E-News Exclusive

Your Identity, Your Terms

By Minakshi Tikoo

Why do we share our personal information so willingly? Our data can be misused and exploited, often causing emotional and financial harm. Despite the discussion in Congress about the lack of effective privacy policies in managing data, we continue to share voluminous amounts of personal data on social platforms and websites—knowingly and unknowingly—to our detriment.

Many industries have been attempting to create a model to engage and provide identity verification, especially in finance. For example, in India, citizens need to annually update a personal information form at their bank. This process includes address and signature verification, and an updated photograph. Despite this process and others, banking and ID verification in India continue to be a problem. The Aadhar Card is based on biometrics, but it cannot solve for the abundance of incorrect and inaccurate data entries.

On the other extreme is the United States. In the absence of creating a national universal identifier, we spend millions of dollars on creating reliable identities for the customers and patients we serve by linking, matching, and curating data from commercial datasets that sell highly sensitive information. To conduct business and run our lives, smartphones have become indispensable commodities—from ordering groceries and getting rides to paying for services and interacting with friends and family. The value of smartphones has been demonstrated repeatedly during the pandemic. Digital applications frequently require us to prove our identity, whether accessing bank apps, reading work e-mails, or receiving care at a hospital. This raises the question: How can we make it easier to access and verify our identity? Simultaneously, we want the power to oversee our personal data, control our identity, and have organizations trust us to carry our identity in a verifiable credential format.

So why are government agencies and health care organizations so hesitant to give us control over our identity? These organizations seem know the intrinsic value of our identity data to their business. If our personal information were not so valuable, it would not be sold on the dark web or be a source of revenue for companies. Entire lines of business are based on aggregating information about people and then selling it to companies, such as credit bureaus, from whom many industries buy person-level information.

In the last decade, health care organizations have started leveraging credit-based information to verify and manage identities within their colossal data systems. This approach does not resolve and manage personal identities, is extremely expensive, and does not deliver 100% accuracy. Often, bad personal data get into these third-party datasets and there is no clear way to get them corrected. Some people become so desperate that they start attesting to incorrect information about themselves just so they can enroll and get through digital paperwork processes running underneath an identity verification protocol.

Most people are not in the identity business, so they cannot understand the implications of attesting to inaccurate information. This one action has created a validation of incorrect information. If it were difficult before to get your information corrected, now you have made it impossible. How would you explain being of sound mind and attesting to living at an address where you never lived? This demonstrates the power of the industry over people. We need to flip the power differential because you indisputably know yourself best.

So why not let individuals manage their personal identity information? If it is sold, then it can be done so based on a mutual understanding of its use. It might influence companies such as Google, Facebook, and LinkedIn to respect their customers’ privacy more, evaluate their relationship with customers, or pay people for the use of their data. We as customers may also pause before we decide to use these types of companies to sign into other accounts.

Data are assets, and personal data are even more valuable. So how do we begin to get control over our data? We need to become informed consumers, exercise our right to privacy, and demand that we be allowed to own our identity while controlling how and with whom we share our data. This shift in the power dynamic from big companies to the person is a continuum from centralized to decentralized identity and a balance between trust and control. Much will change in this domain in the next five to 10 years, and I am hoping that we win this fight and regain control of our identities.

— Minakshi Tikoo is director of product management at NextGate.