How Personal Information Can Be Misused
Private information should stay just that – private. Litigation Executive Ben Brown explains how it can be misused and how people should protect their personal information.
Data privacy laws and the CCPA are designed to set parameters and limitations on how companies can use personal data. But these can only get us so far without a more fundamental change in culture and behavior.
The practice of commingling blurs the lines between personal and business finances, creating an environment that’s more conducive to fraud. Commingling also makes it more difficult to trace transactions and maintain financial transparency. This can be particularly problematic in insurance, where commingling may result in the company failing to pay claims or suffer significant losses due to poor investment decisions or unforeseen circumstances.
For example, if a lawyer commingles client funds and personal expenses and the client files for bankruptcy, it’s likely that the money will be entangled in the proceedings and the firm might not have the resources to return the funds to the client. Taking preventive measures by clearly defining segregation requirements, conducting regular audits, and reconciling bank statements can help protect individuals from the negative consequences associated with commingling.
A clear separation between personal and business accounts can also help avoid legal complications like fines or penalties if a tax agency discovers commingling practices.
2. Personal Benefit
Many companies have specific parameters set for how personal information can be used. These are often outlined in laws, industry standards, corporate policies, and user agreements. Misuse occurs when a company uses information beyond these boundaries. This is often not done maliciously and instead results from missteps on behalf of a company employee or even a third-party partner.
When personal benefit is the motive, misuse can be a major issue. This type of misuse includes anything from using information to gain a competitive advantage to exposing information for the purposes of fraud. In this case, the information is accessed by someone with access for their own gain, such as an employee at Fifth Third Bank who leaked sensitive customer data to fraudsters, including social security numbers, driver’s license number, and mother’s maiden names.
In this type of situation, harm can range from a nuisance to denial of rights or the loss of liberty. To determine if this applies to your use of personal information, you can examine the table of harms outlined by the Future of Privacy Forum (FPF). It can be difficult to identify what impact your usage of personal information could have on an individual and their ability to make informed decisions.
Ambiguity is a problem in which something has more than one meaning. It can be a semantic, syntactic or pragmatic problem. A semantic problem may involve bound versus unbound readings of a pronoun. For example, “Jill saw the man with binoculars” could be ambiguous if the sentence were interpreted as “Jill saw the man who had binoculars.”
A pragmatic problem involves inferences licensed by conversational context. For example, “everyone loves her mother” can be interpreted as either “everyone loves her” or “everyone loves that guy’s mother.”
Strategic ambiguity is the use of language to conceal a hidden intention or evade responsibility. It’s used by business and political leaders to achieve their goals without causing resentment or putting themselves at risk. It can be hard to detect since it’s not intentional but rather the result of a lack of careful planning or forethought. However, research suggests that ambiguity elicits curiosity from people when it’s moral in nature.
Generally, there are parameters in place to ensure companies only use personal information for its intended purposes. These can be established in user agreements, corporate policies, or laws. Data misuse happens when someone uses information beyond those stated intentions. It may be a misstep by an employee, third-party partner, or even by the company itself.
One of the most common ways that data can be misused is through fraud. This can include deception, fabrication, impersonation, or coercion. Examples of this could be an employee submitting overtime that they did not work or making false reports to management.
In a world that is increasingly digital and work-from-home based, it can be difficult for companies to enforce data security. For example, Fifth Third Bank in Cincinnati experienced a breach when employees leaked private customer information to unauthorized third parties. This included social security numbers, account balances, and mothers’ maiden names. Thankfully, this was not a cyberattack, but rather an internal oversight.