How do we conceive, package, control, and secure personal information? More specifically, how do we control our health information—a subset of personal information?
Putting All the Eggs in One Basket
So, I'm putting my eggs in one basket
I'm betting everything I've got on you
Everything I've got I bet on you, everything I've got on you
Everything, every single thing, I've got I bet on you.
Follow the Fleet, Irving Berlin 1936
There is a common belief that goes beyond mere lyrics—a belief that safety is assured when we place things of value in more than one store. But is this correct? Do we store a portion of our money at the grocery store, at the gas station, or at the mall? Do we like music or video that are only playable on a single device? Do we like social networks that restrict our relationships and conversations to an imposed logged–in session?
Commensurate with this belief is the companion notion that interests can be self–assembled into discrete packages. Overlaps do not occur and are disallowed where conditions would bring about an overlap.
Expanding the metaphor—the basket exists as an empty (or relative) construct that is defined by the aggregation of discrete interests—that which holds. Each egg is an world unto itself—defining both the dimensions and duration. Privacy and security of the eggs' contents are subject to the discretions of the eggs' defining entities. Safety is entrusted to others, with the semblance of control ours.
Putting All the Baskets in One Egg
Wonder if we flip the metaphor. The egg becomes the defining artifact and the baskets relative catergorizations. The egg is co–existent with the life and interests of the individual. Privacy and security concerns are now spread uniformly over the whole; instead of discretely at a particulate level.
Safety is evenly and uniformly distributed over the baskets. Control goes from a semblance to an actuality. This becomes an argument of local (eggs within a basket) v non–local (or global; baskets within an egg) control.
We have few qualms over the entrustment of our financial information to an American Express, Citibank, or VISA. We would never consider a similar entrustment to the local grocery store, department store, or resturant. Instead we use financial instruments (check or card) of the former for the finanical information transactions with the latter. Financial information is vested with a third party (bank or credit card company) to conduct business, on our behalf, with a merchant. Personal financial transactions, except for cash, are examples of non–local (or global) control via third parties.
In contrast, most of us (if we do at all), backup our personal computers and smartphones locally to harddrives, DVDs, or flash storage units. Most of our pictures and home videos are stored on original recording medium and may be duplicated and locally stored. Non–local ("third party") storage is not widely used. Would anyone consider exclusive home storage of irreplaceable family memories secure storage? In this sense local measure are not secure measures, but rather measures of convenience and historical practices.
Health information, like personal memories, are subject to local security practices. The question is often asked how could anyone trust Google Health or Microsoft's HealthVault? It's the wrong question—the question is how can you trust the dozens or tens of dozens of entities and institutions that you have entrusted with your health information all along?
Banks and credit card companies make mistakes and have security breaches. Will Google or Microsoft have similar problems? Of course they will, but it's not having the problem that should be the concern—the concern lies where the problems occur and there is no entity or institutional awareness or no third party oversight.
Because breaches happen, and do so with seamingly increasing frequency—begs the questions where the information should reside and where the safety measure should be exerted. Do we need a third party industry to manage our personal information (including health information) that is separate and distinct from those entities and institutions that conduct informational transactions? Do we need to consider the relationship of eggs and baskets? Do we need to force a transactional dichotomy between storage and use as we see and utilize with our financial transactions?
0 comments:
Post a Comment