Who owns our data ?

We have discussed in the last week the importance of securing data and the possible risks related to this question. Privacy of data became a real challenge and a lot of efforts are spent in this field. The importance resides in the fact that a big part of our life is stored in databases. Considering companies, authorities, banks and hospitals, the quantity of data related to person in really considerable.

On of the important organizations holding sensitive data about us are banks; The hole transactions’ details, incomes and things we buy or spend money in are stored in huge database or data warehouses. Banks were the 1st targets of hackers, and this was to the sensible aspect of the information held by them. I read many stories about banks getting hacked and money siphoned from accounts. The damages are considerable and recovering such situations is often impossible or requires a lot of efforts.

J.Lamb stated “If a hacker damages data or alters program, it can cost thousands of pounds to repair”. Worries about the security of networks and infrastructures have prompted the EEC to spend about 500 000 £ on a study and the damages can be many millions (J.Lamb 1986).

An example of the banking system vulnerability I remember is the Iran’s central bank. “Iran’s Central Bank has announced that the electronic information of 3 million customers of 10 Iranian banks have been compromised. These banks now require their customers to change their ATM pin numbers before they can access their account. This has caused a rush to the ATM machines by the worried customers” (THN, 2012)
When an issue with data occurs, its consequences affect the company or organization that hold the data, and here comes the questions “What about our data stored in 3rd parties databases”? Should this be considers ours or it becomes the property of the 3rd parties? This question can be hard to answer and the debates around such questions are still unsolved.
Before concluding to such question, we should firstly discuss
– What are the responsibilities of companies, banks and organizations toward individuals? – What are the authorized manipulation and exchange of our information with other organizations?
– How can we judge the safety level and the security provided by the companies holding our information?
– In case of data lost, what can and should be done by these companies?
…etc. I am still asking myself many questions like these. Less clear answers were found for these enquiries.

For banks, the security and confidentiality of our personal data should be the considered the 1st concern of their IT professional. Compromising this data might have considerable consequence not only for the bank’s reputation but also many individuals’ lives.
We should also be considered owner of the data related to our transactions and incomes and aware about every manipulation of this data. A strict code of confidentiality and ethic has to be followed by banks (and every organization holding our data).

References:

J,Lamb and B.Fox, New Scientist magazine “Industry seeks secure computers”, July 1986.

The Hacker News, “Banking System Vulnerability – 3 million bank accounts hacked in Iran”, April 2012. Available online: http://thehackernews.com/2012/04/banking-system- vulnerability-3-million.html