Paul Venezia has written a nice article that talks about holding corporations accountable for identity theft. Basically, if somebody steals my data from TJ Maxx, then TJ Maxx should be held responsible for it.

Having had my credit card number stolen from a company before, I think he’s on to something here. There’s simply no recourse for me against a company who puts my identity out there for somebody to take. In my case, I joined a class action suit against the company and was mailed a check for $2. That’s what my identity was worth to this company - 2 measly dollars.

Almost every day we hear about laptops being stolen that contained thousands of social security or credit card numbers. Often times we learn that all of this data was sitting in excel spreadsheets somewhere on the computer.

There’s no valid reason that my social security number should be in an excel spreadsheet anywhere.

It’s bad enough that way too many companies require this number for non social security related purposes, but I shouldn’t have to even entertain the idea of my data sitting on somebody’s laptop in a coffee shop.

Paul’s proposed law calls for penalties for companies who don’t follow acceptable security practices, but I don’t think that’s enough. It may be time to examine some of our laws and add a clause about how we can store sensitive data.

There’s simply no reason that any of this information should be on a laptop, cell phone, memory stick, ipod, portable hard drive, or voice activated electronic diary. It should all be encrypted and password protected on a server that requires an authenticated user to access. It shouldn’t take a law to accomplish this, we should all be doing it already.

Having said that, now is a good time to look at your own business and how you store data. Are you storing data that you don’t really need? A good example is companies who store credit card information for 1 time sales. Having previously coded several e-commerce websites, I always made sure that we had no record of a credit card number on our server after we were done processing it.

What about social security numbers or drivers licenses? Are you storing them in a database in plain text format? What kind of information is on your employees’ laptops? Is it essential that they be able to take that information home with them? If so, how is it protected?

Asking yourself these simple questions can prevent you from suffering PR nightmares like TJ Maxx and Best Western are currently going through.

In this summer of superhero and supervillain movies, today’s New York Times has a chilling article about prowling online trolls and their fluid value system. This story makes a strong case for online identity theft protection (which is why we decided to offer basic, free identity theft protection).

Another key takeaway is that “almost everyone posts as anonymous” and most trolls refuse to disclose their identity. In fact, as one troll interviewed for the article said: “Ultimately trolling will stop only when its audience stops taking trolls seriously.” So key to identifying trolls, which the NY Times piece concludes, is to break anonymity by establishing reputation around a persona or pseudonym:

A broader answer is persistent pseudonymity, a system of nicknames that stay the same across multiple sites. This could reduce anonymity’s excesses while preserving its benefits for whistle-blowers and overseas dissenters. “People know to be deeply skeptical of what they read on the front of a supermarket tabloid,” says Dan Gillmor, who directs the Center for Citizen Media. “It should be even more so with anonymous comments. They shouldn’t start off with a credibility rating of, say, 0. It should be more like negative-30.”

I discussed personas in an earlier post, which is the idea behind Identity.net’s reputation sheets, or RepSheets. You build reputation across several personas — one for home, one for office, one for blog commenting, or however you choose to manage your reputation. You decide how much of your profile information you share on each RepSheet, which you can link to any site you use. What’s more, you can have your information verified by a third party, so those checking you out will know what’s true. Of course, you can also check out any Identity.net member to see what verified information they’ve shared about themselves. 

Verified identity fills the gray area between disclosing everything about yourself and the dark, anonymous places where supertrolls can hide.

Identity is not easy to define. Lots of smart people have been thinking, talking, and writing about identity for years. See Kim Cameron’s blog for lots of resources from academics and practitioners. Unfortunately, most of these definitions are indigestible by mere mortals. Identity, it seems, is one of these deceptively deep ideas. 

Dave Snowden’s takes an interesting approach. He lays out several criteria for identity — the roles you play, the “blurriness” of your identity, and how your identity changes over time. What struck me as interesting is how Professor Snowden borrows from chaos theory: “Identity in human systems is a strange attractor.” What?

A strange attractor is chaos theory jargon for a system that changes unpredictably when events change just a little. The weather is a common example — little disturbances can create big changes in the weather. As Edward Lorenz colorfully put it in 1972 when describing the butterfly effect: “A butterfly flapping its wings in Brazil can cause a tornado in Texas.”

What does this have to do with identity? Well, identity is chaotic, strange, and changes in big ways on small events. For example, consider becoming a parent. It depends on a single romantic moment. That single moment not only creates an identity where none was before. It also transforms you into a parent and forever changes parents into grandparents, sisters into aunts, etc.

Of course, identity is not just limited to individuals. Groups have identities too. The American identity shifted dramatically on November 7, 2000 when George Bush won the US election by just 537 votes, or 0.009%, in Florida. By many accounts, the election swung on the design of the butterfly ballot, an ironic coincidence with chaos theory’s butterfly effect.

For your online identity, the challenge is to naturally and safely use your identity in all its complexity, and seamlessly deal with the chaotic change that invariable happens to it over time.