Even if the hardware partner is acting in good faith and does not
sell your personal data to junk mailers, disclosing more data
than necessary is still a very bad idea. A rich archive of personal
details is a treasure trove for identity rogues and makes the company
a very palatable target of attacks. The liability is also
higher in case of accidents. A laptop forgotten on a train with a
list of names plus company addresses is much less likely to unleash
a class action lawsuit than the same list of names with
home addresses, birth dates, and so on.
The principle of minimal disclosure can and should also be
applied at a ?¬?ner level of granularity. A business selling wine, in
a country where alcohol consumption is allowed only after a
certain age, may be tempted to store the birth date of recurrent
customers. That is a point of liability that could be easily
avoided because it is possible to store only the aspect relevant
to the business (that is, a Boolean expressing if the customer is
above or below the threshold age).
The ???need-to-know
basis??? principle
applies to identity
Incorrect disclosure
of data can have
negative effects
even a long time
after the event
occurred
98 Hints Toward a Solution
Unfortunately, today??™s identity silos often invite practices in
open violation of the second law.
Pages:
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177