Difference between revisions of "Redress"

From MgmtWiki
Jump to: navigation, search
(Context)
(Problems)
 
(7 intermediate revisions by the same user not shown)
Line 4: Line 4:
  
 
==Context==
 
==Context==
Redress, like any access to user personal data requires strong authentication of the [[Subject]]. The follow paragraph 57 of the [[GDPR]] should help clarify this function.
+
Redress, like any access to user personal data requires strong authentication of the [[Subject]]. The following paragraph 57 of the [[GDPR]] should help clarify this function.
  
If the personal data processed by a controller do not permit the controller to identify a natural person, the data controller should not be obliged to acquire additional information in order to identify the data subject for the sole purpose of complying with any provision of this Regulation. However, the controller should not refuse to take additional information provided by the data subject in order to support the exercise of his or her rights. Identification should include the digital identification of a data subject, for example through authentication mechanism such as the same credentials, used by the data subject to log-in to the on-line service offered by the data controller.
+
If the [[User Information]] processed by a [[Data Controller]] do not permit the controller to identify a natural person sufficiently well to provide the user with [[Notice]] of problems, the data controller should not be obliged to acquire additional information in order to identify the data subject for the sole purpose of complying with any provision of this Regulation. However, the controller should not refuse to take additional information provided by the data subject in order to support the exercise of his or her rights. Identification should include the digital identification of a data subject, for example through authentication mechanism such as the same credentials, used by the data subject to log-in to the on-line service offered by the [[Data Controller]].
  
 
==Problems==
 
==Problems==
 +
* In most cases where users want to get corrections applied to data held by a [[Data Controller]], they are not the customer, they are the product. For example, the three credit bureaus make nearly all of their revenue from merchants that want to know if a user is trustworthy. The merchants and banks are the source of the data and its consumers as well; for them the user is just viewed as a risk to be evaluated.
 +
* It is frustratingly hard for a [[Subject]] to get corrections made to a credit report. Equifax was forced to seek a new chief executive after their huge breach that nearly killed the company. The new chief executive, Mark Begor reported on his own travails with [[Redress]] before he joined the company.<ref>Ron Lieber, ''Tough Questions for Equifax's Boss. (2019-04-06) New York Times p. B1</ref><blockquote>It's a laborious process. I'm trying to remember which step was harder than the other. They are all hard. They are too hard today.</blockquote>
  
 
==Solutions==
 
==Solutions==

Latest revision as of 11:28, 6 April 2019

Full Title or Meme

The problem of responding to users' issues in a digital ecosystem.

Context

Redress, like any access to user personal data requires strong authentication of the Subject. The following paragraph 57 of the GDPR should help clarify this function.

If the User Information processed by a Data Controller do not permit the controller to identify a natural person sufficiently well to provide the user with Notice of problems, the data controller should not be obliged to acquire additional information in order to identify the data subject for the sole purpose of complying with any provision of this Regulation. However, the controller should not refuse to take additional information provided by the data subject in order to support the exercise of his or her rights. Identification should include the digital identification of a data subject, for example through authentication mechanism such as the same credentials, used by the data subject to log-in to the on-line service offered by the Data Controller.

Problems

  • In most cases where users want to get corrections applied to data held by a Data Controller, they are not the customer, they are the product. For example, the three credit bureaus make nearly all of their revenue from merchants that want to know if a user is trustworthy. The merchants and banks are the source of the data and its consumers as well; for them the user is just viewed as a risk to be evaluated.
  • It is frustratingly hard for a Subject to get corrections made to a credit report. Equifax was forced to seek a new chief executive after their huge breach that nearly killed the company. The new chief executive, Mark Begor reported on his own travails with Redress before he joined the company.[1]
    It's a laborious process. I'm trying to remember which step was harder than the other. They are all hard. They are too hard today.

Solutions

References

  1. Ron Lieber, Tough Questions for Equifax's Boss. (2019-04-06) New York Times p. B1