CIOs think about privacy the way some people think about exercise: with a sigh and a sense of impending pain. Outside of regulated industries like health care--where patient privacy is paramount--privacy affects CIOs as a corollary of security when, say, a laptop holding millions of people's records is lost or hackers siphon off customer data.
"CIOs generally don't care about privacy," says Peter Milla, former CIO and chief privacy officer at Survey Sampling International (SSI). Milla says most CIOs either focus on technology, or regard privacy as outside their domain, the province of a chief privacy or chief security officer. He finds both attitudes wrongheaded. CIOs, Milla says, should "want to be ahead of the curve" on privacy.
The reasons, Milla adds, will become more obvious as business goes increasingly digital. Web 2.0 applications connect like Legos, creating opportunities for companies to gather incredible amounts of data. On social networks and blogs, people post vast amounts of information about themselves. Marketers, meanwhile, are developing ever-better tools to exploit information about what individuals do online. Companies routinely unlock sensitive data for business partners. As businesses enter into cloud computing, they will give custody of their data to service providers. These trends create the potential for unprecedented insight into people's behavior and open new ways to do business. But they also create challenging questions about privacy, questions for which the answers are unclear.