Privacy matters again, so you'd better prepare

Data breaches and mobile tracking have raised alarms; companies need to have a handle on user privacy or risk unwanted attention

Page 2 of 2

But consider this: A GPS manufacturer was found to be selling its customers' location and speed data to law enforcement so that police could set up better speed traps.

More alarming still, in the United States, thousands of government and private data sources -- including those I've mentioned -- can end up in a fusion center, set up by the feds in the name of fighting terrorism. Although this data collection is purportedly all legal and details are kept secret, it doesn't appear to be very American, falling under the area of unwarranted search and seizure (see epic.org for more information).

In short, people are feeling increasingly touchy about how their data and their very privacy is used and abused -- and companies are being taken to task to defend and improve practices that put users' data and privacy at risk. Microsoft (my full-time employer) is even careful to ask if it's all right to identify your Windows Media Player instance to media content providers you contact online before doing so, even if it is only to help people access the content they legally bought. Assume too much, and you could end up in a front page headline, testifying in front of Congress, or being sued.

If your company collects or stores other people's personal data, make sure your company has all its privacy components figured out. The best way to protect someone's privacy is not to collect his or her private information in the first place. The second best approach is to collect it when needed, while it's needed, and then erase it. The third best way is to store it, protect it well, then aggressively get rid of it as soon as possible.

Unfortunately, personal customer information is the lifeblood of many, if not most, companies today. The business model of collecting large amounts of personal information is their primary business model and it's not going away. If your company does this, has it awakened to the new reality? Does it have a CPO (chief privacy officer)? Is your company's privacy policy readily available and linked to every page on its public website? Does your company consider privacy as strongly as it does the rest of its security policies? Privacy needs to be a big, intentional part of any company's security design.

If you're in charge of your company's computer security, you need to ensure that privacy is a big part of that program. If not, tell the leaders a new wind is blowing. It takes only one minor miscommunication, one minor hack, to end up in the headlines, investigated by Congress, and in court.

This story, "Privacy matters again, so you'd better prepare," was originally published at InfoWorld.com. Keep up on the latest developments in network security and read more of Roger Grimes' Security Adviser blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.

To comment on this article and other InfoWorld content, visit InfoWorld's LinkedIn page, Facebook page and Twitter stream.
| 1 2 Page 2
From CIO: 8 Free Online Courses to Grow Your Tech Skills
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.