[Slightly OT]: Does a failure to address privacy in information systems design lead to the risk of uncontrolled loss of personal data?

[James Crowe <privacy_survey () mac com>]

Hi there,

Inspired by the increase in examples of mass dataloss from military  
sources (http://news.bbc.co.uk/1/hi/uk_politics/7199658.stm) in the UK  
I'm researching the issue of the creation of personal activity and  
performance data within workplace information systems and the  
potential for such data to be processed into biographical information  
that relates to the performance of an individual. The focus of my  
study lies within the military, who culturally have some interesting  
perspectives on the concept of privacy.

My study draws on the increasing tendency for integration of  
government and commercial information systems and the risk that this  
poses in regard to the potential aggregation of information about an  
individual, their activities and performance, potentially exposing  
biographical information relating to a person to an authorized user  
who should have have no right to examine it.

I am interested in progressing a line of inquiry into the extent to  
which legislation (primarily European Union and UK) fails to address  
within the context of 'personal data' the creation of work performance  
data that relates directly to an individual (i.e what work he/she does  
and how long it takes might be used as a means of performance  
assessment) and the movement of such data across boundaries (e.g to  
industry partners), the lack of visibility that the 'data-subject' has  
of this information and the use to which the 'data controller' enables  
processing.

The link here to the concept of privacy is an interesting military  
cultural issue that appears to indicate that whilst military personnel  
apparently value privacy within their 'off-duty' lives as normal  
citizens (i.e they have the same concerns as a member of the public  
for protection of their identity and 'personal' information), in their  
'duty' role they have little or no concern regarding the extent or  
visibility of information about them generated as a result of their  
primary duties (i.e engineering work performance).  This, I think  
shows an interestingly 'bi-polar' perspective taken by military  
personnel, and implies a significant level of trust in the  
organization that they work for to ensure that this information  
remains confidential and is used appropriately.  Interestingly in the  
UK we have yet, to my knowledge has a case of an industry partner has  
undermined this trust as in this case previously reported:

http://www.infoworld.com/article/08/05/02/Military-computer-contractor-convicted-on-ID-theft-charges_1.html

I have found the information and opinions of the list invaluable in  
understanding the breadth of the dataloss issue and would be very  
grateful to anyone for their time to complete my survey (which would  
take about 4 minutes to complete).

If this subject is of interest to you I'd be delighted to receive your  
completed survey and any additional comment you may have.

http://www.surveymonkey.com/s.aspx?sm=9Eefg06dUMJN1CtqhytyQw_3d_3d

Thank you very much for your time,

Jim

_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml