My company hired a new employee recently and as part of my responsibilities, I ran a basic background check for our new hire. If you've never seen a professional background check, you will most likely be shocked by the level of detail that can be gleaned from public records.
My company hired a new employee recently and as part of my responsibilities, I ran a basic background check for our new hire. If you've never seen a professional background check, you will most likely be shocked by the level of detail that can be gleaned from public records.
Who really sets global cybersecurity standards?For fun, run a background check on yourself: What appears to be "mundane" when you read it about someone else, feels shockingly personal when it's about you. With a quick search on a name and Social Security number, I am able to get a report with enormous amounts of detail. I am able to find the current address of a person, their phone number and whether they own their house. I also see the current appraised value of that house and the names of everyone else living at that address, and everyone who lived there in the previous 10 years. I get the addresses of the 10 nearest homes, the names of those neighbors and their phone numbers. I then get the "family and neighbors" for every address the person has listed, going back as far as possible, sometimes to their birth. I see every car owned, every house, boat, aircraft or firearm; every traffic ticket, creditor, bank account.
All this is simply what can be gathered from three or four sources: credit reports, DMV records and open public records. While running these reports I am acutely aware of the enormous mass of data that is only one or two steps away from the public record: every Web search, every "friend", every wall post, every blog comment. How easily that data can leak and then be aggregated, indexed, cross-referenced, re-sold, re-re-sold and shared. It never goes away.
I used to live in Europe and while working there, I was briefly responsible for managing private data under the data-protection laws. The most important difference is the principle of ownership. Here in the United States, the company that collected "your" data, or most recently purchased it, owns it. You have no claim, moral, property or legal over your data. In Europe, by contrast, you own your own data and the companies holding it are merely "custodians". As custodians they must report their data practices and conform to certain principles of protection. Ultimately, you have the right to see the data about you, to correct it and in many cases to remove it from the custodians' databases.
If you want to learn more about privacy run a background check on yourself with a reputable online provider. Once you see what's out there, you will probably want to see stronger privacy laws. Here's the most important principle you want to see in such laws: data about you, should belong to you. You should be able to see it, correct it and remove it. Any privacy law that does not give you some ownership over your data is fundamentally flawed.