Privacy? What Privacy?
Business isn't just about building a better mousetrap. It's about finding out why people don't like mice and what they're willing to do about it. In the past, companies might have gathered consumers in a room to quiz them. Now they pay millions of dollars to collect, buy and analyse data about those consumers, to market the best mousetraps to the right customers.
And why not? People give up personal information in return for convenience. They hand over data about their Web activity for the chance to win a cruise. They let online game companies vacuum up personal titbits from their Facebook accounts.
Consumers share knowingly and unknowingly, through surveys, location-based services, searches, online resumes, photos, check boxes, check-ins, tweets and clicks. People have no time to read gobbledygook privacy policies; they simply click "I Agree."
"The majority of consumers have no clue about the breadth of the information about them, where their information is residing and who has access to it," said John Ulzheimer, president of consumer education at SmartCredit.com, which offers consumers credit scores, identity protection and credit-monitoring services.
How the norms have shifted. Until the mid-1990s, the conventional wisdom about privacy protection was, in essence, that information collected for one purpose shouldn't be used for another. The idea is rooted in a 1973 federal guideline, "Code of Fair Information Practices," which advocated consumer control and consent as core principles.
After the Web opened up, we moved away from the notion of separating and guarding individual pieces of data to protect privacy. Now the prevailing goal seems to be to collect and combine nearly as much personal information as possible in the quest for profit.
There's a growing movement against that trend, though, that CIOs should monitor. What people don't like is when companies combine personal data to reveal more than any single piece of information can, said Lee Rainie, director of the Pew Research Centre's Internet and American Life Project. "They are nervous, concerned that material might hurt them," he said.
Still, he noted that people fail to lock down their data out of ignorance or neglect, or sometimes because it's simply not possible.
To protect consumers from themselves and from overreaching companies, lawmakers are getting involved. In March, the Federal Trade Commission recommended that businesses make privacy protection their "default setting." Companies are asked to issue clearer explanations about what happens to consumer data and simplify the choices people are given for how their information is used. "Implementing these best practices will enhance trust and stimulate commerce," the FTC says. Congress, meanwhile, is writing "Do Not Track" and other privacy bills.
For now, as data-based products grow more profitable, the boundaries consist of regulations, laws and the judgment of companies policing themselves.
Sign up for CIO Asia eNewsletters.