Personal Information data is a liability

3 minute read

Most businesses are still in the mindset that they should collect data for big data sake -- some day it'll be valuable. More unscrupulous businesses sell or share your personal information, without your knowledge or consent.

I'm writing this for you as a business owner to consider how much of a liability it is for your organization to collect personal information.

The most notable starting place is your privacy policy. This applies mostly to online businesses, but you likely have to comply with jurisdictional privacy laws such as Canada's PIPEDA or the EU's GDPR. In order to maintain compliance, you must document exactly what personal information you will be collecting, using, and disclosing. Every time you start to collect more information, use it differently, or disclose elsewhere, you need to obtain the consent of your users.

Imagine for example, that someone on your web team decides to install a simple tool like Google Analytics to collect information on your website visitors. Seems innocent enough, but now you're collecting more information on your users than you were before. You're likely also disclosing that information to a 3rd party, and if you're not an American company, you're disclosing personal information to a 3rd party foreign entity.

Another example will be in the increasing global financial anti-money laundering (AML) and counter terrorist financing (CTF) surveillance regime. Under the new FATF guidance, a notable change appears where suspicious transaction reports (STRs) are going to require a lot more information -- if you collect it. This will likely include a person's alias, IP address and, notably, the source of funds -- again, if you have it. These new changes will also add virtual currencies into the compliance regime.

Compliance and regulations are great examples of where personal data is a liability, but I don't think there is any greater example than privacy breaches. Companies get hacked every day. Most companies are trying to build their own Identity Management (IDM) systems, that meet all of the compliance requirements. Building such a system is not easy, so if your main line of business is not this specific area, consider finding someone who can help you out with this. How much would a privacy breach impact your company? IBM states that as of 2018, it's $148 USD per person, with the average breach costing a company $3.86 million.

What would it take to build a system that companies/vendors/apps wouldn't have to care about privacy breaches any longer, in that the identities of their users in their systems were not their real names?

I haven't been able to find a platform that will 100% respect my autonomy, giving me full control of my personal information, allowing me to be fully anonymous to all third parties I interact with, while simultaneously maintaining compliance for all applicable laws and regulations. We're starting in Canada, which means privacy law compliance, FINTRAC (AML/CTF) etc. And on top of that, one where I don't have to care about privacy breaches any longer for any of them systems I use.

As a result of this thinking, I've started to bring together a team, and we've started to build out a platform called IPVPN.ca -- a VPN for your identity. If you're interested in our offerings, please reach out -- [email protected].

If you've been reading this blog for a while, you know I never make asks, but in this case, if you've found value in anything I've offered, I could use your help. This could be just by asking me more questions on how to protect the personal information of your users, that's my passion. If you've got some financial resources, we could use your financial investment. If you've got some time, skills, and passion, join us! If you can help us get the word out, it would be appreciated.

We need to collectively as an industry, a work force, and a digitally connected world start to consider the repercussions of not protecting personal information. It always starts as what appears to be convenience in exchange for privacy, but you will quickly see it's an asymmetrical data exchange -- which means one side becomes more vulnerable, and the other, the predator class.

Leave a comment