At first you might not believe me when I say that your information is valuable. Where you eat, how much you spend for Christmas, your struggle with weight… all these things give companies an advantage in convincing you to give money to them and based on history, companies are only too happy to use every advantage against you so long as they make money (extended warranties, Product Rebates, Gift Cards, etc.)
So the new cash cow is private information about people that will help companies sell things to you more effectively.
Step 1: Get as much of your data as they can.
While doing business with someone, they ask for information they don't actually need for their business. Sometimes they do it to support planned future capabilities and sometimes they do it for targeted marketing. And in some cases, they just sell it to someone else for some extra cash.
It happens all the time, but one of the more egregious examples I've personally seen was a small video-rental store who asked for your social security number as part of the sign up!
The best way to do this of course is to create a site or service where you will choose to volunteer personal data about yourself for no particular reason. For example: Facebook. Facebook openly uses the information in your profile to target ads to you sometimes in quite insulting ways:
With the knowledge that I was engaged to be married, the site splashed an ad across the left side of the screen playing into a presumed vulnerability. Do you want to be a fat bride? You'd better go to such-and-such Web site to learn how to lose weight before the big day.
Which brings us to step number 2…
Step 2: Use all the data to market to your interests (and also your weaknesses and insecurities).
Even if you don't see a problem with the companies you do business with capturing and storing information you didn't give them permission to have, what about when they sell it or lose it. That's the basis of the ID theft problem which exists because of one kind of data broker, but those are carefully regulated now and only capture one kind of data.
What about some of the other possibilities that arise when there are "citizen files" out there for anyone to have and use?
Companies complain and moan about how they need all this data to "tailor your experience". What that means is, "exploit you where you're weak" and make money from you.
A company that buys the customer list from Jenny Craig might guess that you have weight control problems and send you advertisements for diet plans and pills, or worse: catalogs for gourmet chocolates. If your purchase records show items like newborn diapers and formula, perhaps now is the time to hit you up for contributions for college funds and insurance.
Even worse, what if I decide I don't like you for some reason (damn you, you took the last donut in the breakroom!), but I know that you're a recovering alcoholic (saw it in your profile). Your Facebook page says your wife and kids are going to be out of town for the weekend so what if I drop a "gift from a friend" on your doorstep for you to find in the morning? Specifically a wine sampler or kegger.
I could literally destroy your life just by pushing you in the right place at the right time.
Exclusion and Prejudice
Let's say you have AIDS and many people don't understand the disease. If your doctor or hospital shared the information with marketers (or if your purchasing records show AIDS-related medication), it could spread. Maybe your gym would cancel your membership fearing the backlash if others found out. Maybe your kids would get kicked out of school by an administration that doesn't understand the risks. Maybe neighbors would start vandalizing your house thinking you've got the plague.
Think that's extreme? Didn't you ever hear of Ryan White? Or take a quick stroll through US history to find that census data was used during World War II to identify Americans of Japanese descent for internment. They didn't even have a communicable disease, they were just foreign!>
How easy is it to stalk you if your name and address are always avaialble from the nearest data broker?
If I have access to your credit card receipts or your "shopper card" records, it's easy for me to see whether you have stuff worth robbing.
If I know your annual income is off the charts, perhaps I can arrange to have your son kidnapped (which becomes even easier because I know your daycare provider's name is listed on your credit card statement).
Fixing the problem
A citizen should be able to control their own data. This does NOT mean that you should be able to just correct data, but that (minus being involved in crimes) you should exist in no databases against your will. All services should be usable without any personally identifiable information, or in the cases that such information is required (such as delivery of an item or billing), the data should be erased from all records, databases, backups etc. upon completion of the transaction.
For example: public libraries and video rental stores keep records of what is checked out, but they have no business keeping that data once the item has been checked back in. This serves no legitimate purpose and should be disallowed. They can keep information on what was checked out and when for organization and statistics, but the personal information should be removed.
Another example: If I make a credit card purchase online, I should not have to worry that they are keeping my card on file against my will. It should be used for the transaction only and then purged.
And another: I should not have to create an account with any web store just to make a purchase! Forced registrations are identity abuse and have no legitimacy in a consumer transaction. If I wanted to provide my data for easier checkout on return business, I would do so!
So, put simply, there needs to be stiff regulation of the storage and use of data.
They Can't Lose Data They Don't Have
There's a very simple philosophy I follow when it comes to data security. It doesn't matter how bad the security is or how smart the hackers are, if a company doesn't have my data, they can't lose it.
So remember every time there's a data breach and millions of customers' credit cards are stolen… It's not smart hackers, it's the data abusers who stored your information in the first place.