I had the pleasure last week of spending twodays at the annual IAPP Global Privacy Summit in Washington, DC (www.privacyassociation.org/summit). While I was initiallymotivated to go by my recent work on the intersection of socialmedia and financial services, I found a much broader range ofissues on the table, and a very diverse group of participants,including regulators, lawyers, retail merchants, consultants, andfinancial and healthcare practitioners. One of the perks of life asan analyst is the opportunity to genuinely stretch your brain oncein a while, and these two days offered plenty of mind-bendingrealizations.
Part of the stimulation came from the sheer “Jekyll and Hyde”simplicity of the privacy picture:
A. Consumer-facing businesses of all kinds can serve theirindividual customers better if they can more clearly understandboth individual wants and needs, and more broadly, aggregateconsumer wants and needs.
B. Consumers are effectively being stalked by data-gatheringbusinesses of all kinds, both online and in the information-basedphysical world, where data from multiple sources can all too easilybe combined to paint a clearer (or more invasive) picture.
For many of us attending the conference, examples of current”privacy” practices in some industries provoked both amazement andchills down the spine, nearly simultaneously. One has to admire thecreativity and power of the data-gathering application, but at thesame time, each of us as individuals cringed at the implications ofsuch potentially penetrating personal exposure. Every discussionabout regulations, compliance, disclosure, notice, and consenttakes on new importance when one realizes that one’s own futureprivacy is on the line.
One conference participant described the experience of trading inthe late model car (fully equipped with GPS and programmablehands-free phone) that he had had on lease for two years. Only attrade-in did he discover that his vehicle had no “reset” functionfor either of the data files supporting the GPS and the phone.Apparently, a data-clearing function had not been part of thedesign specs! To protect his personal contacts, he was forced tolaboriously “write over” each name and number with a string ofzeros and spaces; he could do nothing with the GPS.
We are witnessing the beginning of a new era in consumer-facinginformation technology. The concept of “Privacy By Design” willinform not only data handling and data retention standards, butwill also drive new initiatives in user interface research anddesign. Disclosures will have to be transformed from pages of legalfine print to multiple-choice options, clearly articulated.Businesses that want us, as consumers, to trust them with our datawill have to explain simply and transparently why they believe theyneed it, and how they will safeguard it.
Where were the bankers at this conference? Of 1,700+ attendees,approximately 50 were bankers, and just four banks with teamsattending accounted for 30 of those 50. Those who missed the “wakeup call” may soon be relying on the much larger numbers of lawyersand consultants.
