Who Owns Digital You?

Financial privacy bill bursts through deadlock” reads a headline from the August 19 issue of the San Francisco Chronicle. The sponsor of the bill, state Sen. Jackie Speier, was quoted as saying, “There is a privacy revolution going on in this country. Californians — and hopefully Americans — will be able to feel confident that their financial privacy will be protected.” Heralded as the nation’s strongest financial privacy bill, it comes amidst a recent string of consumer protection measures — with the state and federal do-not-call legislation receiving the most attention.

Against the backdrop of ever-invasive marketing practices and initiatives such as the Total (er, Terrorist) Information Awareness project (TIA) proposed by the Defense Advanced Research Project Agency (DARPA) and a Patriot Act that is arguably less than patriotic in the way it proposes to treat privacy, people are clearly becoming concerned. More than 70 percent of Americans said recently in an RR Donnelley survey reported they are “privacy seekers,” increasingly concerned about their financial privacy.

Yet in spite of big proclamations about privacy revolutions and studies showing people are concerned, we are missing the real point. Privacy as we’ve traditionally construed it is no longer a relevant concept or construct. Sadly Sun Microsystems’ Scott McNealy’s claim a couple of years ago that “you’ve got no privacy anyways, get over it” was correct. Everything we read on the Web, everywhere we go, every purchase we make, every email we send, every phone conversation we have, every visit to the family doctor, and soon even our personal genetic makeup — our DNA — can be collected, cross-referenced, analyzed, and monitored.

Not only don’t we have privacy, in many ways we don’t really want it. Or, rather, we don’t want to suffer the consequences of having it. The convenience of being known by the companies we do business with, using all kinds of electronic means of communications, using a single plastic card for worldwide purchases, and having our doctor keep records of our past ailments and concerns — those are the conveniences we associate with modern life. Moreover, direct marketing isn’t really annoying and invasive if we want the stuff we’re being contacted about. And if the government says it can protect us from further terrorist attacks and identity theft, then it’s probably OK that bits of information about us are collected and connected.

So what does privacy become when government and business need access to personal information more than ever before and the individual wants them to have it — but only under known conditions? This question is at the heart of the future of privacy and has neither good solid answers nor established frameworks.

We need a radical and intuitive new model built on the premise that in an information economy, our personal information and identity are valuable assets. The model must recognize that, as with all valuable assets, powerful forces are vying to harvest and control it. Big businesses and governments are trying to control the asset. In the shadows of cyberspace, sundry characters are lurking, trying to steal it. And though everyone wants control over the asset, we have no established framework that defines who has the legal right to claim ownership. Business and government are claiming rights to what they collect while individuals’ legal rights to access, manage, and control information about themselves are very limited.

In short, we don’t own or control personal information about ourselves, information that is becoming more comprehensive, detailed, and intimate every day. This spells big trouble, the scope of which is only beginning to become apparent.

Once we recognize personal information is an asset, we also quickly realize the surrounding infrastructure of asset management needs to be developed to support the personal information asset model. First, we must define ownership. I propose we treat all personal information as if it belongs to the individual. Second, we need governance procedures. These must apply equally for private sector and public sector use of personal information. And third, we need a mechanism for valuing the asset. Since the asset is a representation of a person, the same mechanisms used to value customers will prove to be useful.

Our digital identities, the detailed profiles of who we are and everything we do, will increasingly become available to marketers and the government. Incremental laws such as the one passed in California to protect a small portion of our identity, our financial information, just won’t be enough. In a world where personal information is an asset, the role of the 21st century marketer becomes that of an asset manager, managing personal information “deposited” by its owners (individuals) with the goal of generating a return on the asset for both the company and the individual. We need a whole new model. Building it around asset management is a valuable starting point for creating the necessary framework.

Related reading

Overhead view of a row of four business people interviewing a young male applicant.