2014: Time to Rethink Privacy

Companies have to fully confront the privacy issues they face and rethink their policies from the bottom up

By Evan Schuman
Tue, December 31, 2013
Page 3

As the father of a teenage girl, I can tell you that teens do value privacy, but what they don't consider to be private is stunning. Social interactions (including the baby-making kind) are matters to be freely shared on social sites, as are mobile phone numbers. But bank account information and payment card activity are not things they want other people to know about. (Remember Blippy's? It was a site that let shoppers publicize what they purchased. Turns out almost no one wanted to do that.)

You have to understand your key groups: employees and customers. What does each group consider private? How much do they care about each area? Is there anything that would make them surrender that particular privacy? You're going to find out that different employees (and customers) have very different concerns.

Then you have to review all of your privacy policies. For your employees, this would include your ability to access all company emails and phone calls (and, presumably, texts and Twitter exchanges and any other communication mechanism). Do you really need that information? If you do, is there a less intrusive way of getting it? You might conclude that less intrusion could prove to be a useful recruiting/retention tool, especially for developers and engineers. Examine your culture and have that discussion -- in a 2014 context -- with senior management.

3. Subpoenas and search warrants

An email vendor called Lavabit was a small player in the aftermath of Edward Snowden's revelations about the National Security Agency. When hit with a court order to turn over encryption keys, the company complied -- sort of. It delivered an 11-page printout in four-point type. Prosecutors complained, saying that the printout was illegible.

"To make use of these keys, the FBI would have to manually input all 2,560 characters, and one incorrect keystroke in this laborious process would render the FBI collection system incapable of collecting decrypted data," prosecutors wrote, according to Wired. The court eventually forced Lavabit to give the government the key in an electronic form. Lavabit then took an unusual move: It told its customers that it could no longer protect such communications and then shut down the service to prevent any more of its customers from unintentionally sharing data with government investigators.

Lavabit deserves credit for being true to its marketing message: that it cared about securing customer data. Principle trumped profit. This example raises the question: Should businesses decide where they will draw the line on legal requests and then publicize that decision as part of their privacy policy? Would such a move make for good public relations?

Continue Reading

Originally published on www.computerworld.com. Click here to read the original story.
Our Commenting Policies