Thursday, February 11, 2010

The Information Ownership Act

The Information Ownership Act

Recognizing the evolving importance of secure personal information,

Understanding that the collection, dissemination and synthesis of this information has worth,

Understanding that abuse, fraud and government intrusion or over-reach are but a few of the dangers of unsecured personal information,

Confirming that individuals are the best owners, lessors and arbiters of their own property and information,

Introduced is the Information Ownership Act.

1. Any personal information generated or collected via a commercial relationship is owned by the individual citizen and not the commercial entity. 
2. The commercial entity possesses the information for the sole purpose of maintaining the commercial relationship between itself and the private individual.
3. At the close of the commercial relationship the commercial entity may keep in its possession a copy of all information generated and use it internally.
4. Any selling or disclosing of information must be done with permission and compensation to the individual owning the personal information.
5. Commercial entities may not, as condition of service, require individuals to waive or amend their rights in regards to their personal information. 
6. Commercial entities must disclose in detail any charges or fees associated with maintaining personal information.
7. Commercial entities are liable for negligent use, or loss of personal information. 
8. There is a reasonable expectation of privacy in regards to personal information created via a commercial relationship.
9. Commercial entities that maintain financial or medical personal information must disclose all policies, fees, procedures and safeguards to the individual via a clear "plain English" disclosure.
10. Commercial entities must immediately provide to owners of personal information, at a reasonable cost, all information created and maintained by the commercial entity upon request.


This Act is clearly designed to cover this non-exhaustive list: mobile phone information including any location data - internet access data including browsing habits and usage between the user and service provider - all medical information - all financial information including credit and commercial reports - any personal information that has worth or is reasonably considered private or valuable.

This Act is clearly NOT designed to cover this non-exhaustive list: simple over the counter transactions - purchases made or commercial relationships created while physically outside the United States - criminal background checks - tax information - personal information generated or exchanged for simple transactions that is not subject to data mining, resale or third party synthesis.

No comments: