John Pelletier is a victim of a privacy breach so shocking, it could have landed him in jail. Literally.
“I had a criminal record and I didn’t even know it,” he says. “It was the most confusing moment of my life.”
He reaches for the bottle of maple whiskey on the table, and pours himself a glass. “The funny thing is, if my house hadn’t been broken into, I would never have found out.”
In 2008, he called the police to report a break-in at his house in Thunder Bay, Ontario up in wintry Canada. When the police arrived, they ran his name and he found himself at the wrong end of an extensive criminal record.
“The cop had to pause for a breath several times while he was reading the list to me,” he chuckles. ”There were four pages of it!”
He is laughing about it now, but at the time he was shocked.
“I was utterly bewildered and confused. I was a teacher. I had no criminal charges against me ever!” John says.
He told the police officer that he wasn’t the person whose details were being read back to him. Fortunately, they were able to figure out what had transpired.
“A clinic that I used to go to always got me confused with another John Pelletier whose birthday is a day after mine. This other guy took advantage of information that was made freely available by persons not qualified to handle it, or who possibly disregarded the need for security checks before releasing information,” he explains. “This guy used my birthdate when he was picked up by the cops and they hooked his criminal record to my name.”
He recalls that it took a year before all official records were sorted out. “But I still don’t know how long my name was tagged with his record.”
John thinks this is a worst case scenario – a result of several coincidences and mismanaged personal information. But the bit about mismanaged personal information is troubling. Identity theft is a very serious threat, especially in the digital age, with information being stored online. Without a significant amount of privacy regulation, it is easy for unscrupulous individuals to take advantage of other people’s information.
And if you are thinking, this happened in Canada, but it couldn’t happen here in Australia, think again.
In an effort to boost consumer understanding, Asia Pacific Privacy Authorities forum (APPA) designated the week of April 28 to May 4 this year as Privacy Awareness Week (PAW). The Office of the Australian Information Commissioner (OAIC) celebrated PAW 2013 with the release of new privacy guidance, and on June 5, launched a new website providing a ‘one stop shop’ for information about privacy, freedom of information (FOI) and information policy in Australia.
Dr Terry Beed, Honorary Associate Professor of Marketing at the University of Sydney Business School, recently completed a strategic review of the Market and Social Research Privacy Code administered by the Association of Market and Social Research Organisations (AMSRO) in conjunction with the OAIC.
He warns there is greater need for privacy regulations in Australia, now more than ever.
“One of the things we focus on is that these days there are a number of organisations providing research tools which market and social researchers are qualified to use, but these are now available to everyone irrespective of their qualifications,” Dr Beed says.
“There has been an explosion in the amount of data being gathered in the digital environment and this is posing a severe challenge to privacy. Much of this data is being gathered by people with no background in market and social research.”
For example, survey tools such as Survey Monkey are freely available to individuals or firms who are not under any obligation to use them correctly or ethically. Undoubtedly, rigorous regulation is imperative in light of such technological advances that theoretically (and in practice too) allow even children to collect personal data using online surveys and use it without any supervision.
It is the very same technological step forward that can cause privacy breaches, such the Telstra incident in 2012 which exposed more than 700,000 customer records because of a simple glitch in their software, or when the Vodafone systems were hacked a few years ago.
Carla May, who was a Vodafone customer in Sydney then, is visibly uneasy when she recalls the incident. “I don’t know if our records were actually accessed at the time, but it is very scary to imagine that all that personal information was out there, for absolutely anyone to download and use in any way they wanted,” she shudders. “It makes my skin crawl even thinking about it!”
Similar concerns are voiced by social media users who have a bone to pick with developers constantly making upgrades to their websites and sending users back to square one as far as their security settings are concerned.
Every time Facebook rolls out a new update, Sydneysider Priya Rajan makes it a point to check in on her privacy and security settings on the social networking site.
“With each update, my privacy settings seem to be reset,” Priya says. “I have to go in to make sure my posts are visible only to those I am connected to, and not just anybody who chances upon my profile.”
Priya belongs to the current generation of always-connected social media users. She is also among those who pay attention to the way their personal information is handled by websites. Surprisingly, she is among the minority.
At the Data Privacy, Marketing, Research and the Consumer Leaders’ Forum presented by the University of Sydney Business School and AMSRO late last year, somewhat shocking research findings from a nationwide Newspoll survey showed that fewer than 10 per cent of respondents agreed to knowing ‘a lot’ about how companies protect their personal information. More disturbingly, a quarter of Australian adults questioned said they knew absolutely nothing about the way their personal information was handled.
Speaking at the forum, Australian Privacy Commissioner Timothy Pilgrim said privacy was a fundamental human right.
“Research indicates that while people are increasingly willing to share personal information online, they still want to know how their information is being used,” remarked the commissioner during his keynote speech.
“Even though many people haven’t got a clue what happens to their information, they remain concerned about the information being used in ways they do not expect.”
Dr Beed is realistic about the most pressing concerns today. “There is an increasing ability for all people to harvest and process it with an increasing technological ability in the years to come, which is going to be a greater revolution. The challenge is to do it without compromising people’s privacy.”
And then he smiles.
“If we can incorporate a sense of how to operate in regulated place and what are the ethical ways of going about things,” he tells me, “and draw the line between that and a nonprofessional approach where people are ignorant about regulations, as academics we are winning the war.”
As an educator, his is not an easy job. Creating awareness in the larger community is a long process, and maintaining the balance between ethics and business is a tightrope walk at the best of times.
Which is why, as a regulator, the privacy commissioner has an even tougher job and that is something Timothy Pilgrim is well aware of. As the commissioner quipped to an amused panel of marketing experts that had assembled to discuss the seriousness of privacy issues faced by the industry: “As we focus on the difficulties of the job [as code regulator], people ask me what I would have done differently? And I say to them, I would have stayed in my first job.”
He used to be an assistant winemaker up in the Hunter Valley.