[LINK] A thought...

Grant Bayley gbayley@ausmac.net
Tue, 3 Oct 2000 12:04:50 +1000 (EST) 

I was reading with interest the privacy story on the front page of today's
Australian IT section when it occurred to me that a potentially
informative and enlightening thing for people dealing with organisations
that hold and use personal information would be a requirement to report on
the following (Government AND Private Sector):

1) The nature and scope of personal information held by the organisation.

2) The historical, current and future flows of this information to other
entities.

The idea behind this is that it allows a single consumer an idea of what
personal data submitted to the organisation is held on them (even if
they cannot get access to the information itself) and also what
information on them flows out to other organisations.  The same
report, in the hands of a researcher, could be used to track flows of data
through "holding" companies, subsidiaries, whatever, all the way up to
companies the likes of Axciom.  I'd think a reporting requirement once a
year, with an "update" requirement if there's any change to 1) or 2) would
be sufficient.

Aside from the "business already have too much to do" hole, are there
others that people can think of that would make this either infeasible or
unnecessary?

The reason for suggesting this is that the perennial problem with personal
data is not knowing who has what, and these days given the value placed on
it, where it flows to.  One thing I've not mentioned here is the tendency
of certain businesses (and Government departments) to link databases
together or cross-match information in them.  Might there be a need to
include as part of 2) a requirement to report such integration between
data sets as outlined in 1)?

Am I way off track here?

Grant

-------------------------------------------------------
Grant Bayley                         gbayley@ausmac.net
-IT Manager @ Foster Nunn Loveder      (www.fnl.com.au)
-Admin @ AusMac Archive, Wiretapped.net, 2600 Australia
 www.ausmac.net   www.wiretapped.net   www.2600.org.au
-------------------------------------------------------