A vulgus pecum SLA
The recent public release of Google spreadsheet has brought to surface worries and concerns for corporate data protection. In short, with this application, Google will be opening yet another hole into the already permeable membrane protecting corporate data.
Some may wonder if Google offers a service contract to protect data with Google Spreadsheets… So far, the agreement is limited to a software license agreement that disavows liability. No doubt there will soon be an option for corporate users who would want more reassuring terms, based on policy and regulatory requirements. This is usually referred as a service level agreement. In the business world, this document is used by an organisation to expresses its control objectives or risk losing control to a service provider. When the providers understand what is expected of them and agree to it, then and only then does it become appropriate to allow them to hold and manage sensitive data.
The important aspect of this regulation of the data handling comes from the origin of the SLA: the organisation is the one expressing the required level of control and the liabilities caused by a loss of control. And everyone agrees to consider this to be “best practices”. Then why on earth couldn’t we have the same for our individual identity data? Empowering the end user and giving him the ability to “regain control and express incurred damages” over its identity would also mean giving the user the possibility to define the terms of its expected service level agreement. Identity, its associated and its perception are entirely contextual. Only the identity’s owner is able to assess and express the real risks incurred by a misuse of this information. In effect, it is the service provider that should have to abide by the “vulgus pecum” SLAs! Not the end user agreeing to the provider’s often flawed and limited “privacy” policy. But this would be in an ideal world…Technorati Tags: Identity, Digital privacy, Digital reputation, Digital identity, Antecipate