Privacy? What Privacy?
Business isn't just about building a better mousetrap. It's about finding out why people don't like mice and what they're willing to do about it. In the past, companies might have gathered consumers in a room to quiz them. Now they pay millions of dollars to collect, buy and analyze data about those consumers, to market the best mousetraps to the right customers.
And why not? People give up personal information in return for convenience. They hand over data about their Web activity for the chance to win a cruise. They let online game companies vacuum up personal tidbits from their Facebook accounts.
Equifax itself coaxes consumers to give up personal information online. A contest to win World Series tickets and $3,000 asked Facebook users to submit a photo and short essay on what they would do with the money.
Consumers share knowingly and unknowingly, through surveys, location-based services, searches, online resumes, photos, check boxes, check-ins, tweets and clicks. People have no time to read gobbledygook privacy policies; they simply click "I Agree."
"The majority of consumers have no clue about the breadth of the information about them, where their information is residing and who has access to it," says John Ulzheimer, president of The Ulzheimer Group, a credit reporting and identity-theft consultancy.
How the norms have shifted. Until the mid-1990s, the conventional wisdom about privacy protection was, in essence, that information collected for one purpose shouldn't be used for another. The idea is rooted in a 1973 federal guideline, "Code of Fair Information Practices," which advocated consumer control and consent as core principles.
After the Web opened up, we moved away from the notion of separating and guarding individual pieces of data to protect privacy. Now the prevailing goal seems to be to collect and combine nearly as much personal information as possible in the quest for profit.
There's a growing movement against that trend, though, that CIOs should monitor. What people don't like is when companies combine personal data to reveal more than any single piece of information can, says Lee Rainie, director of the Pew Research Center's Internet and American Life Project. "They are nervous, concerned that material might hurt them," he says.
Still, he notes, people fail to lock down their data out of ignorance or neglect, or sometimes because it's simply not possible.
To protect consumers from themselves and from overreaching companies, lawmakers are getting involved. In March, the Federal Trade Commission recommended that businesses make privacy protection their "default setting." Companies are asked to issue clearer explanations about what happens to consumer data and simplify the choices people are given for how their information is used. "Implementing these best practices will enhance trust and stimulate commerce," the FTC says. Congress, meanwhile, is writing "Do Not Track" and other privacy bills.
Sign up for CIO Asia eNewsletters.