The Equifax hack has ignited the wrong conversation about the sanctity of our personal information. Instead of asking who owns it, we should focus on what companies and governments are allowed to do with it.
People are rightly shocked by the theft of data on some 145 million Americans. They reasonably wonder why any company should be allowed to amass so much information about them without their permission. But preventing others from gaining access to our data is all but impossible, and not necessarily desirable. Sharing is mostly good, because it means we can all hold valuable truths. The potential dangers depend largely on how we answer a different question: What important decisions can our data be used to make?
Companies often go to great lengths to protect their intellectual property, using black boxes, secret algorithms, password-controlled Power Point presentations and strict non-disclosure agreements. Regular folks, though, couldn’t do that if they tried. Ubiquitous cameras capture our faces and license plates; Wi-Fi kiosks ping our phones as we walk by; nearly every click on the internet is saved somewhere, sometimes by multiple companies.
I’m not saying that there’s no point in privacy, or that all data should be up for grabs. I’m deeply troubled by the way some educational technologies surveil our children, for example. But I do think that instead of focusing on the unattainable goal of “owning” our information, we should seek to control its use. We should adopt strict laws — a Data Bill of Rights, if you will — describing in detail how it can be used against us.
Consider credit reports. They shouldn’t be used in screening job candidates — except for specific exceptions, such as handling cash. The idea that a person’s credit can indicate their ability to do a job well is both false and destructive. It creates a feedback loop, in which people who have been out of work for a while find it increasingly difficult to get a new job as their finances deteriorate. Even so, only 10 states outlaw the practice.
Speaking of getting a job, the hiring process is a great example of an area in which people have too few rights. It’s difficult to avoid answering questions, even intimate ones, if your livelihood depends on it. Some regulations limit what potential employers can ask, but they need revising in the age of big data. Companies can buy your profile from data warehouses, glean personality traits from your Twitter feed, and infer your health risks from readily available shopping behavior. Such information might at times be useful in predicting someone’s employability, but the process can also go terribly wrong or serve as a proxy for race and gender discrimination. Without proper protections, picking up grandma’s prescription could cost you a job.
It’s a new world, one oversaturated with information about all of us. Instead of pretending it’s under control, we need to get busy protecting ourselves and others. This won’t happen individually, by people wrapping their phones in tin foil. It needs to be legislated.
Cathy O’Neil is a mathematician who has worked as a professor, hedge-fund analyst and data scientist. She founded ORCAA, an algorithmic auditing company, and is the author of “Weapons of Math Destruction.”