Friday, February 02, 2007

What's Up With Dataflation?

A few years ago I coined the term 'dataflation' in an effort to focus attention on the possible negative effects of widespread exposure of personally identifiable information (PII, like name, address, Social Security number, mother's maiden name, pet's name, credit card number, and so on). My thinking had been pointed in this direction by the large number of security breaches in the first half of 2005 and the massive amount of PII that they exposed (66 million records).

Plenty of people were focused on the immediate effects of this phenomenon and the media paid attention. We saw articles on What to do if it happens to you. How to protect your identity online. What companies should do to prevent such breaches. A lot of good advice was dispensed and recent figures show it might be having a positive effect. (Remember: "The best weapon with which to defend information is information.")

However, there was no immediate sign of improvement during 2005 and I continued to focus on the cumulative rather than individual effects. What would these exposures mean to the current and future value of information? How would this impact trust within society? What would be the effect on commerce, particularly e-commerce? And what effect does trust have on growth? (There are indications that more trust = stronger GDP growth, starting perhaps with the 1997 paper by Knack and Keefer, click here for a list of articles).

To me it seemed like there had to be some sort of inflationary effect on personal data, hence data-flation. Perhaps, I wondered, the more bits of personal data pertaining to you that are known by everyone, the less value each piece of that personal data would have, notably when it comes to authenticating you, to a system, a merchant, a bank, a government agency, and so on.

My article for TechTarget on the subject of dataflation was published in October, 2005. Then I witnessed the massive exposures in early 2006 which included the 28.6 million veterans (including a friend of mine who was also 'exposed' at the same time by his credit union). So I continued to think about dataflation. When I was invited to speak at Interop Moscow I chose it as the topic of my presentation.

Then a strange thing happened. In the Q&A session after my presentation, one member of the audience told me that you could find just about any data about anyone in Russia on the streets of Moscow, sold on CD. Unfortunately, I didn't have enough time or Russian to go and buy any of these CDs, but several people confirmed that large numbers of records were sold to these street-level data vendors by employees of various government agencies. We did not have enough time for a protracted discussion, and there was something of a language barrier, but I think I sensed an implied statement: "Our data is hopelessly exposed and our society/government/economy is not crumbling."

Now, I am not an expert on the Russian economy, but I think one could argue it is not doing as well as it might. One might further suggest that a lack of trust is one reason, although proving this statement is probably an entire masters or even doctoral thesis. Furthermore, I am open to pondering that implication. Maybe dataflation won't happen and everything will work out. It's just that, when you look at a compilation of the ever-increasing numbers, such as this amazing table at Privacy Rights Clearing House, it is hard to believe we are on the right track.

No comments: