Your digital footprint: what you don’t even know about yourself

I’ve realised that my digital footprint is huge! I’ve started tracking my internet and app usage and on any given day I use between 15–40 apps to manage my life. That’s before I start looking at any websites for home, work, or university.

If you haven’t ever considered your digital footprint before, the Data + Ethics infographic gives you several examples of how you might be engaging with the world that creates a data trail.

What don’t I know about myself?

I voluntarily give out a lot of personal information using apps and online services. I know I’m doing this and I’m aware of the potential cyber risks of data being hacked, identity theft, and information being sold to third parties. More concerning for me is not knowing what I’ve inadvertently given away or even worse, what might have been learnt about me that I don’t even know about myself. Do I have a right to see this new and unknown data — it is about me after all?

As I go down the rabbit hole of what might be known about me, I’ve realised that organisations could have some very helpful information I’d like to see. Are my groceries delivered on a weekday healthier than those delivered on a weekend? Are there days that I favour when exercising and others that I always skip? In what months do I spend more than I earn and is there a pattern to what I’m spending that extra money on?

Alternatively, what do those organisations know about me that means my life is impacted negatively without me realising it? Where am I not getting the best discount? Am I getting a different level of support? Or is there no engagement at all because I haven’t met the threshold of some important algorithm? Should organisations have an ethical obligation to share both the positive and negative things they know about me? Let’s look at an example from the past.

Evolution of credit reporting— the case for change

Collecting data, linking it together and making decisions with it is not the preserve of the digital age. The creation and management of a digital footprint has many similarities to the evolution of credit bureaus and the credit score. Looking at credit issues; the public’s changing expectations and when legislation joined the party, can give good insight into what we might see with the future of the digital footprint.

Credit bureaus have been around for almost 200 years and collect information on how reliably people pay their debts. Reporting from these bureaus is then used by organisations to decide whether they should extend credit to someone. Until relatively recently Credit bureaus were opaque; no one had access to what had been collected about them or how that information was used in credit decisioning.

Credit reporting was initially done by informants where “lawyers and bar tenders alike, informed on fellow citizens”. Another common tactic was using middle class women as a “welcome wagon” to visit new neighbours and report back to credit bureaus on what they learned. It was noted that, “credit reports moved beyond the financial into value judgments on our marital relationships, our personal habits and morality, how well we maintain our households and a countless number of other intimate details.” Hyman, Debtor Nation: America in Red Ink, p177.

Equifax, one of today’s big credit bureaus shows in their History of Consumer Credit, that by 1955 millions of files were kept on US consumers; with information gathered by scouring “local newspapers for notices of arrests, promotions, marriages, and deaths [and] attaching this information to credit files.”

Credit bureaus were taking many tiny pieces of information and putting them together to form a profile of an individual. Just like our digital footprint today creates a permanent data trail these credit reports created an identity. In this case a “financial identity: an un-erasable mark that reflects bad behavior in the past and compels good behavior in the future.” Times, The Long, Twisted History of Your Credit Score.

From opaque to transparent

With access to credit such an essential part of life and credit reporting being used for things other than credit, it was critical that changes were made. Legislation on credit reporting arrived.

The US introduced The Fair Credit Reporting Act in 1970. In Australia, the Law Reform Commission shows that while Queensland, South Australia and Victoria enacted legislation in the 1970s, there were grave privacy concerns throughout the 1980s. One commentator in 1989 stated “the public regards consumer credit reporting as the largest single information privacy issue”. The following year national legislation was passed with the Privacy Amendment Act 1990 to regulate the handling of consumer credit reports by credit reporting bodies and credit providers.

This new legislation gave everyone in Australia the right to see what was held about them and correct that information if needed. It also prescribed what could be recorded by credit bureaus and how that information could be used.

What we can learn from the history of credit reporting

Heading back to our infographic, we can learn much from credit reporting when looking at the six future focus areas for Data + Ethics?

“Hippocratic Oath” for Data Scientists — in the case of credit, it took legislation to define what ethically should be collected and used. If there had been an oath for credit reporters, I believe this would have had some impact on individual behaviour, but the industry fundamentally needed to transform. Future Data scientists, like our friend Dilbert here, will be the lynch pins to holding the line on ethical behaviour in organisations.

Increasing Responsibilities for Data Stewards — I would suggest this role previously didn’t exist in credit bureaus. The public didn’t know what was happening with their data and the bureaus felt they could record anything and report it to third parties. Where they went wrong was assuming the public wouldn’t find out about what was happening. The Data Steward role of the future will be key to not only governing the management and use of data but also keeping the pulse on public opinion and changing expectations.

Increased education about data footprint — when people understood the impact credit data had on their lives and their lack of control over their own information, they found their voices. Complaints increased and at one point a dozen US states took credit bureau Experian to court over their mismanagement of data and “horrendous customer service” creditrepair.com. With visibility of these issues coming much faster in the digital age, outcry will follow closely behind and consumers in particular will move on if they believe their data is being misused in some way.

Fairer distribution of data access — Once individuals had the opportunity to see their credit profile, they could act. Today, credit bureaus proactively give out information to help people improve their credit score, which was unheard of 50 years ago. For data footprints, I believe organisations who make open the insights they hold on people (both positive and negative) will have the opportunity to create a unique value proposition and a different level of engagement with their customer or user base.

Regulator Focus — NSW introduced Australia’s first privacy regulator, the NSW Privacy Committee, which entered into a voluntary agreement with the Credit Reference Association of Australia. With little incentive for credit bureaus to comply with the agreement, individuals did not see benefits from self-regulation, and it was eventually deemed ineffective in 1983. Australian Law Reform Commission Regulators need teeth to hold organisations and whole industries to account, particularly where significant change is needed. Where self-regulation does not achieve this, legislation will need to swiftly follow.

Legislation — legislation on credit reporting limited the amount of data that could be held, how it could be used and how long it could be stored. I expect we will see future legislation addressing aspects of social media such as how long data should be retained and how to manage forgotten data or lost accounts. Limits might be put on what data can be collected, however I think it more likely though that greater transparency will be required; particularly what data is retained, any profile created through big data analysis and how it is being used.

While these are my working assumptions on the future of data, one thing I do know for sure — my data footprint is valuable and it provides knowledge. In many cases my data will only reach its full potential after sharing it with organisations that will analyse it, but I also want them to share their findings with me. So, I will be closely watching the ethical practices of the companies I engage with and taking stock of how they engage with me. When I don’t like what I see, I will be taking my data footprint, and its immense value, elsewhere.

RESOURCES

If you have concerns about how you are engaging with the internet or are worried about the digital footprint you already have, there are some great resources available to you:

· Australian Cyber Security Centre — how to do things safely online.

· eSafety Commissioner — helping Australians have safer, more positive experiences online.

· Youth/Young Adults (under 25) — webchat with Kids Helpline