Private Sector Analysis Of Personal Information

The increasing computing capacity means that a vast amount of information can be collected, stored, organized, and analyzed at low cost and high efficiency once gathered. Technological advancements allow information databases to interconnect, enabling larger-scale data processing. As technology converges, the potential for privacy infringement grows exponentially. For instance, linking facial recognition databases (such as those used on Facebook) with surveillance cameras allows unprecedented tracking of personal information. A common practice is merging and integrating databases from different sources, inevitably generating privacy issues when combining data between sources like tax records and health data or property data and social security information. Furthermore, personal data can be extracted from various technologies and matched with publicly available data, creating a detailed personal profile.

According to the U.S.-based privacy advocacy organization EPIC, "data brokers are willing to categorize, compile, and sell any information." For example, medical marketing services sell lists of individuals with various diseases, including details such as age, education, housing size, gender, income, lifestyle, marital status, children's information, etc. Other companies sell databases related to personal habits, reading preferences, or even religious beliefs. The aggregated databases serve various purposes, from data mining, which is the process of finding patterns in large databases, to data exploration, which has many benefits such as identifying fraudulent credit card transactions.

Although some commentators claim that data mining is neutral, it may involve privacy issues since data mining or data merging is often done with information used without the knowledge or consent of the individuals involved. Moreover, extensive data often includes detailed personal information that can be easily associated with individuals without their knowledge. Another common use is data profiling, utilizing aggregated data to "identify, isolate, and make judgments about individuals solely through computerized profiles." Businesses and governments can leverage data analytics to build comprehensive personal profiles.

EPIC provides an example of a woman suing the U.S.-based company Metromail. A data entry clerk at Metromail tracked her based on the data she submitted in a survey. In that case, it was found that Metromail retained a 25-page file on the woman, including information about her income and her use of hemorrhoid medication. To protect privacy (and comply with privacy laws), companies often de-identify or anonymize data, which is a process of removing personal identifiers (such as names, social security numbers, and IP addresses). However, research shows that reconnecting "anonymous" information with individuals is relatively easy. For example, a 1990 study in the U.S. found that census data (ZIP code, birth date, and gender) could be matched with 87% of the national population.

Last updated