Who you are, or perhaps, more accurately, "who are you today?" is a question that Internet companies are striving to answer by collecting data online. Armed with this information, marketing specialists can create impressive profiles of your likes, dislikes, product needs, and even wish-list items. With the profiles, they can then direct advertising at you that's optimized for your needs. When you choose to fill out a profile, it's usually so that you can access information you want but found unavailable in a more open form. These voluntary and "coerced" forms of data collection, though, place information into large databases, over which you have little or no control.
Most companies collecting the information do a good job of protecting the data and usually provide a very visible policy statement clarifying what will be done with the data that you provide. The positive side of data collection and management by these companies, however, has become overshadowed by a number of overzealous and in some cases, unscrupulous companies that either retarget your information or peddle it to other companies. Early stages of this have already appeared in many credit-card companies and even government agencies, like the Department of Motor Vehicles, that frequently sell or rent slices of their databases.
Movies have often exaggerated the possibilities of databases allowing security forces to track personal activities and movement by collecting data on purchases made by credit card or other electronic payment forms. Additionally, many consumers have some back-of-the-mind fear that seems to feed on the totalitarian Big Brother images cast by George Orwell's view of the future in his famous science-fiction novel, 1984. Perhaps some of those fears are valid. But I think that there are many safeguards for companies and users that can be put in place to protect data.
The safeguards can go a long way to protect or mask individual identities while allowing social scientists and market analysts to peruse the data for analyzing various population trends, issues, medical conditions, etc. What those safeguards are must still be determined. Companies, including the various city, state, and federal government agencies, should certainly have clear policies about what they do with their collected data. But should we go as far as creating a national or even a worldwide policy as to how organizations must deal with the personal data collected because self control has already apparently lost out to greed?
Thus far, the Web has been mostly self-regulating and it has worked fairly well. For the hard-core "violators" of personal data, however, we should probably find ways to quickly coerce, enforce, and even punish companies violating governmental or even their own policies regarding the use of personal data. Whatever the action, it must be accomplished at Web speed because it's nearly impossible to control data once it gets out onto the Web.