Legendary cryptographer and computer security expert, Bruce Schneier, developer of a number of widely used cryptography algorithms (such as Blowfish, Twofish etc) has recently written an article describing a taxonomy of social media data with specific reference to its privacy implications:
- Service data: the data you provide to use a social media site (e.g. name).
- Disclosed data: the data you provide about yourself on your own pages, for example, comments and status updates.
- Entrusted data: items that you post on other people’s pages, the difference being that you relinquish control of it to them at the point of submission.
- Incidental data: data others provide about you. As with entrusted data, this is information you cannot directly control that is under the stewardship of someone else.
- Behavioral data: your habits, interests and ‘activity monitoring’ information.
- Derived data: heuristics that can be inferred from other data that you make available. Schneier uses the example that if many of your friends describe themselves as being gay, there is a higher than average likelihood that you may be also.
Clearly some of the facets of this taxonomy have disturbing implications (especially derived data) and Schneier’s point is that users need to be offered greater control over the information they submit
“It’s also clear that users should have different rights with respect to each data type. We should be allowed to export, change, and delete disclosed data, even if the social networking sites don’t want us to. It’s less clear what rights we have for entrusted data — and far less clear for incidental data. If you post pictures from a party with me in them, can I demand you remove those pictures — or at least blur out my face?” [Read More]
As DAM systems become more social, there is also an implication for the collection of asset usage information and other routine surveillance. Sites like Facebook have recently come under the spotlight for their somewhat casual attitude towards privacy and this makes it likely that governments may consider that legislation is required. If that were to happen, privacy taxonomies of the type described could become essential for maintaining a system that afforded protection to the owners/operators of a DAM system.
For DAM SaaS providers (or any DAM vendor who hosts on behalf of their customers), the boundaries also become quite blurred – who is ultimately responsible for privacy, the client who places their assets on the system and makes it available, or the provider for offering the facility and collecting usage data in the first place?