Posted on 2018-01-29 by: Axel Kloth
Equifax got hacked. So far, so bad. I never had a good feeling about anyone collecting my data that I had not explicitly authorized to do so, and it not being a government agency with the need to do so.
Here is what I mean:
As a citizen or permanent resident I understand that local, county and state as well as federal government have the need to obtain and collect certain data sets. Why? Well, I plan on using some infrastructure that is provided by the government. As such, the government must know what my needs are, and correlate, verify and aggregate that against anyone else in the range of influence of a project. If I do not give the appropriate government entities information about what I expect the schools need to be, what the roads should be, and what the public transportation should be, how I’d like to see my Internet access regulated or not (in general, what the transportation and information infrastructure should be), then I cannot complain if any one of them do not meet my needs. So to some degree, it is necessary to collect information from citizens and permanent residents to allow governmental agencies to figure out how to solve the current and upcoming problems.
I am still as of this day stunned by the fact that for example the German government had all birth data, but could not figure out how many kids would have to go to school six years later – Migration numbers were low, and so were infant death rates. As a result, it really did not need a PhD in statistics to figure that one out!
Either way, I do see and understand the need to collect and interpret and correlate a limited set of data points by governmental agencies. Other than that, if a private company wants to collect data about me and aggregate it, as far as I am concerned, they need my consent. After all, data about me and my habits is MINE. It describes ME. If need be, I’ll trademark myself to prevent anyone else to collect data about me and my habits.
The credit reporting agencies did that without my written consent. I should be able to sue them as they have been criminally negligent with the data about me that they had no business collecting and aggregating in the first place. I would like to see them sued out of existence, for good, and not only Equifax. After all, I did not consent to them collecting data. But even if they did, and even if they had a raison d’être (which I fundamentally dispute), there is no way that they should expose data on their unwilling “customers” in a bulk fashion. It does not take much to secure a mySQL database such that no more than ONE record can be read at a time, and that a backup can only be made to a well-known secondary server (set). It is absolutely and criminally negligent what Equifax has allowed to happen, even if one subscribes to the (in my personal view) criminal collection and aggregation of information about a person without that persons’ explicit consent.
