Futurists like me love maps. Not necessarily physical maps, but the collection of data points that can tell us where we have we been, where we are and where we're going. For many of my colleagues, the enterprise that's in the worst position is the one that has to ask "How did we get here?" That's bad, but I believe that "Where are we?" is even worse.
This is the beef I have with the privacy sphere of our industry. Most organizations don't know where they are in regard to privacy. Maps are not just navigation aids. They are thinking tools. Maps are mirrors that reflect how we think about something. In the case of privacy, the maps being used today shout that organizations have not thought long enough or hard enough about privacy. The privacy maps I have seen do not answer these three essential questions that maps should resolve: "Where have we been?" "Where are we now?" and "Where are we going?" I don't think privacy professionals are giving us the answers we need.
About seven years ago, I excoriated the privacy industry for not being on the map of key enterprise decision-makers. This shot across the bow did not elicit much of a response. Today I will up the oratorical ferocity by claiming that value-maximizing boards of directors are demanding privacy maps, but the cartography currently practiced by most privacy professionals falls far short of what is needed. It is time to remap the privacy space.
Maps are powerful tools for conveying meaning and guiding action. But bad maps convey false meaning and misguide our actions. Unfortunately, bad maps have a long history in IT. Who can forget the once almost universally held conceit that users were not smart enough to buy their own computers? Or the pantheon of now thankfully retired CIOs at name-brand enterprises who declared that PCs were toys? (I invite readers to email me their thoughts on bad IT maps.)
Privacy map makers need to ask themselves some basic questions. Reading the rich literature of cartography (see Rhumb Lines and Map Wars: A Social History of the Mercator Projection, by Mark Monmonier, and The New Nature of Maps: Essays in the History of Cartography, by J.B. Harley), one learns that the first question one should ask when examining a map is "For what purpose was this created?"
The privacy maps being created today are primarily prophylactic in purpose, designed to avoid lawsuits. This begs the question, " What role do chief privacy officers really play?"
In an economy driven by information and its use, doesn't it make sense to have a map depicting what we know about the customers, what the customers know we know about them, what we would like to know about the customers and what the customers would like us to know — or would let us know — about them? That map would be a good place to start.
Sign up for CIO Asia eNewsletters.