Information Life Cycle

By Henry Bagdasarian

Information life cycle must be understood before we can start to discuss identity theft risks and how we can control and manage our personal information. Below, a general high level flow of information also known as the Information Life Cycle as is described:

a) Information is born - a new piece of information is created by either you such as applying for and obtaining a credit card or a passport, or by someone else such as a hospital issuing a birth certificate.

b) Information is maintained - after a piece of information is born or created, it is used, shared, and stored as it is maintained and managed through the information life cycle.

c) Information is destroyed - at some point; your personal information is destroyed either by you such as closing a credit card account and destroying the plastic or, by someone else such as a company closing your account and deleting your information, before or upon your death. There is a risk that even a dead person's information can be misused after his/her death because the information was not properly destroyed upon his/her death. For example, misuse of dead people's social security card and number is more common that you can imagine because either death was not communicated timely to the social security administration (SSA) or the administration failed to record death in their system on a timely basis, if at all.

As I mentioned, any personal information can be created by you or others. Such information is then maintained throughout its life cycle until it is destroyed. Take the example of a credit card. You apply and provide personal information to a bank to obtain a credit card. You then maintain, use and share this credit card while the bank maintains the information you initially provided to obtain the credit card. By applying and obtaining a credit card, you have just put yourself in just two risky situations: First, the bank information may be stolen by identity thieves, and second, you may lose your credit card or its information may be stolen to produce counterfeit credit cards, resulting in credit card fraud.

You and/or your company must perform continuous risk assessment throughout the information life cycle to determine:

a) which information is important to you and has the potential for maximum negative impact,

b) what can go wrong at all times either by your actions or the actions of others you entrust your information with such as the bank or your kids, and

c) what you intend to do about the risk – mitigate the risk or just live with it. For example, you may decide that the benefits of obtaining a credit card outweigh the credit card fraud risks when considering all factors such as building your credit history or spending bank's money. Based on your risk assessment, you then develop a plan of action(s) to mitigate the risks which become part of the policies for your home, organization or company. Remember, you can never eliminate risks one hundred percent. Therefore, based on this high level understanding, and my rules described on this web site, do your best to protect your information and please feel free to add additional rules I may have missed.

Please understand that the suggested tips may not apply to all individuals, all cultures, all situations, social classes, countries, or the not so paranoids.

Learn about identity KAOS principles after information life cycle.