What personal data should never be published on the web?

Question

I have been ask to create a kind of family web site where a relative can publish essays and photos of various family members (mostly ancestors).

Confronted with a mass of personal information such as birthdate, place of birth, date of marriage etc etc, it got me wondering just how much of this should be made readily available on the web. I will be putting password protection on the site so it won't be completely open to everyone.

What are your thoughts on this?

• Is is enough to hide personal details for living persons and display everything for the dead?
• How do you manage to tame the geek in you which wants to do everything technically possible and instead do what is 'proper'?
• Is there a checklist for this kind of problem?

Answer 1

I would think that as for the ancestors you can put pretty much any information and not be worried. As for the living people most information is probably ok besides like telephone numbers, emails, SSN (lol). It also depends on who can create an account, if its just the family I think all information supplied can be shown. If random people can access it hide the more private information.

Also I suppose because your building this site for a family or your own, you can ask the client what they think about privacy.

Answer 2

Speak to your users and get feedback about this issue. What are their thoughts? Afterall, if there is a backlash, it will be these people that you need to keep happy.

My initial thought is that the amount of information available will probably depend on the wishes of the family members.

However, to implement a granual system such as the one used by Facebook's would be a hard to build and may slow down your development time.

Answer 3

In France, even the name of a person may not be published. Actually, it may not be stored in a computer without an explicit declaration to a dedicated authority named CNIL.

From the site:

Founded by the law of January 6, 1978, the CNIL is an independent administrative authority protecting privacy and personal data.

Answer 4

I'd suggest you set up a Privacy Policy. There are plenty of websites who can help you with this, ot you could go and see a Lawyer who could help you set one up. You could then host this Privacy Policy on your website, which could be accessed via a link at any time.

As an example the Privacy Policy will ensure that:

• You've be given permission to use this personal information
• Other visiting your website aren't allowed to take this information away and use it elsewhere.

You can then make sure that anyone visiting your website who enters in personal information, photos etc has to tick a box to agree to the Privacy Policy.

Answer 5

The most important question you need to answer is this: How could a really dedicated person abuse the information? I don't mean someone who stumbles upon your site, I mean someone who wants to ruin one of your users: a stalker, ex-spouse or ex-wife. These people will go to great lengths to come up with creative ways to use your data like deducting genetic diseases from the lifestyles of the ancestors, trying to determine the financial background of someone based on how much money they must have inherited, etc.

Clearly, this question can't be answered. Whenever you think you've made something more fool-proof, the universe comes up with a better fool. So I would create this site as a secure storage where only the users can see what they put there. No sharing of the data should be supported or permitted.

Answer 6

1. Consult a lawyer to know the exact legal requirements applicable to your country/state.

2. Put yourself in the shoes of someone whose information would be available in the system and think about what you might be worried about (if you're worried you're too much of a geek to know the concerns of other "normal" people, approach it from the angle of "what's the least amount of info I need to be able to exploit the data" then you should be able to identify atleast the most vunerable data).

3. Ask someone whose information is going into the system how they feel about by now reduced set of data you have reached.

After taken any concerns they may have into account, you should be in the clear, but if the lawyer gave you very vague guidelines to start with then you should probably double check with him again.

Answer 7

The first you've to look at is at the laws of your country. In Spain we have the LPD (data protection law) wich allow to store sensible data, but allowing the user to modify or delete it, and not comunicate it without the permission of the user. Also you've to make a good investment in security. In my personal opinion, I think you don't have to show any sensible data, national Id, exact home location, bank data... I won't show it if the people is alive or if it is dead because it may reveal sensible data of the family of the dead. In any case I think the best idea is make an adeal with the client, and notice the user the policy that will be applied to the data.

Answer 8

Dead people: Publish all/any information unless it could affect a living person. For example, an illegitimate birth where the next generation are living and may not know about it. Be careful of children brought up by other than their natural parents. Be careful about criminal convictions. Be careful about half-siblings.

Living people: Publish no information unless that person, and anybody else affected by the information give their explicit consent. Even then, it is probably safer to not publish.

If you are within the EU/EEA, you must ensure that any personal information about living persons cannot be accessed from outside the EU/EEA. (EU data protection law). If you are in the EU, see my example at http://easterbrook.org.uk/home_faq.html question 2.

Under Swedish case law, it seems it is illegal to publish family tree or genealogy information on the internet.

In the US, the law is fairly lax (except for the disclosure stuff) but civil liability is probably a big issue.

Answer 9

Public records were actually, surprise, public in the US for quite a while -- that certainly includes places of marriage and names of children. And there were databases of those as well. Chances are, the same applies to your country.

Anyway, I think your best bet is to

1. Find out what data is already public info
2. Inform the user about the possible risks. The user isn't supposed to make any reasonable security decision, (I can't stress that enough - you can model a typical user as a script that always presses Yes key) but they should at least understand not to rely on that information as a secret key.
3. Do all of that in an up-to-date privacy policy
4. If the user consents, do check the law, but it's probably somewhere closer to the bare minimum, so I hope your privacy policy will be better.
5. And be honest with user above all. If your database is broken, inform users.

If you follow this steps, I don't think there is anything to fear about handling personal data.