Ross Graber Consulting

Who owns the data associated with a user’s account within an online service?

The answer isn’t simple. For example, email has a different status than an address book. In the case of a social network derived from an address book, the social graph is viewed by the business as a compilation of data with a unique arrangement, and therefore copyrightable.

However, many consumers don’t understand or fully agree with this data grab. Facebook was at the center of a recent scandal. A user wrote a script to pull our his social graph information. A FB script noticed the TOS violation and banned him. However, consumer groups are forming lobbying groups to advocate for more user rights in “data portability“.

There are startups developing “Social Network Aggregators”, and those were recently proposed as the 2008 killer app. The Open vs Closed debate will continue moving to center stage this year.

This post is an ongoing collection of articles, surveys, and research about data governance and privacy.

General references:

• The EFF has a page that gives a status update on pending legislation and court cases related to privacy rights.

Specific references:

• Privacy Rights Clearinghouse has a chronology that documents data breaches since 2005. The grand total - 216 Million records in the USA from 2005 to present. A number of these are organizations that sell information security products and/or services and have failed to “eat their own dog-food”.
• MySpace suffered a security breach recently that allowed hackers to download a massive amount of private photos. Those have recently showed up on BitTorrent.

This post is an ongoing collection of articles, surveys, and research about IT General Controls.

• The Royal Bank of Canada suffered major downtime due to a failed upgrade of their computer systems in 2004.