Privacy in a Digital World: It Takes Two to Tango Print PDF


Parham Eftekhari

 

Privacy in a Digital World:  It takes Two to Tango

Summary:  Both Consumers & Technology Providers are responsible for privacy.  In this month's blog I attempt to support my theory, as well as provide guidance on what each party should do if they are serious about protecting privacy.

Given the public outcry at the recent discovery that cell-phone providers collect data on GPS-enabled Smartphone users’ whereabouts, it is clear that privacy continues to be a highly sensitive topic for the American public.  Before I go any further, I want to be very clear that I was not pleased with what was reported and found it to be less than honest behavior.  I do not condone the practice which came to light this month and I do feel that companies have an obligation to fully disclose their data-collection practices to consumers.

However, I was not very surprised that this practice was taking place…  I mean, in a country where capitalism is king are we REALLY that surprised that companies were using this type information to make a buck?

What I found more interesting than what was happening was people’s reaction to the story and how surprised they were about it.  Didn’t we go through this a few years ago with the whole social-networking privacy debate?  Back then, people were shocked to learn that the private information, thoughts, and pictures they put on their profiles started to get into unwanted hands; and they immediately looked at someone ELSE to blame.  All of a sudden Facebook became public enemy No. 1.   Only after emotions had settled did people start to discuss the reality that exists in the privacy debate:  In an ever-connected world, ensuring privacy is the responsibility of BOTH the provider of a technology/service as well as the user.

Let’s face it:  we love our technology and the connectivity, convenience and ‘cool-factor’ they bring to our life, and no one is willing to give that up.  Just like Facebook did not go-away when social-networking privacy concerns were brought-up, this latest issue is not going to get anyone to stop checking-in on foursquare or using an app to find local movie-times and locations. 

So how can we address privacy concerns?  I think that everyone  - organizations & consumers – have a role to play.  Consumers who are quick to integrate new technologies/services in their life also need to stop and think about the possible consequences, do their homework, and then make a decision on what to do.   At the same time, agencies/companies need to be sure they are doing everything in their power to protect the privacy of the data users entrust with them.

I was fortunate enough recently to speak with a group of federal Chief Privacy Officers and Chief Information Security Officers on this very topic.  Below are some thoughts on  the responsibilities and challenges both parties need to deal with to maintain privacy integrity.

What Technology/Data OWNERS & SERVICE PROVIDERS must do to protect privacy of their clients:

 

  • Be upfront in your data collection & sharing practices. Enough said.
  • Increase Partnership between your IT and Privacy Offices.  As privacy becomes increasingly synonymous with technology, it is more important than ever that privacy and IT departments work closely to ensure that privacy is not an after-thought of a new IT investment or product launch, but that it is built into the design and architecture from day one.
  • Review your contractors privacy policies and be sure they align with yours.  As many organizations like the government move to outsource  applications, infrastructure and services, they must ensure that the technologies they procure meet their internal privacy requirements.  Contracts can and should be modified to include language on Privacy that includes real (read: monetary) consequences if the terms are broken.
  • Conduct Privacy Impact Assessments:  Spend time analyzing, testing and assessing the impact of activities and technologies on your employees/end-user privacy.  If you find the risk of a privacy breach to be at unacceptable levels, then something needs to change.
  • Develop Privacy Governance Models:  A privacy governance model should outline everything from your agency strategic plan regarding Privacy, identification of CPO and his/her role, your policy on Privacy, how to deal with contracted services, and privacy training and awareness.  A must have for anyone serious about privacy.
  • Give your Chief Privacy Officer real power:  Having a CPO is a great first step, but if he/she does not have the authority to influence / make decisions to uphold your organization’s Privacy guidelines the CPOs effectiveness is greatly diminished.

 

 What Technology USERS must do to protect their privacy:

 

  • Think before you post:  It is safe to assume that if you put it on the web, it will be seen by someone. (That goes for your location too!). If you want to keep it a secret, then don’t put it out there.  Even if you are completely on top of your security & privacy settings and every social contact you have, not putting something out there in the first place is still the only way to guarantee your privacy.
  • When in doubt, do your homework: If you are unsure about the privacy policies of a technology or service you are using, take the time to read the terms and conditions instead of just clicking “accept” and hoping for the best.  If you don’t, you really have no one to blame but yourself. 

 

 



[ Back ]
May 03, 2011 Posted by: Parham Eftekhari |
Trackback(0)
Comments (0)Add Comment
feedSubscribe to this comment's feed

Write comment

security code
Write the displayed characters


busy