A blog post earlier this month at the New York Times suggests that the “era of big data” may force new regulations on U.S. enterprises that collect information about their customers. The writer does not speculate about how such new laws might look or what exactly they would regulate. The actual collection of data? The type of data? The sharing of data? The retention of data?
Certainly, rules about those sorts of issues are being applied in different parts of the world. Last year India passed a privacy law to protect an individual’s sensitive private data (SPD). Its rules, some say, go beyond even Europe’s tough privacy regulations. Malaysia, Philippines, and Singapore are all in various stages of developing and enforcing new legislation on a person’s right to protect their SPD.
For global organizations this patchwork of regulations is burdensome and expensive. But privacy laws themselves will not necessarily, as some have claimed, stifle innovation. For example, multinational firms manage to innovate and prosper while complying with myriad tax, environmental, contract, and other laws in scores of countries. And when the European Union created data retention and access laws in 2006 for communication service providers, IT met the challenge quickly.
In fact, that’s what IT excels at: creating systems that can apply, say, the right manufacturing taxes in one country, export and import tariffs from other nations, and the varying provincial and state retail taxes throughout its supply chain and distribution network. I don’t see why IT can’t excel and juggling different privacy laws.
That said, I favor the recent approach taken by the U.S. Federal Trade Commission, which issued its guidelines in the spring. Instead of using the legislative stick to compel companies to respect a person’s SPD, it is promoting the carrot of self-regulation so companies will reach out to consumers to explain their privacy policies, how they use SPD, and give them an easy method to opt out of having their SPD used.
Elsewhere, browsers, such as Firefox and Internet Explorer, have Do Not Track features built in; with Microsoft going so far in its next browser release to set Do Not Track as the default. And third-party tools to protect a person’s online activity from prying eyes are abundant.
I believe that consumers are very concerned about their SPD. But I’d argue they’re more concerned about it falling into unintended hands. That is, people who have good relationships with businesses are happy to share SPD with them because the services and goods they receive are improved in the process. But they want those companies to keep a tight lid on that information. They want bullet-proof security of their SPD. When security fails, that’s when their privacy concerns are heightened. If companies could protect their data 100 percent of the time, that is, if they never suffered a security breach, I’d wager privacy issues would all but disappear among the vast majority of consumers.