You Sat in Seat 7F AND You Ordered the Chicken ...

In the three years since 9/11, the term "data mining" has become a dirty word among privacy advocates. While much evidence points to digital invasion of privacy as a legitimate concern, I didn't think much about it until I wrote a story this week about the Transportation Security Administration's plans to test its new Secure Flight program. TSA has ordered all 77 domestic air carriers to provide passenger name record data for anyone who flew during the month of June. Hey, wait a minute, I flew during the month of June.I'm not really worried about the government knowing how I paid for my ticket, where I sat, or even where I went. I figure they could find that out anyway, if they wanted to. Still, I can't help but wonder who's going to have access to that, albeit innocuous, information and how it might be used.

Welcome to life in 2004. Spend any time online and you'll repeatedly have to give information about yourself to get the information you need. I've got online subscriptions to newspapers and news services from one corner of the country to the other, and each of them wants to know a little something about me before they open up their archives.

Yet I heard something this week when I was covering the National Association of State CIOs conference in New Orleans that made me think that personal information privacy is not all but extinct. During one of the conference's panels, Stephen Holden, an assistant professor of information systems at the University of Maryland, noted, "Technologies are privacy neutral; the privacy impact depends on how those technologies are used."

Holden wants people to make a distinction between technologies that "affect" privacy and those that "violate" privacy. Put simply, it's not wrong for a vendor or the government to require someone to validate their identity in order to enjoy some privilege or service. In fact, the ability to perform digital authentication can save time and money. Where people need to be on guard is in paying attention to the policies governing their data. It's not OK, for example, for a business or government agency to collect personal data for one purpose, and then use that data for a secondary purpose, unbeknownst to the person in question. Holden says there are some legitimate reasons for secondary use, but these almost always raise privacy red flags.

The public's general distrust of the government with personal information could ultimately impede important E-government initiatives, Al Sherwood said during the same panel that featured Holden. Sherwood, deputy chief information officer of policy and planning for Utah, on a related note also pointed out that the increase in phishing, toothing, adware, spyware , and malware also threaten to undermine much of the good work done during the digital age. Not only does government need to keep it's own house in order with regard to privacy, it's got a responsibility to help curb potentially destructive online scams, which seem to be limited only by hacker imagination these days.

Sherwood had a couple of suggestions. The best way to encourage the public's trust in the Internet is to educate them about how their information will be used and what they can do to protect themselves. He recommends that private sector businesses not store their clients' entire social security numbers within their e-commerce applications. Another suggestion is to have all government agencies standardize on the .gov domain to avoid confusion and promote legitimacy. And finally, politicians should endorse effective privacy measures and pass on those that only serve as a distraction. "Do not spam" lists, for example, are more likely to become a target for hackers than provide a real benefit for Web users, Sherwood said.

Now that we've gotten that taken care of, I've got to respond to a recent e-mail I received from CitiBank. It seems they need me to verify my account information …