How Facebook and Twitter are changing data privacy rules

Facebook and Twitter are reshaping user expectations for control over their personal data and causing companies to rethink how they treat customer and business data

CIOs think about privacy the way some people think about exercise: with a sigh and a sense of impending pain. Outside of regulated industries like health care--where patient privacy is paramount--privacy affects CIOs as a corollary of security when, say, a laptop holding millions of people's records is lost or hackers siphon off customer data.

"CIOs generally don't care about privacy," says Peter Milla, former CIO and chief privacy officer at Survey Sampling International (SSI). Milla says most CIOs either focus on technology, or regard privacy as outside their domain, the province of a chief privacy or chief security officer. He finds both attitudes wrongheaded. CIOs, Milla says, should "want to be ahead of the curve" on privacy.

The reasons, Milla adds, will become more obvious as business goes increasingly digital. Web 2.0 applications connect like Legos, creating opportunities for companies to gather incredible amounts of data. On social networks and blogs, people post vast amounts of information about themselves. Marketers, meanwhile, are developing ever-better tools to exploit information about what individuals do online. Companies routinely unlock sensitive data for business partners. As businesses enter into cloud computing, they will give custody of their data to service providers. These trends create the potential for unprecedented insight into people's behavior and open new ways to do business. But they also create challenging questions about privacy, questions for which the answers are unclear.

Milla says he recently worked to modify a request from a big-box retailer who wanted information about the people surveyed by his company on their behalf. "They were bewildered and frustrated that we wouldn't give it to them," says Milla. The retailer already collects plenty of data on its customers and didn't see what the problem was with a bit more. But Milla saw a breach of privacy, a contractual violation. If it leaked out that SSI shared personal data about its panelists, it could devastate its business.

Milla says the big-box retailer's attitude is endemic. Companies think the data they gather belongs to them. Not true, he says, but is he right?

The very question might strike CIOs as strange. Ten years ago, then-Sun Microsystems CEO Scott McNealy told us, "You have zero privacy anyway. Get over it." Since then, we collectively got in touch with our inner exhibitionist. People talk about their antidepressants on Facebook or post videos of themselves violating work policies on YouTube (two Domino's workers were fired for such a stunt). Teenagers are sending naked or semi-clad pictures of themselves over their cell phones.

But people also ask for photos or videos to be removed from social networking sites, says Deirdre Mulligan, a lawyer and former law professor who is now assistant professor at the University of California at Berkeley School of Information. Individuals and communities have balked at the way Google Maps' Street View exposes location information. Meanwhile, a 2008 Harris Interactive poll found that 60 percent of Americans were uneasy about having Web content customized for them based on their usage patterns.

Maybe privacy isn't dead. In fact, says Michael Blum, a partner at Fenwick & West and chair of the firm's privacy and information security practice, privacy should trigger all sorts of alarms for CIOs who must protect trade secrets, prevent security breaches or clean up after incidents that lead to bad public relations, lawsuits and expensive records repairs. It won't be long, Blum says, before some company has to deal with employees harassing each other in public via Facebook. Welcome to privacy 3.0.

Join the CSO newsletter!

Error: Please check your email address.

Tags internet privacydata privacytwitterFacebook

More about Amazon Web ServicesBT AustralasiaCato InstituteCDTEuropean CommissionFacebookFederal Trade CommissionFTCGoldmanGoogleHarris InteractiveMicrosoftMITPerkins CoieSun MicrosystemsSybase Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Michael Fitzgerald

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts