Your Identity Your Terms
Minakshi Tikoo, PhD MBI MSc MS
Minakshi Tikoo, PhD MBI MSc MS
Chief Problem Solver
Published Aug 3, 2022
Why do we share our personal information so willingly? Our data can be mined and misused sometimes causing emotional and financial harm. Despite the discussion in Congress about the lack of effective privacy policies in managing peoples’ data, we continue to share voluminous amounts of personal data on social platforms and websites– knowingly and unknowingly– to our detriment.
Many industries have been using the “know your customer” model to engage and provision identity verification, especially in finance. For example, in India, one needs to annually update a “Know Your Customer” form at your bank. This process needs an address verification, a signature verification, and an updated photograph. Despite this process, banking and ID verification in India continue to be a problem. This is after we have an Aadhar card which is based on biometrics, but it cannot solve for incorrect and inaccurate data entry error, and those are abundant.
On the other extreme is the US, with our commitment to not creating a national universal identifier, we have spent millions of dollars in creating reliable identities for the customers and patients we serve by linking, matching, and curating data from commercial datasets that sell very personal data. In the last decade. smart phones have become indispensable devices: from ordering groceries, to getting rides, paying for services, and interacting with friends and family. The value of smart phones was demonstrated repeatedly during COVID. When we interact with applications on our smart phones, we are asked to prove “who we were,” whether we are getting care in a hospital, or boarding a plane, dinning out in COVID times, or going to a social event. This begs the question: How can we make it easier to prove who we say we are? At the same time, we want to be able to oversee our data, control our identity and allow and have organizations trust us to carry our identity in a verifiable credential format.
So why are agencies of government and healthcare so hesitant to give us the control over our identity. These organizations seem to know the inherent value of our identity data to their business. If our personal information is not valuable it would not have any currency on the dark web or be a source of revenue for companies. Entire lines of business are based on aggregating information about people and then selling it to companies for use, such as credit bureaus from whom many industries buy person-level information.
Health care organizations have started leveraging credit-based information to verify and manage identities within their mammoth data systems. This inability to resolve and manage person identities is extremely expensive and does not deliver 100% accuracy. People share awful stories about how bad data gets into these third-party datasets and there is no known way to get it corrected. Some people become so desperate that they start attesting to incorrect information about themselves, just so that they can get through pseudo digital paperwork processes running underneath some identity verification protocol.
Most people are not in the identity business, so they do not understand the implications of attesting to inaccurate information. This one action now validates incorrect information. If it was difficult to get your information corrected before, now you made it impossible. How would you explain being of sound mind and attesting to living at an address that you never lived at? This demonstrates the power of the industry over people. We need to flip the power differential because you indisputably know yourself best and should be in control of your information.
So why not let the person manage their identity information. If we want to sell our information then at least we are making the decision to share/sell this information to a provider based on a mutual understanding of its use. These small changes in ownership of data, might end up influencing companies like Google, Facebook, and LinkedIn, to respect customers’ privacy more, evaluate their relationship to customers, or pay people for the use of their data. We as customers may also pause before we decide we want to use these types of companies to sign into other accounts.
Data is a valuable asset and personal data is even more valuable. So how do we begin to get control over our data? We need to become informed customers and exercise our right to privacy and demand that we be allowed to own our identity and control how and with whom we want to share our data. This shift in the power dynamic from big companies to the person is a continuum from centralized to decentralized identity and a balance between trust and control. A lot will change in this domain in the next 5-10 years. And I am hoping that we win this fight and get back control of our identities.