Privacy by Design - Part 2
FTC's framework proposes that business should only retain consumer data as long as there is a legitimate need. The data retention period must be reasonable and appropriate. For instance, companies tend to retain old data for long periods of time which they may consider valuable for a future need; however, consumers might have provided their private data just for the current service or product! In addition, the archived consumer private information may be prone to identity threats and if such thefts occur they may go unnoticed for long periods of time. The commission states that businesses should promptly and securely dispose of data in any form, for which they no longer have a specific business need. In principle this is an excellent measure but what if businesses relate some dummy business activity as to proof that they still need the data?
Private data accuracy is another term that is referred to in the Commission's draft. Businesses need to ensure that data collected from their customers is accurate and should take reasonable steps to verify this. Lots of things can happen with erroneous or incomplete private data. If consumers are allowed to benefit from public or private services by means of identification verification then they may gain or lose if their data is incorrect. This can cause significant harm to individuals such as when accessing funds or health benefits. Conversely, mischievous persons may take advantage of a weak system!
The draft is open for discussion and as already noted above, the concept of specific business need as regards to retain related data is to be analyzed further or defined in more detail. The discussion should include the retention period and if this should depend upon the type or the sensitivity of the data. Other issues may hit businesses with legacy systems where they might not be in a position to implement such principles on their systems. Finally, are these fundamental protections feasible? That is, how are the businesses going to balance the costs and the benefits of such protections?