What happens when you ask the CIO at the U.S. State Department, the chief privacy officer at the U.S. Postal Service and a room full of security experts, lawyers and thought leaders to talk about privacy? You get a roller-coaster ride through one of the fastest-moving emotional landscapes in e-commerce today. You get a bit dizzy from the sheer number of political, legal, moral and cultural issues that go whizzing by. And you end up landing right at the heart of the complex human relationship with information technology.
At least that's what it felt like by the end of an evening last week in Washington, where I heard various experts discussing "Privacy and the Geography of the Mind" at a small gathering hosted by Guardent Inc., an information security consultancy in Waltham, Mass. With more than 20 privacy bills pending at the federal level and another 300 or so brewing in state legislatures, the buzz around privacy is bound to be deafening this year. Are you ready for the questions coming your way?
Now, some people will tell you that privacy is not really an IT issue. Ignore them. Privacy is so inextricably linked to infosecurity, there's no sense in talking about one without the other. As the ultimate defenders of the data, and as the builders of security systems, IT managers should be central to the crafting of privacy/security policies at their companies. But that's rarely the case. Zoe Strickland, CPO at the Postal Service, says very few companies have anyone serving as a "focal point for privacy and security." That missing connection means many companies end up with no privacy policies, no plans to implement one and no protective cover when sensitive customer information is hacked, stolen or compromised and the bad publicity begins.
Whatever privacy laws are passed this year, it's unlikely anyone can turn back the tide of data collection and data sharing. It's also a tricky business making value judgments about exactly what needs protecting, since one person's invasion of privacy is another's idea of a swell service.
So where can an IT leader make a difference? For starters, get the conversation going with the business side about how to build trusted, secure relationships with customers, clients or whoever matters most to your business. Make sure you're building choice into IT systems, so users regain a sense of control over their own data. Find ways to assure the integrity and accuracy of the data under your protection.
Take your seat on this roller coaster and hang on tight.
This story, "Securing Privacy" was originally published by Computerworld.