This topic has been on my mind quite a bit lately as we’ve been working on a system to automatically publish information on the calls we (the North Karelia Rescue Department) get. I was originally planning on writing in Finnish about it, but the story (via) on Seattle Post-Intelligencer on how the Seattle FD changed its feed to prevent Seattle911.com from automatically displaying call locations on a map spurred me to write about in English first.
As a fan of Nightwish’s music I’ve been following the controvercy surrounding the firing of Tarja Turunen from the band. Yesterday Marcelo Cabuli’s letter was published on Tarja’s site in which he promises to openly answer questions sent to him. While I’m quite doubtful of the openness that is promised (and generally anything that comes from his mouth), as a advocate of privacy and data security I’m very concerned about the following in his letter:
I wish to be able to answer to the people that might be really interested to know. In order to avoid wasting time with emails of other kind, I will request that every email sent has as subject the following info: complete name of sender (not nickname), ID number and country of origin. Please send the questions in English (or Spanish)
I read the above paragraph several times and I can’t figure out any other interpretation to the ID number other than an ID code that is used to identify an individual . At least in my understanding, this would be equal to a personal identity number as defined in Finland.
The Finnish Data Protection Act (PDF) states the following about gathering personal identity numbers:
A personal identity number may be processed on the unambiguous consent of the data subject
or where so provided in an Act…
While there are exceptions and such in the act, the relevant content for us is the requirement of the unambiguous consent from the subject. Sending an email message with your ID number isn’t adequate to satisfy the requirement in my book. Finnish law also requires that the party responsible for collecting the data states how the data is going to be processed. Using a personal identity number just to filter out spam or questionable messages isn’t an adequate use for an ID number in my book. The relevant act also states several requirements on data security and sending information to officials.
After all of this and based on my own doubts, I strongly recommend everyone to not send their personal ID number as the subject of a message to anyone. There may be even some cause for Finnish officials to take action in this matter.
This post is also published in Finnish in Satunnaisia leiskahduksia. Update: typo in Marcelo’s name fixed.
While I’ve been following the job market in ICT here in Finland for quite some time. Because most of the open positions have been in the Helsinki area, I was positively surprised to see several open positions here in Joensuu. While I read through the position descriptions in the paper I noticed the familiar name of an ex-boss. He was the CEO of a company that went (practically) bankrupt. It got me started on thinking on how previous experiences with people and their web presence are used in establishing credibility and trust.
The company that I worked for was a typical startup of the nineties and dot-com bubble. Lots of money flowing in from venture capitalists and fast-and-furious spending. As was the case when the bubble burst, we noticed that we don’t have enough real customers and the expenditures were way too high. So the lay-offs started. At this point I should mention as a disclaimer that I was laid-off in one of the final rounds.
I feel that the CEO and management of the company were very much responsible for the bankruptcy. Of course, in every company the ultimate responsibility lies with the management and board, but the dot-com bubble gave many people a handy way out — it was the market’s fault. The scariest part about it all was the way management and marketing kept spinning words and phrases so that nothing seemed to be wrong and we had many good customers who paid us a lot of money. They were quite good with their shovels.
Now I see a company with the same CEO and immediately my suspicions are triggered. The position that’s open is interesting and the previous relationship I’ve had with the CEO would give me visibility for pay increases and promotions but I can’t help think that the position should be avoided at all cost. So I turn to the web to see what the new company is doing and is it in any way viable.
So, type the company name into Google and see what results are obtained. A Google search doesn’t find the company’s own site, just some descriptions of presentations the CEO has given in industry events. It now seems that the new company is working on mobile stuff (same as the previous) and interactive television. Now red flags start popping up all over my head — especially after reading the synopses of the presentations’.
I can hear the same marketing-speak that I remember hearing several years ago. Sure, the buzzwords have changed, but the content is too similar; too filled with castles built in the clouds. I decided to still give the company the benefit of the doubt and looked at the Finnish company registry (YTJ) and found the email address of the CEO (why wasn’t it in the position listing I wonder). Using the domain of the email address as a web address worked – now I had the company pages open.
The company web site was more of the typical corporate speak that most company sites are. We build great products, have a excellent team of professionals and management that knows what they are doing and we have values. The product descriptions were sketchy at best and the only customer they have listed is a TV channel (who is also mentioned in a recent press release). None of this instills any confidence in me.
I’m still wondering why one companies site can increase my confidence in them while another’s just decreases it. Am I just prejudiced because of past experiences and mentions of technology that I don’t like? I don’t know, but I’d like to know what kinds of experiences others have had in the same way. How can a corporation create a website that fosters trust in prospective employees?
And BTW, the O’Reilly Radar has a good piece on marketing speak on the back-cover of books.
I’ve been following various discussions related to publishing photographs and the right to privacy of the subjects in the pictures. Partly of followed them because of my work and how the pictures that rescue (fire) departments take may be quite a breach in privacy.
In part the inspiration for this post has come from an article (via Kari Haakana) in Poynter and the reasons (via MeFi) why the New York times published the selected front-page picture of some of the child victims of the tsunami. While the reasons why the press wants to and can publish certain images differs in some cases from personal publishing, the basic ethical principles are the same and the same laws apply. While I will discuss the matters with respect to my understaning of applicable Finnish law, I feel that the principles are applicable in other parts of the world as well.
Hmm… I’ve (like many others) been getting messages from various “banks” and “credit card” services that try to get me to fill a survey because of all of the resent frauds. We’ll, today I finally took a closer look at the URL where the survey is supposed to be. While the URL looks like http://www.mastercard.com/cgi-bin/emergserv.cgi?… even in Thunderbird, the real URL is http://61.197.191.122/%20/www.mastercard.com/certegy_mc/… You can see the real URL by pointing your mouse over the link and looking at the status bar, as usual. Trying to access the page with Firefox results in a connection refused and the address bar shows the real URL. So, without a test with Internet Explorer, I’d presume that the “survey” only works with IE as the URL will only look like a valid Mastercard URL in it. Once again, I am grateful that IE isn’t even available on Linux.