Data Privacy: Oxymoron, Wishful Thinking, or Strategic Goal?

Friday, February 03, 2012

Brian Dean

Ebbcdce0dfc85abf519d8b44a017f687

Data Privacy Day was January 28, an internationally recognized day whose purpose is to raise awareness of data privacy and promote data privacy education. It currently is held in the U.S., Canada, and 27 European countries.

In light of this effort, let’s examine the topic of data privacy:  Why it’s important, what consumers aren’t doing right, and what businesses must start doing better.

Recently another seven new breaches were made public (1).  A recent study places lost personal records at over 806 million between 2005 and 2010 (2), and another 32.3 million since then (1). 

What does this mean for consumers?  What does this mean for businesses?  The much over-quoted, then Sun co-founder and CEO Scott McNealy opines:  “You have zero privacy anyway.  Get over it.”

Consumers are desensitized to breaches, as evidenced by the meager response rate of consumers applying for free credit monitoring services after a company breaches their personal information. If you analyze the data that was breached, sometimes you have to ask, “Why are they even collecting all of that data?” 

The types of data collected often are articulated in corporate privacy policies, but few consumers bother to read Privacy Policies to better understand what companies collect.  If consumers don’t demand better safeguarding of their personal information, businesses have little incentive to invest resources in protecting it!

As businesses decide how to leverage their information assets, including the terabytes of consumer data, the privacy trend is growing increasingly unfavorable!  Google, for example, is combining some 60 Privacy Policies. 

Google probably was counting on no one reading their new Privacy Policy.  Also recall the April Fool’s Day prank by Game-Station which added an “immortal soul clause” to their privacy policy - a clause thousands of customers unwittingly agreed to!  Why can’t those lengthy, arcane privacy policies be written in succinct, plain English?

A paradigm shift is needed.  Businesses must do three things:

• Collect less personal information

• Do a better job securing that information

• Better explain, in plain English, what they collect and what they do with the data collected

But consumers are not devoid of responsibility. Consumers need to read privacy policies and make cognitive decisions as to which companies they wish to do business with.

We all need to take an active role in privacy, ot last Saturday was just an oxymoron and just wishful thinking. Maybe Scott McNealy was right.

Brian Dean is a former Senior Vice President, Chief Privacy Officer, HIPAA Officer, and GLBA Officer for one of the nation’s largest financial institutions.  He now is the Privacy Officer for SecureState and provides consulting services to the banking, healthcare, and other industries in the area of privacy.  For more information contact Brian at www.SecureState.com

1.Privacyrightsclearinghouse.com

2.The Leaking Vault 2011, Six Years of Data Breaches,  Suzanne Widup, August 2011

Possibly Related Articles:
11192
Breaches
Information Security
Data Loss Policy breaches Privacy Security Strategies Security Awareness internet International Data Privacy Day Consumers Merchants Brian Dean Scott McNealy Data Collection
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.