Data Minimisation on my birthday, April 1st

When we talk about the principle of Data Minimisation, it’s usually in a business context, such as the UK’s Data Protection Regulator, the ICO outlines:

You must ensure the personal data you are processing is:

·      adequate – sufficient to properly fulfil your stated purpose;

·      relevant – has a rational link to that purpose; and

·      limited to what is necessary – you do not hold more than you need for that purpose.

So as a business, we keep a check on what we hold about individuals. As a data subject / citizen, it’s never really thought about. So today, I want you to think about it in a personal, what’s in it for you context.

We often over disclose details about out existence digitally, on varying platforms used for products, services or interactions. Often this information is disclosed without a second thought as to where it may end up or what happens with that submission. Let’s be honest, general users don’t read the pages and pages of terms. They just want access as quick as possible.

So your data is out there, online. Held my many organisations around the world. You, your identity is out there. How do you feel about that? Daunted? Concerned? Apathetic? In a world of digital interactions is important that you take steps to minimise the data about you, thus demonstrating good digital hygiene behaviours so you don’t have rely on others to ensure the handle it in a fair, transparent and secure way.

In 1995, one of the characters from a groundbreaking movie, Emmanuel Goldstein was famed for saying “You could sit at home, and do like absolutely nothing, and your name goes through like 17 computers a day.”

This was 25 Years ago.

The movie, Hackers, was a great fictional story on hackers of the time, I’ll apply some great fictional logic to extrapolate further. Moore’s Law - the number of transistors in a dense integrated circuit doubles about every two years. Let’s assume we apply this to the “17 computers”. In 2021 we should expect to see our names go through 139,264 computers a day! That’s a lot of computers with my details in it. Are they all secure? Processing in a way compliant with GDPR?

We then introduce to some of the risks associated with your digital information:

• Identity Fraud (The use of that stolen identity in criminal activity to obtain goods or services by deception.)
• Financial Crime 2019 Financial Cost of Fraud report estimates the cost of fraud to the UK is between ￡130bn - ￡190bn a year.
• Cyber enabled fraud (Pretty much anything here https://www.actionfraud.police.uk/a-z-of-fraud-category)
• To Redirect, Obviate, Impede. Detect, Limit or Expose goods, services, interactions and reputations. Vocabulary taken from a great paper on characterising effects of cyber adversaries here. Organisations, Governments and Individuals are all in scope sadly.

Don’t worry, all is not lost. You can help yourself in this digital world by securing your digital life and have a little fun at the same time. Encourage others to do the same.

Be more Loki. Embellish your creative fantasies.

No post of mine would be complete without a Marvel Comic Universe reference, welcome Loki, Norse God of Mischief and Tricks. He’s known as a trickster for both humans and gods, but there were times when he used his trickery for good. That’s what you should do.

Next time you register for that new app of the moment, the free Wi-Fi service in the coffee shop or social network consider playing tricks with your identity. Fantasise and create random or different identities, that still allow you to access the service, but leaves you one less organisation to worry about with your data. Do they really need to know your actual name, maybe reinvent yourself as a Michelle or Mohammed.

Contact details, do you really want to hear from your coffee shop on email? If it’s not critical, just make one up. Most fields for email, are just after ‘[email protected]’ format, so it could be anything. Microsoft have a great ‘Alias’ feature here that allows you to have [email protected] emails that actually come to your inbox, meaning you can safeguard your primary address. Google have a similar feature here. Using this is great insight to where you disclose an address, and who ends up using it.

Think about it, you may need to be over 18 to register for a service, but do they need your exact birthday? Are you expecting cards from your social network? I’m not, just another opportunity share some tips on data minimisation. 1st April was an arbitrary date. I do however feel worse each year, as I’ve such a great network I get more and more birthday wishes. More than I get on my actual birthday nevertheless. This is just one way; I’m minimising my data online.

Thank you all for your birthday wishes, it’s very much appreciated. I’ll save them for when I turn 28 later this year.

Your data is valuable and is often the main goal for apps and services online. Take care of it. It’s a lot harder to 'YOU' reset.

N.B. For legitimate legal services, don’t be like Loki, be you. No one wants to see Superman register for council tax. For everything else, there’s a Baskin Robins of choices, over 1000 different options you can choose.