In its last season, the popular show Parks and Recreation has made some big changes and, although set in the near future, is dealing with an issue already debated throughout the world: personal identifying information and data mining. Set in 2017, Pawnee, IN is now host to Gryzzl, a “super chill” Google-esque tech conglomerate providing free internet, social media networks, and even tablets to Pawnee. However, even in the eyes of its habitually corporate-loving citizens, Gryzzl has gone too far.
In order to gain favor with the Pawnee citizens, Gryzzl has been data mining their email, texts, medical records, and phone calls to send a drone to each citizen of Pawnee with personalized gifts. The citizens are outraged over this invasion of their privacy, and Gryzzl tries to make amends by throwing a concert, uploading a ticket to each person’s phone, with seating based on income-level.
Personal Identifying Information
Although Parks and Recreation is a fictional comedy, data mining for personal identifying information (PII) is no joke. Most major corporations collect vast amounts of information about the people who use their goods and services. This PII includes demographic information, marital status, if you use credit or coupons, salary estimates, browser history, job history, even your political leanings and reading habits. It is the job of “predictive analytics” departments to gather and analyze this information to more efficiently market to individuals.
The National Institute of Standards and Technology defines PII as “any information about an individual maintained by an agency, including any (1) information that can be used to distinguish or trace an individual’s identity, such as name, social security number, date and place of birth, mother’s maiden name, or biometric records; and (2) other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.” Sources of PII may include databases, shared network drives, social networking sites, and contractor sites, besides the information corporations glean from purchases and surveys. Moreover, technological developments have blurred the distinction between PII and Non-PII. Because the scope of data collection is so comprehensive, businesses are now able to combine seemingly disparate bits of “anonymous” consumer data from different online and offline sources and can tie that information to a specific person.
The FTC Report and Current Laws (or Lack Thereof)
In 2012, the Federal Trade Commission (FTC) published a report highlighting a consumers’ right to prevent websites from tracking their online behaviors and PII. The hallmark of the report was the proposal that companies include a “Do Not Track” opt-out function, which would enable consumers to prevent the collection of their PII. Spurred by the FTC report, a slew of unsuccessful legislation has been introduced in the House and Senate since 2010. Almost no states require a “Do Not Track” provision by law, though every state except Alabama, New Mexico, and South Dakota has enacted legislation requiring notification to individuals of security breaches involving PII. In practice, unfortunately, these are frequently buried deep in the “fine print.”
From a consumer standpoint, read the fine print! Be cognizant about which companies are collecting your information and how they are using it.
We’ll have to wait to see if they discuss privacy policies on Parks and Rec., although this author doubts their comedic qualities.