Friday, May 07, 2010

YOUR PERSONAL INFORMATION HAS BECOME TRACEABLE AND SELLABLE

The arrival of Seacom subsea cable two weeks ago generated considerable excitement in Kenya. This fibre optic cable, and others to come, will provide broadband to countries in East Africa that previously relied entirely on expensive and slower satellite connections.

This development will, in the long run, provide cheaper access to the internet. We shall therefore witness a few interesting trends over the next few years. One of the most obvious realities we shall have to contend with is the sheer amount of our personal information that will appear on cyber space.

Cheaper access to technology will make it possible for the government and other entities to automate their records. This automation will make it possible for someone to easily scan for your personal details, especially in sites that trade personal information.

For example financial institutions with an online presence often ask you for your mother’s maiden name as a security word. You will soon discover that this name, and other security phrases, will be publicly available on the internet. This will happen when the births, marriages and deaths records will be automated and digitally published.

Linking your searches through these disparate databases will easily yield your personal information. Your details are therefore traceable and sellable.
Kenyans will now be forced to discard their nonchalant attitude towards their personal information.

Kenyan companies have traditionally being crucial custodians of our information. They unfortunately don’t appreciate just how valuable this personal data they hold is and that they are holding this information on trust for their clients.

Most companies feel that people have given them their personal information and they can use it to run their business in any way they like. Until recently, banks implemented more stringent measures in looking after your money than your personal information. Fortunately the financial sector has changed its mindset and is currently in the forefront of data protection. There are however, many other local companies that need to practice duty of care.

Taking care of data is a complex affair. Unlike money, if data is stolen or lost, the original is usually left in place and the sense of loss is therefore minimized.
In the next article I shall outline the duty of care our local firms need to practice and the regulatory and compliance requirements we need to develop so as to force these organizations to invest more in taking care of our personal information.

No comments: