Digital Identity Web/Tech

Hierarchies – of Life and of Privacy

Hierarchy-of-Needs-Meeker.pngA couple of months back in one of her presentations on the impact of the Internet, Morgan Stanley’s Mary Meeker used a slide describing today’s hierarchy of individual needs.

In today’s post-modern culture, we don’t achieve self-actualization without having our “always on” access to the Internet – and – our ever present companions: mobile phones.

Take a look at the rest of those recurring payments hitting your credit cards each month – you might find a few other things in your own personal hierarchy of needs that are required for your “well being”!

Indeed, in her haste to make points about connectivity and mobility, Meeker overlooked some other basic necessities of life – like that credit card! After all, what good is the Internet without shopping at Amazon? And, what good is your mobile phone without your personalized ring tone?

Hierarchy-of-Needs-Maslow.pngIsn’t it interesting that the computer isn’t even mentioned by Meeker — just the connectivity. After all, what use today is a computer that isn’t connected to the Internet?

And, who has time for esteem any more anyway?

Of course, this was all a bit of a fun play on Abraham Maslow‘s original hierarchy of human needs proposed initially in 1943. Maslow’s hierarchy is based upon the premise that the path to self-actualization demands satisfaction of all of the lower level needs first. Sure, it’s all just Psych 101 stuff, but it’s fun and something we can all relate to as Maslow’s theory feels personally very appropriate.

A few weeks back, along comes Tim Oren doing an exploration of privacy in this post-modern and totally connected world. Tim’s spent some time digging on the subject and shares some of his initial insights.

It seems to me that what Tim’s really focused on a new form of shelter in our lives — a “digital shelter” that provides a roof over our personal information and protects it just like the roof over our heads provides shelter from the terrestrial elements. Fulfilling our human needs for shelter demands that both our physical and – oh, sorry – our “logical” embodiments are both well protected — or we’ll be troubled, tossing and turning, worrying about why things in our life just don’t feel safe.

Hierarchy-of-Unease-Oren.pngTo help illustrate his points, Tim introduces a new (and perhaps more disturbing) hierarchy: the Hierarchy of Privacy Unease.

Tim’s Hierarchy of Privacy Unease begins at the top with the worst possible outcome – a direct financial loss. The actual effect of a direct financial loss on an individual’s well being depends upon who bears the actual risk of loss – the individual or a supplier of services to the individual.

For example, with credit cards in the US, the risk of loss to the individual is zero. Card number data breaches, while spun up by the press as alarming, are of financial impact only to the card issuers, not the cardholders. Even so, the cardholder may feel “violated” if victimized by stolen card information.

On the other hand, data breaches that expose “enough” personal information to enable true identity theft (such as the Choicepoint example earlier this year) are extremely disruptive to the individual and may require significant effort by the individual over months of time to resolve. Unfortunately, in today’s easy credit society, having “enough” personal information boils down to the information requested on a credit card application coupled with some social engineering cleverness that is well known by fraudsters.

Next on Tim’s hierarchy is intrusion – the simple desire we all share to live our lives without unwelcome interruptions. Interruptions of any kind disturb our flow; unwelcome or inappropriate interruptions generate emotions of anger or fear. Sounds quite a bit like the “pursuit of happiness” now, doesn’t it?!

Tim’s compartment breach layer is one I’ve not thought a lot about before – but which resonates with me now that he’s pointed it out. Individually, we do rely on compartments to help secure our lives and well being. Compromises that enable cross-compartment linkages to be derived are disturbing and another potential threat to our well being.

The loss of information asymmetry is another destabilizer for the individual when it happens. Related to the notion of compartmentalization, none of us likes to be at a disadvantage when it comes to knowledge. We want to know the dealer invoice for that car we’re negotiating to buy – and we don’t want the dealer to know anything about our history of car purchases that might be used against us in a negotiation. It just doesn’t feel “right” when something someone knows about us is used against us in that way.

In Tim’s everything else category goes the seemingly endless tradeoffs we each make as we provide “just enough” of our personal information to third parties in trade for some sort of economic reward. We do so believing in real “compartmentalization” – that the data we provide to Safeway for participating in their discount program won’t be used against us in some other way.

Privacy policies are the primary mechanisms the data collectors use to inform us about their use of our data. Data breaches, which don’t abide by anyone’s privacy policies and, indeed, tear them to shreds, are increasingly the primary forces that expose us to damage – by putting us at an information disadvantage, invading our compartments of data, and moving us up Tim’s hierarchy, eventually destroying the digital shelter of protection over our heads – and our well being. Tim’s Hierarchy of Privacy Unease provides us with a very helpful way to think about these issues.

Of course, what we’d all really like to see is effective “pest control” in place between these layers – for it’s the very erosion of the layers that leads to these bad things happening. We want to know, with certainty, that those with whom we trade our personal information will take all necessary steps to protect it and use it responsibly.

Increaasingly, what we want from them is a “Code of Personal Data Stewardship” that is clear and unambiguous about their responsibilities for protecting our personal information – including notifying us and accepting liability for any breaches they’re involved in that affect our personal information that we’ve entrusted to them.

Existing efforts to date have failed to provide this level of assurance and trust for the individual. Trust-E, for example, seems to “walk softly” on these issues – being largely a group supported by those who seek to obtain and use our personal information (and post Trust-E seals on their websites), not by individuals wanting to ensure their personal data receives comprehensive protection.

Legislative efforts, responding to the data breaches earlier this year at Choicepoint, CardSystems and others, currently appear to be primarily directed at beefing up data breach notification obligations – by extending California’s recently enacted notification requirements nationwide. Unfortunately, an effort by legislators to impose requirements for stronger personal data stewardship – and associated liability if not achieved – seems sorely lacking.

Tim’s post certainly advanced my understanding of these issues and helped me think through my own personal hierarchy of needs related to privacy of my personal information. There’s a lot of chatter on the web these days about digital identity – but it seems to me that these issues of personal data stewardship are truly the top priority in terms of enabling all of us to feel safe and secure with a sound “digital shelter” over our heads!

This site uses Akismet to reduce spam. Learn how your comment data is processed.