Thornton May: Your privacy map is probably wrong

Futurists like me love maps. Not necessarily physical maps, but the collection of data points that can tell us where we have we been, where we are and where we're going. For many of my colleagues, the enterprise that's in the worst position is the one that has to ask "How did we get here?" That's bad, but I believe that "Where are we?" is even worse.

This is the beef I have with the privacy sphere of our industry. Most organizations don't know where they are in regard to privacy. Maps are not just navigation aids. They are thinking tools. Maps are mirrors that reflect how we think about something. In the case of privacy, the maps being used today shout that organizations have not thought long enough or hard enough about privacy. The privacy maps I have seen do not answer these three essential questions that maps should resolve: "Where have we been?" "Where are we now?" and "Where are we going?" I don't think privacy professionals are giving us the answers we need.

About seven years ago, I excoriated the privacy industry for not being on the map of key enterprise decision-makers. This shot across the bow did not elicit much of a response. Today I will up the oratorical ferocity by claiming that value-maximizing boards of directors are demanding privacy maps, but the cartography currently practiced by most privacy professionals falls far short of what is needed. It is time to remap the privacy space.

Maps are powerful tools for conveying meaning and guiding action. But bad maps convey false meaning and misguide our actions. Unfortunately, bad maps have a long history in IT. Who can forget the once almost universally held conceit that users were not smart enough to buy their own computers? Or the pantheon of now thankfully retired CIOs at name-brand enterprises who declared that PCs were toys? (I invite readers to email me their thoughts on bad IT maps.)

Privacy map makers need to ask themselves some basic questions. Reading the rich literature of cartography (see Rhumb Lines and Map Wars: A Social History of the Mercator Projection, by Mark Monmonier, and The New Nature of Maps: Essays in the History of Cartography, by J.B. Harley), one learns that the first question one should ask when examining a map is "For what purpose was this created?"

The privacy maps being created today are primarily prophylactic in purpose, designed to avoid lawsuits. This begs the question, " What role do chief privacy officers really play?"

In an economy driven by information and its use, doesn't it make sense to have a map depicting what we know about the customers, what the customers know we know about them, what we would like to know about the customers and what the customers would like us to know -- or would let us know -- about them? That map would be a good place to start.

Thornton A. May is author of The New Know: Innovation Powered by Analytics and executive director of the IT Leadership Academy at Florida State College in Jacksonville. You can contact him at or follow him on Twitter ( @deanitla).

Read more about management in Computerworld's Management Topic Center.

Join the CSO newsletter!

Error: Please check your email address.

Tags managementNetworkingsecurityprivacy

More about MercatorTopic

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Thornton A. May

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts