General Science, Technical

Privacy and Identity

I have always been a (relatively) cautious man when it came to providing personal information online. I know these words come from the owner of, but willfully disclosing information online is different than providing information that is to be kept private. Different rules apply. Some information can leak though – such as your name in news articles, academic papers, crawlers that scrape social media, etc.

In many talks, courses, and my own discussions I am seeing a trend where the “traditional” sense of privacy, where the idea it to not provide any information unless it is required, is shifting (with the help of social media). This “minimalistic” mentality is great for restricting the dissemiation of personal information – especially online. However, the “new” sense of privacy gravitates towards liberally providing personal information and having complete control on how that information is accessed by third parties (or the original holder of the information).

This is a big change, and it can lead to disastrous outcomes.

Take myself, for example, I limit the information that I add to social media websites (if I use any at all) and I make sure to continually review the privacy measures for each one. I try to apply the best of both “traditional” and “new” privacy approaches. This can work fantastically if you explicitly trust the website (or group) to secure your private information. I even run queries on my name in various search engines to see what are the results. This gives me a rough measure as to how exposed I am to crawlers.

What I did not expect is that, after taking care to secure my own online “identity” and my private information, the weakest link would be my government. I am talking about the current situation with the Canadian Student Loan information breach. A removable hard drive with the personal information of over half a million current, or previous, students disappeared. I was shocked. I suppose I shouldn’t have been.

All of my hard work; circumvented by the carelessness of a person I had never met – someone that I never knew was even handling my personal information.

Through my frustration I have come to be reminded that the weakest link in most security, or privacy, chains is the human link. The link that requires a person the have the correct training, common sense, and authorization to access, transport, and dispose of my personal information correctly and securely.

In my case, this is the second time that a major organization has “lost” my personal information due to a removable hard drive: Note that removable hard drives are usually restricted in general for this reason.

All I can do is take the necessary precautions – now that it’s out there.