Quote:
|
Originally Posted by Frank Ettin
If something is a threat, act. But if one can't articulate why or how, in real life, something is an actual threat, stand down and watch.
|
The problem with that standard is that it doesn't account potential abuses and abuses we've not heard articulated.
I hadn't heard the Apple/Amazon hacking fiasco articulated before it happened, yet it was real. However, it still seemed circumspect to keep personal information close to the vest.
As to the matter of potential misuse, one can imagine that people who objected to Social Security Retirement and the associated account number as a de facto federal ID# would not have passed the standard above. However, after the program was entrenched people not even in the retirement/employment system were required to obtain a number. Today, I can't open a checking account without this number.
Quote:
|
Originally Posted by Aquila Blanca
I am MUCH more interested in not having the information compromised in the first place than I am in a basically useless "We screwed up" letter after the fact.
|
Indeed. One might trust an entity with gratuitous collection of confidential information, but one's trust isn't an impediment to misuse. Not permitting the collection in the first place is an impediment into which one can place real trust.
There also appear to be two distinguishable but related issues discussed here. One is abuse of information given in confidence. A general practitioner paid in cash can do that.
The second issue is the capacity of the party with whom a confidence is shared to use it against you. For this second issue, a lone GP seems much less threatening than than a large provider network, or a quasi-governmental payment system.