On the eve of the retirement of the Privacy Commissioner, there are more privacy matters for him to handle, putting him in the spotlight. The two most newsworthy cases are the Octopus and the Google street view.
I am not sure why the Octopus privacy issue suddenly becomes news. It probably arose owing to the complaints of a few customers. The defense of Octopus is that the information disclosure statement is already included in the application form. The problem is, same as many other contracts, the devils are in the fine print. Notwithstanding the Octopus case being seen as a terrible infringement of privacy, the fact of life is that we are constantly giving out our personal information to be used by presumably friendly companies. Just take a look at your wallet. All the plastic cards you have reflect the extent of your personal information being given to others. Add to that, any purchase you made requiring email contact or physical delivery means that your personal information has been passed out.
Some companies look more benign in asking for your consent whether you wish to receive information from their partners. Translation: your personal data will be transferred. However, even without your consent, the company could send to you direct advertising materials, either from them or their subsidiaries, using your personal data in a legitimate way.
The Octopus case can be more serious. Although it is not a location-based device, i.e. it does not show your location in real time, the records it held on the location of purchase could be a history of your whereabout. This does not limit to Octopus cards which are linked to names, bank accounts or credit card accounts. The various locations of your card with timing, plus the numerous records of video images, purchase records, etc, could build a profile pointing out individuals. We have seen it in the movies which are based on existing technologies. It is just a matter whether you are a target of the criminals, or the police, or the government.
The case of Google is similarly interesting, or scary. I don’t know if you like Google street view. It is a very convenient tool in finding direction. It makes the world smaller or closer if you like it. In taking street view photographs, it also collects many location-based information such as GPS co-ordinates. It claimed that the collection of wireless data is not intentional. The data just got stored at random together with others. Most of them are encrypted and many are fragmented. I wonder how such news got reported. It came from a press release by Google, but there could be pressure from whistle blowers within the company.
Many companies and families use wi-fi devices nowadays. A wireless router only costs a few hundred dollars and can allow a company or a family share one broadband connection. Wi-fi data include everything we send and receive in the Internet, which could mean most of our lives. The Internet is the information superhighway, and the wi-fi data stream is public traffic. You cannot hide your car in the traffic, but you can still do private matters inside your car, with proper protection.
The morale of these two stories is a revelation, in case you still do not know, that personal privacy is a very fragile thing. In the modern world, it is hard to live without plastic. Octopus is the most useful plastic of all. We also have a lot of credit cards, purchase cards, VIP cards, membership cards, discount cards, etc. All these partners of ours are sharing our personal information. Digital information is more insecure. We heard of hackers, viruses, and trojans everyday. It is very uncertain that at this very moment, the data in your computer could be accessed by others. Wireless data at least give a feeling that they are freely distributed through the atmosphere, and their security is an obvious concern. The basic protection is to password-protect your wireless router.
I often draw the analogy that you are using your personal data as walking down the street with your valuables. You cannot stop going out in order to protect your valuables. Just be careful out there. The caution is: anyone who knows your personal data is not necessarily your friend. Make sure you cross-check the identity of those who contact you, at the door, in the mail, on the Internet, or on the phone.