When hiring a contractor for home repair, trust and good workmanship are essential. Maybe that’s why I always prefer to ask around. Or maybe it’s because that’s the best way to find the good ones, who are often too busy to set up more modern, digital forms of advertising.

I’ve noticed that the majority of contractors I know, or have learned about through referrals, rarely have an online presence. By online presence, I mean a website, or a company page on something like Facebook, LinkedIn or another form of social media. This makes it difficult to see photos of their work to assess the quality of the home repairs and to find online reviews. Though to be fair, I’ve never looked that hard because I mostly rely on the referrals. In my mind, the referral is one of the best reviews because most often the contractor has done work in that person’s house, making it a personal and intimate experience.

With some services, quotes and estimates can be attained through online services where the requestor simply fills in some details online to get some figures. With contracting work, however, quotes and estimates are done in person after a visit. I’ve tried to get ballpark estimates in advance, but most contractors I know insist on coming to visually assess the work themselves.

I suppose this is due to a combination of factors. Some contracting jobs are a lot more complicated than they seem to be from the perspective of the home owner, something that can only be assessed properly with a visual assessment. Contractors have a wealth of knowledge and experience about when a job may seem to be more complex than it first appears.

The work done by contractors is manual and tactile and it’s as though their processes are designed match. Invoices are done by hand, cobbled together in a disorganized fashion on a word document, hastily scribbled on an invoice pad, or simply itemized in the body of an email. A hold out to a fast-moving electronic environment where everything is readily available online in a digestible app form. But sometimes, you just need a plumber.