Data Privacy Roundup: From Self-Policing to Regulation and Litigation
Part 3 in an ongoing series on data privacy.
Many pundits in this space have predicted that 2011 will be the year of data privacy. Certainly, there have been a flurry of posts and articles on the state of privacy over the past few months and if you’re like me, you’ve watched the Internet community have an impact on how companies are behaving. For example:
- Goldman Sachs pulled its Facebook shares to U.S. clients due to intense media scrutiny on the deal that made the SEC sit up and pay a bit more attention. For an entertaining, yet sobering, take on the original Facebook offering, check out Robert Cringely’s “50 billion reasons why Facebook is not worth $50 billion.”
- Facebook removes developer access to user addresses and phone numbers. Yes, as reported in ReadWriteWeb, Facebook announced on its developer blog that it would make users’ addresses and mobile phones numbers accessible as part of its User Graph object. There was just one small problem: it was far too easy for Facebook users to allow access to this information without realizing it. After a couple of days of Internet fuming (really and as far as I am concerned, this is a good thing), Facebook wisely decided to take that access away.
Now, as an aside, Facebook certainly has had its share of privacy issues in 2010 and 2011. My sister (an avid, non-techie reader of this blog and a Facebook user) asked me whether I thought that they simply did not care about privacy. I am not sure, but if you read Skype Manager Yee Lee’s post on “How Facebook Ships Code” one could argue that the way in which the organization is set up certainly lends itself to some of the privacy problems that have arisen. What Facebook really needs is a Data Privacy Czar (yes, I said it) who sets up, reviews, and enforces privacy guidelines with the development organization so that the user community does not have to yell so much.
Did you know that privacy policies are dead? That’s what Fran Maier, president of TrustE says. This is a great post on where we may be going with regards to protecting our privacy. Maier sees it this way:
“There is a place for government and regulation in all of this she says, because there are bad actors in the world. Her hope is that the governments will focus on the bad actors and allow tech innovation, and self-regulation and this system of transparency & accountability and choice to really grow and foster, so that it doesn’t shut down the promise of information sharing.”
For an eye opening rundown of what happened in 2010 with regards to data security, privacy, and the law, be sure to check out The Information Law Group’s post on what could be the tipping point for more state and federal regulations. From “flash cookies” to mobile online tracking to history sniffing to deep packet inspection to the Facebook-Zynga-Rapleaf and Apple iPhone/iPad privacy lawsuits, it’s all here. And when you see it all together in one definitive summary, it’s really quite something!
I am going to leave you with this great quote from the post because it applies to all of us who inhabit the big data analytics space:
“At this stage companies that handle personal information, especially those that provide online behavioral advertising services, and those that purchase such services or participate in behavioral advertising, should consider an audit and risk assessment of their policies, processes and activities in order to reduce privacy-related legal risks. In fact, it is likely that some companies are not even aware that they are participating in online advertising networks that track users, or if they are aware they may not understand how their providers collect and use personal information. Preparation on privacy and security issues ahead of time is key in order to reduce risk and increase the likelihood of a favorable outcome should an organization find itself in a lawsuit. Moreover, if a lawsuit arises, understanding the substantive privacy issues that it raises is crucial. Again, we have blinked, and the privacy and security legal landscape looks very different.”
I’ll say it again: maybe every company needs a Data Privacy Czar! Or at least someone who is in charge of creating, supporting, and enforcing data privacy policies so that we don’t have to yell in disbelief every time a privacy infringement is discovered.
When it comes to privacy, how do you think we should police ourselves?