Profiling coming under scrutiny

The capacity of organisations to build up "profiles" of people based on their use of the internet, their personal choices and other activities is coming under greater scrutiny by legislators and regulators in the UK, US and Europe.

The capacity of organisations to build up "profiles" of people based on their use of the internet, their personal choices and other activities is coming under greater scrutiny by legislators and regulators in the UK, US and Europe.

Profiling uses pattern-matching technology to search thousands or millions of database records that fit a pre-determined template or to identify a group that shares particular characteristics.

Governments are keen to expand its use for law enforcement purposes but also to use it to identify situations that require state intervention. The private sector likes it because it can quickly identify potential new customers and target existing ones more precisely.

Home Secretary Jacqui Smith revealed a greater willingness to use profiling technology to detect potential terrorists in the Counter Terrorism Bill published today.

Earlier this week a National Audit Office report on the Department of Welfare and Pensions revealed the DWP is using behavioural and financial profiles to track down fraudsters.

Also this week the European Data Protection Supervisor, Peter Hustinx, told the European Parliament's Civil Liberties Committee that users' IP address were their personal data and were protected by privacy and data protection laws.

In the private sector, the greatest concern is that companies such as Google, Microsoft and social networking sites such as Bebo and FaceBook will be able to collect data about their members, profile them, and sell the profile to marketing organisations.

On one hand, this may amount to an invasion of privacy of those profiled on the other, it may be a much more efficient and effective way of getting those, and only those in whom you are interested.

A chief concern is that data collected for one purpose by one firm may be passed to another company that might use the same data for different purposes.

Hustinx has called on the EU to provide a single robust definition of personal data. He believes this would help members clarify the presently confused data privacy and protection legislation. He argues that this is increasingly important as both public and private sector organisations seek to increase the amount of data they share across national borders.

This would also do much to clarify what information organisations can collect, how they can use it, and what recourse data subjects might have when those limits are breached.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close