Now Available:

line

Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Rebecca.

« Business Leaders Take Note: $1 Million Civil Penalty Against Xanga.com Is Largest Ever for a COPPA Violation | Main | Employee Privacy and Common Sense »

Privacy Decisions Involve More Than Consideration of Personally Identifiable Information

There was a nice article in the 9/11 issue of Newsweek that points out that, even if there are no items considered as personally identifiable information (PII) being collected or publically disseminated or posted on websites, the collection and interpretation of non-PII could actually reveal the persons involved, thus revealing their private activities, "aspirations and dreams."

However, Google, Yahoo and others who aggregate similar indicate that

"the information extracted from studying the way individuals search has been crucial in raising the quality of search to its present level. "Our searches have improved dramatically because we have that data," says Alan Eustace, Google's senior vice president of engineering and research. Furthermore, they contend that without the information, they would be severely hobbled in further improving their products. "If you don't have such data, there would be significant compromise of the user experience in the future," says Prabhakar Raghavan, Yahoo's head of research." 

And, as the article points out, the government is also interested in the data...likely because it could point to specific individuals and groups as potential criminals and terrorists.

Does your company collect, aggregate, data mine and/or publicly post similar types of de-identified information to primarily improve your products or services?  Or, to enhance your marketing efforts?  If a secondary impact is that certain individuals' activities, likes and dislikes, and thoughts are revealed, would you be concerned?  Would your business leaders be concerned?  What if, as a result, their own aspirations and dreams were revealed...or those of their living or deceased loved ones?

Before you decide that, just because there is no specific law against doing so, that you are going to aggregate the electronic traces and movements of your customers, employees or consumers in order to improve your products or services, take a good hard look at what the ultimate consequences could be; both to the individuals and to your company if the public decides that you stepped over the line and took it upon yourself to eavesdrop into their lives just for the greater good of your bottom line revenues.

Technorati Tags






 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold on September 11, 2006 7:10 PM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-itcompliance.com/type/mt-tb.cgi/181

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Rebecca Herold's Bio:

Rebecca Herold,CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for over 18 years. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the 25 top privacy experts and on their list of the 9 best privacy consulting firms. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 11th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.