Data Retention and Privacy
My previous post on distributed identity raised another thought, especially about the way Gamespy deal with personally identifiable information (thankfully I never registered my credit card details with them!)
By requiring organisations to record data and information for a lengthy period of time seems to be at odds with a desire for privacy. For example, I really do not want any association with Gamespy, so I requested that all my details be removed from their systems (a request they refused). I can see where a company may not be able to remove details stored on backup systems or stored data tapes, but why can't they delete or remove my details from live systems?
Of course, this issue only really came about because Gamespy was bought by IGN, who them promptly re-enabled my disabled account, allowing access to it again. I only found out by accident that my account had been re-enabled - and I could have theoretically been held responsible for misuse of an account I thought had been deleted.
I can now see the need for trusted identity providers to provide a service where personal information is kept live, but is never stored except for immediate backup purposes, where the nightly backup overwrites the previous night's backup.
I'm sure there's lots of good reasons to keep backups for long periods of time, but frankly I'm worried that my personal details (and credit card details, and home address) could be stored by a company long after I've ceased doing business with them, and that could potentially be used by someone else.
I would much rather my personal identity provider could wipe out my details on request. Maintaining the live data in a system like this would also encourage people to ensure the information is kept up to date.
I'm not even terribly worried about my identity provider's system's crashing or being wiped, since that serves a good purpose anyway in destroying any data about me, giving me the opportunity to correct, update or change the data as and when I need.
But there'd be no audit trail, no way of tracing changes to the account, no way of seeing who made the changes, the first few of which I like a lot, the last of which is a challenge for the service provider.