Companies must not forfeit privacy in march of technology
Businesses need to take steps to recognize and protect stored data as a valuable asset
By Byron Acohido, ThirdCertainty
It’s truly amazing that we need pay no subscription fee to use Web mail or Web search, nor to participate on Facebook or Twitter or partake of countless other social media websites and Web apps.
But make no mistake, these empowering online services are not truly free.
The price you pay is your personal privacy. Every move you make online is routinely logged, stored and data-mined by companies aggressively seeking to profit from profiling individual Web users.
Meanwhile, the definition of personal privacy—namely, the right to be left alone that was shaped and widely honored before the arrival of the Internet—has been dismantled in our Internet-centric society.
ThirdCertainty recently sat down with Michelle Dennedy, chief privacy officer at Cisco, to discuss the wider context and go-forward implications. (Text edited for clarity and length.)
3C: Are businesses taking too much advantage of the absence of online privacy?
Dennedy: We have not come to a common cultural definition, and certainly not a common financial definition, of privacy. When I say privacy what I mean is the authorized processing of personalized information according to fair principles. Now wrapped in that functional definition are all kinds of opinions and biases. So the right to be left alone is part of authorizing how information about you is stored and processed. And the commercial aspect of that has to do with who owns what data.
3C: Aren’t those lines blurred?
Dennedy: They’re more and more opaque to the individual. You don’t know who has access to information about you, who has made observations about you, or who is making statements that may impact you. Today it’s coming full circle. We’re starting to talk about what organizations need to do to prepare themselves for increasing demands in a multicultural world where people want to be assured that their data is being treated with respect.
3C: From the corporate perspective, what are some myths about online privacy that need to be addressed?
Dennedy: We think that because it’s cheap to buy the hardware to store information, and the processing power is exponentially cheaper than it once was, and we’re all carrying super computers in our pockets, that we can just grab information really quickly. We’ve devalued data and made it feel like it might be fast food. But the reality is, data is nourishment for our businesses.
And so if our businesses take the view that information is cheap, easy and worthless, they’ll treat information about their employees and customers as cheap, easy and worthless. And then you start to see cataclysmic levels of breaches because we’re not curating our information and treating it as if it’s an asset that’s worthy of curation.
3C: Cybercriminals have certainly figured out the value of stored data.
Dennedy: I love the word value. We as individuals believe in determining our own reputation, our own life story. But we also value building sustainable companies that have enough cash currency, as well as informational currency, to grow. … As we build out the Internet of Things, we should also think about building the Internet of Experiences. But you can’t build an Internet of Experiences unless you really build in privacy protections.
3C: Right now there are a lot of creepy experiences. Why do I need to turn over virtually everything on my phone to use an app to tune my ukulele?
Dennedy: So let’s take that ukulele app. It may be that by downloading all of your contacts, that app developer has a slightly higher chance of getting to a couple more people who happen to play the ukulele—if they pinged all of your contacts.
However, it’s inefficient and wasteful for them to probably creep out all of your friends when they do that. And what they’ve done is acquired more risks. If they were to lose your contacts, they’re going to have to pay for breach repair, and they’re going to have to deal with bad press.
And why do they need all of your data in the first place? The answer is, they don’t. Maybe they want stickiness for their app, or they want to resell their customers, who are devoted ukulele fans, to a larger company. They need to think through what they really want to know about you and how to get what they need in a way that delights the customer. Maybe do a survey.
3C: So business models built around users making informed choices about use of their personal data?
Dennedy. Owning and curating data is going to start being recognized as being expensive again. We’ve seen a lot of activity coming out of Europe. The Safe Harbor decision alone has really thrown the world into an uproar. And here in the U.S., having a misstep in privacy is no longer a small offense. If you mess up and the FTC catches you, that can cost you millions of dollars over 20 years.
Also the requirements to recover after a major breach are becoming prohibitively expensive. The notion once was ‘Data is cheap, we don’t really know what it’s for yet, but we might use it later, so we’ll store it as an uncurated asset.’
On a balance sheet, an uncurated asset is known as a liability. By its very nature you are not in control of an uncurated asset. We’re going to start to see more companies wake up and recognize that an uncurated asset equals a liability, while a curated asset equals opportunity.
More on privacy:
Without better data handling by privacy pros, cyber walls will do little good
Canada puts teeth into digital privacy law
Superzoom camera is amazing, but puts new lens on privacy