More than two hundred years ago, Benjamin Franklin said there is nothing certain but death and taxes. If Franklin were alive today, he would add one more certainty to his list: your digital profile.
Between the data compiled and stored by employers, private businesses, government agencies and social media sites, the personal information of nearly every single individual is anywhere and everywhere.
When someone dies, that data becomes the responsibility of the estate; but what happens to the privacy rights around that information? What is an organization’s level of responsibility to follow data privacy regulations when the owner is deceased, and does that change if the person was a customer, a client or an employee?
Data as property: Who owns it?
The first hurdle in posthumous data protection is defining ownership. Any organization with data stored in a public cloud has had to address the question of data ownership in relation to cybersecurity: Whose job is it to protect data in the cloud?
“When using a cloud-based vendor, many businesses think that they are retaining ownership of their data in these third-party services agreements — but this is often not the case,” Jon Roskill wrote in Forbes. End-user licenses often have wording that shifts data ownership away from the consumer and passes it along to the vendor.
Data ownership is a very slippery slope. Businesses are frequently sold, and when that happens, the data is business collateral. It doesn’t matter if the data was generated by customers; it becomes the property of the new owners.
If we can’t define data ownership, we also can’t allow data to be inherited. ..
Support the originator by clicking the read the rest link below.
