Yet another report of a massive leak of personal data by a large service provider in the news. No longer surprising and no sign of legitimate mitigations on offer – other than ‘be vigilant – keep on the lookout for unexpected uses of your personal information’.

Many of the posts in this series have focused on the evolution of digital service models in which consumers pay the price of attention, management oversight, and data entry effort on behalf of service providers. In addition, consumers also agree to provide personal information as a prerequisite to accessing a service to ‘authenticate’ the consumer and make it easier for the supplier to provide services through digital interfaces.

Historically we have encouraged diverse ecosystems of suppliers to ensure competition and incentivise innovation. An owner’s experience can be enhanced with a greater choice of service providers and product suppliers – particularly if our ‘relationship’ begins and ends when we enter or walk out the door. In this early digital era, we enter into a ‘relationship’ with every supplier through consensual access to our personal information as a prerequisite to receiving the product or service.

My personal information is held by thousands of suppliers who have no incentive to care for that information in the way I would. Redundant and outdated copies of my data are spread across countless data stores – I’ll never know where and most of my ‘trusted’ service providers don’t know where it is either.

In the Business to Business space, it would be ludicrous for a company to keep the corporate information of every one of their customers. A tax file number, maybe bank account or payment intermediary details – that’s all. In the Business to Consumer space, gathering as much data as possible about customers has become the norm and exploiting that data to push more sales the goal.

The much vaunted 2-factor authentication does nothing to limit the policy of consumer data scraping. It does, however, move us to the point where we’ll need to use a combination of user, password and mobile phone code every time we want to access a service – more work for the consumer and no responsibility being taken by the service provider. Passive data harvesting and analysis is still a very rewarding activity and does not require 1 or n factor user authentication.

The only way this situation will improve is for providers to accept and consumers to adopt a personal authentication agent that provides approved interface keys and negotiates and records all data exchanged with each provider. While an individual’s data can still be hacked, the damage is limited to one individual. The same hack on today’s providers damages millions of consumers.