Are addresses sensitive or private information? It’s a good question to ask since many of us have address data in our databases. I asked this recently at a SQL in the City event and the room was split. I come down on the side of “no”, for addresses in and of themselves. After all, the domain of addresses is known. It’s public information in most every country.
A few people pointed out that while the address isn’t private data, when it’s linked to a particular person, it is private. It’s not the address, but the linkage. To me this should give data modelers pause when trying to set up a schema, whether set in an RDBMS or a schema on read in some other type of data store. Separating the user from the address, and having a link that doesn’t necessarily disclose private information can reduce the surface area of sensitive data in your system.
A second question: have you ever worried about your name being on a door or mailbox? I know some people in larger cities have, but that might be a minority. As I’ve visited friends, a name is often valuable to see on a mailbox, especially in my rural area where houses aren’t very visible from a road. That might change, or need to change. An article in the Washington Post notes that in Vienna names are being replaced with numbers. The linkage to an actual person is being removed in response to a complaint. It this overkill? I don’t know, but it is worth thinking about.
Google Street View and similar services might be affected. The service blurs faces, but it might need to start blurring addresses or even houses. I’m not sure I think that the images are problematic from a privacy perspective, but I also know that the ability to harvest data remotely and create linkages occurs at a scale and with a creativity that I would never have imagined.
Could a set of thieves search for people posting a vacation notice, image search for a house and then start correlating those images with Google Street View to find addresses? Sure, though arguably a search of public records for ownership might be easier. Many people rent, so maybe this is a bigger issue than I think? I’m not sure, and really, trying to determine how criminals might use data hurts my head.
I do try not to be too paranoid, but I do get concerned about data privacy. The stories of abuse I hear in the world are truly stunning. The creativity of criminals is scary. I don’t know where to draw the lines, but I do think that we should neither be cavalier with data nor paranoid. There’s a balance to be found, but one that needs debate and deep thought, not casual dismissal or overreaching concern. I hope as a society that we move in the direction of careful consideration as we derive some framework for both the protection and use of personal data.