All this privacy policies mess makes me think...
The global concern about Privacy, data collection and use makes me wonder and think quite a lot. Why are we all so afraid to admit we collect data?
I have discussed about this about three years ago with @ringhioy2k, former IS Operations of a well known company. Our idea was to develop a set of disclaimers to be published on Corporate websites. We were pursuing two main streams:
- E-Mail Policy and Compliance
- Web Site data usage, privacy and compliance
Technically the two were drafted to give information about how the communications are digitally treated and managed to avoid loss of data streams, which happens quite often due to Anti Spam systems or more complex firewall systems like Layer 7 firewalls. In a technical process this could lead the counter party to have a clear detail of how data is processed and, if so, altered during its path. Just think of what happens when in your http stream information like HTTP headers in server response starting with "X-Apple-" are stripped out. The user experience is to be unable to connect and download Apps from the store on their devices.
Likewise e-commerce systems, SOAP calls or APIs, as well as some applications might stop working. Having such mentioned page on the website could allow the counter party to find information (yes it's a disclosure) on how to set properly their systems to allow the correct access to data and information.
This was the technical view, the secret dream of a CTO when he or she starts working with a third party. A page where all data, punctual and detailed can be found. Call it some sort of tech-fetish, but it would allow businesses to work smoother and faster than it happens usually (and communications are established by either "opening all" or "reverse engineering" the systems).
From an end user point of view things are different. The end user nowadays wants to know what data is being collected and why. Why am I creating a session cookie in your browser? Do I collect your IP address in my database? If so, why? For how long? (no I do not collect IP addresses in my database - FYI). Do I encrypt passwords in my database? Do I give access to your data to third parties? If so, which data is passed?
Social networks like Facebook have pages and pages of information on Privacy and data collected, but most ingormation are just obfuscated or explained in a way a common user might not be able to understand. Or want to read.
So why corporations are so afraid to say how, where and why they collect end-user data? As a Customer of a company, wouldn't you know that your data is protected by any mean? If you have a question, can you contact someone that would actually reply?
As things are getting more complicated and laws are being written to "protect end user data", some data are just given away and collected. It won't stop no matter what is going to be the law, so why just not admitting how and what use you give to such data?
Perhaps, it's because IT systems inside of Corporations tend to be so damn complex that the Corporations themselves don't know how and where it's stored. And, indeed, how to wipe it out.