Data privacy is the relationship between collection and dissemination of data, technology, the public expectation of privacy, and the legal issues surrounding them.

Privacy concerns exist wherever personally identifiable information is collected and stored – in digital form or otherwise. Improper or non-existent disclosure control can be the root cause for privacy issues. Data privacy issues can arise in response to information from a wide range of sources, such as:

• Healthcare records
• Criminal justice investigations and proceedings
• Financial institutions and transactions
• Biological traits, such as genetic material
• Residence and geographic records
• Ethnicity

The challenge in data privacy is to share data while protecting personally identifiable information. The fields of data security and information security design and utilize software, hardware and human resources to address this issue.
Source: http://en.wikipedia.org/wiki/Data_privacy

Ok, now if we extend that explanation so it deals with online social networks (Facebook, MySpace, Jaiku, BrightKite etc.) you might be left wondering what information is available about yourself.

For this brief study I’ll just deal with Facebook and its affiliates. If you remember back in the old days of the internet we were warned about posting our user credentials and personal information on the internet. Specifically our real names, location, address, birth date and phone number… credit cards and banking details are a given due to the fact most people realise the threat that these items pose.

So what has changed that we no longer need to worry about our personal information and data security? Nothing really. The technologies for achieving data security have grown and there is no doubt that the organisations implementing these technologies can stand tall amongst the many services that either fail or cannot generate enough interest to scale and keep pace. The sad truth is that with all of these technologies being put into place it is left to the user to navigate through EULA’s and sift through the site or services privacy settings. These days most services default to setting users profiles to a somewhat loosely secure setting. Assumptions are made that the user will change them as he/she requires and for the most part these settings are fine.

Problems and issues occur however, when a user installs a third party application or the service in question acquires a(nother) advertising affiliate. For a Facebook example I’m sure you will remember the Beacon advertising debacle and more recently the information leakage of Blockbuster rentals and sales [pcworld.com]. These incidents have brought the issue of user privacy on social networks into the mainstream media.

A typical Facebook profile can yield a wealth of information to someone developing an “in house” application with marketing purposes. It is, in its true form a great way to target specific audiences and niches. But as the saying goes, “With great power, comes great responsibility.”. It is here where trust goes awry… Letting a third party access your personal information is always a risky business as far as what they do with the information and who they share it with goes.

In this day and age there is very little chance that your personal data will stay protected and confined to one source. Facebook and most social network sites need advertising and affiliate marketing companies to stay afloat, so it goes without saying that the currency that these sites deal in is personal information. You personal information can change hands with a staggering amount of companies in a short amount of time.

By now your personal information not only contains your name, address, phone numbers and date of birth…. it contains (more than likely) who you are friends with, who you keep in contact with, your email address, your friends email addresses and phone numbers, where you are and what you are doing and with whom and the list could and does go on. Would you give someone on the street this information? Would you give a telemarketer this information? The most likely answer is no. So why do we entrust all of this information to a Social Networking company? Is it the need to connect to new and old friends and to network for like minded individuals? I don’t have an answer to that one.

As you may or may not have noticed all of this information is tied to your email address. If you lose your password to a social networking site you can get an email sent to your account with a new or the same password. This brings up another issue of sending plain text passwords through email, but I won’t get into that argument here. But this should bring to light the importance of strong email passwords.

Email addresses have been long becoming a commodity as well. This is largely due to marketing and spammers getting paid for harvested email addresses. Although there have been no major email address harvesting from social networking sites in my opinion it is more than likely to happen in the future. Although the personal information that can be gleaned from a users profile will always be worth more an email address might be easier to gain.

These are just a few of the notes that I’ve taken for a Soicial Networking Privacy and Security report that I am currently writing. I’m thinking that this post will be one of three or for in a series, part 2 will be posted sometime late next week. If you haven’t nodded off already, thanks for reading and hopefully part 2 will answer some of the questions this post has brought up.