Sunday, December 19, 2010

Who Owns Our Data?

When considering the ownership of information about a person, we need to consider a number of factors. Initially, we need to establish who generated the information as this will impact the entitlement to store and access the information. For example, Social Insurance Number (SIN) is generated Service Canada when a person is born or immigrates to Canada, therefore there is legitimate business need to store the information in its database. On the other hand, if the information was generated by a different entity (even the person itself), it is questionable if the government has a legitimate need to access that information. Although the legal complexity increases as the technology advances and more and more information is stored, in majority of countries the ownership of the data is governed by a law or a privacy act.
Whereas, as mentioned by Jones, Andy, Glenn S. Dardick, Gareth Davies, Iain Sutherland, and Craig Valli (2009) “there has also been an increasing trend in the use of the same computer to process and store both the organisation’s and the individuals personal information” therefore in corporate environment the lines are more blurry. For example, if a person uses corporate resources to send and receive Email messages containing private information, does the organization have a potential entitlement for the information?
To thoroughly examine the complexity of data ownership, consider the following scenario. An employee is required to provide medical, credit and personal (previous employment, skills, etc.) information prior to employment. Then, an employer generates information about the employee such as salary, weekly utilization and performance measurement. Finally, during the employment the employee generates information such as documents, software code, idea and thoughts which could be owned by the organization or by the employee itself. The last case is usually covered by an employment contract but the other cases are not always defined by a contract or an applicable legislation.


  • College, Mitchell A. 2010. "Disclosure and Secrecy in Employee Monitoring." Journal of Management Accounting Research 22, 187-208. Business Source Premier, EBSCOhost (accessed December 19, 2010).
  • Jones, Andy, Glenn S. Dardick, Gareth Davies, Iain Sutherland, and Craig Valli. 2009. "The 2008 Analysis of Information Remaining on Disks Offered for Sale on the Second Hand Market." Journal of International Commercial Law & Technology 4, no. 3: 162-175. Academic Search Complete, EBSCOhost (accessed December 19, 2010).
  • Yekhanin, Sergey. 2010. "Private Information Retrieval." Communications of the ACM 53, no. 4: 68-73. Business Source Premier, EBSCOhost (accessed December 19, 2010).

1 comment:

  1. When thinking about the "data", don't confine yourself to the obvious... in reality, every piece of information is important and can be glued together to create a complete puzzle which is our "electronic" identity.