Trust You with my data.......No Way!

There was an article on whether people will trust Google with their data on TechCrunch today, and I replied - and then had some more thoughts:

My Comment was:

Michael,

We have done quite a bit of work on this issue of trust, and I think it resolves itself into 2 main areas:

(i) Will people trust any enterprise to keep all of their personal data in a digital form?

(ii) If they do, who will they trust - commercial startups, corporates, not for profits, regulated or government constructs?

Most of the testing we have done (and seen) seems to resolve itself into 2 broad groups right now:

- those who do understand the issues - by and large they are not keen on giving any player their data - and if they do, they want it regulated (we also picked up some concern about US data protection laws vs European ones)

- those who don’t understand - they will probably go with “trusted” brands, though what “trusted” constitutes is up for debate. But over time these will diminish and the above will grow

Personally, I suspect one (or more) commercial “trusted” party will eventually be tempted to misuse the data, and there will then be an ensuing scandal and call for government regulation so it may just be easier to go for that first.

Would I give any one of these guys my aggregated data now - No Way…I think they are just not anywhere near competent when it comes to ensuring security. My ideal would be a peer to peer system where my data is on my systems, and I control access to it.

Now my further thoughts go a bit more into my recent experience and the consulting work we have done on this subject, and it is to do with what the implications of centralised vs federated data will be.

Firstly, I have been a victim of Identity Fraud - we moved house, our mail redirection went wrong and my mail went awol...next ting I know people are applying for credit cards in my name. But...and this is a big but - they did not have all my data so it was fairly easy to prove it was not me. If they had been able to get into a central receptacle I would have been far worse off.

Secondly, we did some work on Identity and related issues like Trust earlier in the year for a client, and it seems the prevalent approach of people, if given a choice, is to keep their data themselves, and let other parties have relevant subsets - which we called Profiles - that they can then use.

Overall there seems to be a strong feeling that giving any 3rd party a lot of your data is a Bad Thing. The most trusted people (in the UK anyway) appear to be High Street Banks, Utilities such as BT (preferably regulated) and the Government - but they were not Trusted, just seen as a least worst option. US (and probably any foreign) based commercial Portals were not trusted much at all, in fact a "Swiss Bank" level of discretion was needed for real trust.