Information Sharing

From MgmtWiki
Revision as of 20:24, 11 September 2024 by Tom (talk | contribs) (References)

Jump to: navigation, search

Full Title or Meme

The process of collection of all sorts of information about a Subject that is collected by a web site. Not just User Private Information that is securely shared with user consent, but also the user behaviors like web site visits, searches and purchases as well.

Context

Information Sharing on the internet includes four broad categories of Personal or User Information:

  1. Identifiers (like identifiers provided by social signin or pseudonym selected as user names),
  2. Attributes (like age, address or real-world name),
  3. Behaviors (like queries, site visits or purchases online),
  4. Inferences (like pregnancy based on purchases, or political party affiliation based on site visits).

Problems

The consent notices that are typically received are related to sharing User Information and deal with sharing in terms like:

  1. for the business at hand; which seems to be the only place where a demand for User Information can be justified.
  2. for other purposes within the same business unit, typically for marketing notifications.
  3. sharing with different business units within the same corporation, like a bank giving information to a brokerage subsidiary.
  4. with other organizations that are participating in the business purpose - like a bank transfer to a business.
  5. with other organizations in the same business relationship, again typically for marking purposes.
  6. with other organizations where the businesses purposes are not related.
  7. with governmental entities for regulatory reasons, only some of which are permitted to even permit notification to the user.

The ideas of cross border exchanges for business or storage seems to be anachronistic and not especially helpful. The controller-processing concept seems to be very nearly impossible to comprehend as it relates to real-world entities. Imagine the chaos that would ensue if airlines were trying to follow these regulations.

Deleting User Data

Because of the problems of data controllers losing data and the requirement to "forget" the user after a given time, it is expected that data controllers could delete user data after a specific period, or on request by the user, the data owner. Bot the question is whether that is ever possible given the reality of data storage systems.

Solutions

References

  • See the wiki page on [User Private Information] for the type of data that should be controlled by user and the data controller.