CMP Network Computing
Log In to Network Computing
   Techweb
 
Top 11 List Security Channel SpamOmeter Internet Threat Level
Live Lab Cams Storage Channel IT Pro Downloads Network Design Manual
 Site Map |  What's New |  Current Issue |  Past Issues |  Article Index |  Newsletters |  Content Feeds |  Subscribe
Welcome to Network Computing Networking News Product Reviews, Sneak Previews, Analysis Workshops, Primers, Tutorials Site Content According to Technology Covered Forums, Blogs, Opinions Site Tools for IT Professionals Centerfold Case Studies Interactive Buyer's Guides


IT Knowledge Made Simple
Stay on top of strategic IT infrastructure trends with our special IT StrategyCenter, powered by StudioOne Networks.
Regulatory Resource   Threat Intelligence      Resilient IT      Boardroom Strategies      
Regulatory Resource / Tactics

Protecting Consumers' Privacy

By Courtney Macavinta

In the past year alone, consumer confidence has been hit hard with news of significant breaches of personal data and financial information on file with leading companies. Bank of America announced that it lost computer data tapes containing data from 1.2 million customers. Retailer DSW Shoes disclosed that the credit card information from 1.4 million consumers had been stolen from a company database. Then there was ChoicePoint, one of the most publicized data-breach cases of the year. The data broker revealed that the private information from 157,000 customers had been exposed and exploited. After a Federal Trade Commission investigation, ChoicePoint, agreed to pay a total of $15 million in fines and penalties.

According to a Forrester Research 2005 survey of more than 5,000 consumers, 41% said they regularly review a Web site's privacy policy before making a purchase or providing personal information -- which is 5% more than the year before.

These days, analysts say that offering consumers top-notch data security is just good business. And it has even become a market differentiator in some industries, such as banking.

"We're seeing consistently greater interest by consumers about how their information is being used, and they want choices if they don't want their information used," says Robert Parker, a retired partner at Deloitte & Touche and author of an upcoming IT Governance Institute book on privacy, Information Risks: Whose Business Are They?

The 2006 Privacy Trust Study for Retail Banking by the Ponemon Institute found that a lack of consumer trust could particularly impact a bank's bottom line. According to the study, 68% of those surveyed said they would transfer their account to another bank if they did not have confidence in the bank's ability to secure their personal information. The study concluded that the keys to increasing consumer trust and confidence are: not sharing or selling personal data to other organizations, not using aggressive marketing tactics, and keeping consumers informed about the company's privacy practices.

"People are willing to have more complex passwords or security tools to ensure that the bank is giving them more security," says Larry Ponemon, founder of the Ponemon Institute. "People -- if they have a diminished trust -- are increasingly voting with their pocket books."

Putting privacy first
For CIOs, the pressure to better protect consumer data is not just coming from the desire to avoid bad press. A bevy of new laws not only mandate that organizations better safeguard data but that they publicly disclose to consumers if their data is ever compromised. For example, California Senate Bill 1386 requires that any company or individual who has customers in the state, or conducts any business in California, must notify consumers if their electronic records are stolen, lost, or otherwise compromised. Similar legislation has been introduced in Congress.

Privacy is no doubt one area in which organizations are better off providing more protections instead of taking the easier, less costly way out. Companies that advocate for customer privacy will be more successful in the long run than those that ignore consumer concerns.

"They are the 'chief information officer' so all the information the organization has about people is within their domain," Ponemon says. "And when data is breached, stolen, or lost, if CIOs don't respond well, consumers will hold them responsible."

To better protect customer data, experts say it's best to:

  • Adopt fair information collection policies Protecting consumer privacy is not just about increasing security but about abiding by fair information collection practices from the start. Parker advises that organizations adopt models such as the European Union data protection directive 95/46/EC, which, among other elements, requires consent to collect a consumer's data and only allows transmitting that data to organizations that uphold the same strong privacy standards based on the directive. The American Institute of Certified Public Accountants also developed a privacy framework with 10 principles, including limiting the use of personal information to the purposes identified in the organization's privacy notice, and protecting personal information against unauthorized access (both physical and digital).
  • Assess data protection practices Aside from understanding all the regulations that apply to their enterprise, CIOs also need to determine the system requirements to comply with data security laws -- from encrypting data to only maintaining certain information to providing consumers with choice. Next, Parker says, CIOs need to assess how their IT systems sync up with their privacy policy. For example, a customer relationship management system that builds profiles of customers without their knowledge might violate a company's policy.
  • Develop a response plan CIOs also need to develop a strong policy for responding to any possible breaches. They should assign privacy responsibilities within IT so that staff members understand their role as it relates to safeguarding personally identifiable information and customer databases.
  • Improve security and access controls Experts agree that safeguarding consumer data requires the use of strong encryption and authentication measures. "Information leaks out often because of an inside problem -- a malicious employee, social engineering, or mistakes," Ponemon says. "A CIO can stop these problems by having the right technological solution."

When someone is accessing data, protections need to be in place to ensure they are who they say they are -- whether the person is an employee or a customer. Parker suggests having a strong "challenge" system in place in which a customer has to answer a series of personalized questions to gain access to an account. On the employee side, ID management needs to be improved to track who's accessing data. For example, without proper authorization, a request to access a customer database should be blocked. Encryption also needs to be part of the privacy protection arsenal -- making sure data can't be deciphered if it's accessed by an unauthorized party.

Once CIOs proactively put a plan in place, and train staff properly, they will be better equipped to guard the privacy of consumers. In today's environment, that protection can help achieve business goals.

"CIOs are in the weakest position, if something goes wrong and they haven't addressed privacy within their own organization," Parker says.

Courtney Macavinta is a Silicon Valley-based business and technology writer. Her articles have appeared in CNET News, Business 2.0, Red Herring, Wired News, and The Washington Post.

IT Strategy Center is a daily editorial resource offering innovative insights and strategies for building an integrated, secure and resilient IT infrastructure.

Articles by Topic
Sectors
Law
Tactics
Related Content

Features

View More


Metrics

View More

Fast Fact

"We're seeing consistently greater interest by consumers about how their information is being used, and they want choices if they don't want their information used."

-- Robert Parker, a retired partner at Deloitte & Touche and author of Information Risks: Whose Business Are They?
Sponsor Tools

White Papers

View More


Resources
Podcast Audio Content

CIO Strategy Center is now available in audio format.

This week's feature topic is:


CIO Interview: CIO of Port of Portland, Michelle Gaines
Playtime: 7 min 59 sec



Download | Subscribe

Copyright © 2008 Studio One Networks. All rights reserved.
Advertisement
Site Navigation
Home | Article Index | Newsletters | RSS Feeds | Site Map | IT Tools | Reviews | Technologies | Workshops/Tutorials | News | Forums/Blogs/Opinion | Bookstore | Jobs | RFP/RFQs | White Papers | Audio | Downloads | Editors | Webmaster | Sales and Marketing | Magazine Media Kit | Online Media Kit | Events | Reprints | Editorial Calendar
Technology News and Opinion
Small Business Pipeline | IT Utility Pipeline | Business Intelligence Pipeline | Desktop Pipeline | Compliance Pipeline | Server Pipeline | Storage Pipeline | Security Pipline | Mobile Pipeline | Linux Pipeline | Advanced IP Pipeline
Companion Sites
Independent Testing Services | Network Magazine | IT Pro Downloads | UnixWorld | Interactive Buyer's Guide | InternetWeek | InformationWeek | Transform Magazine | Pipeline Technology Sites | Intelligent Enterprise | TechWeb | Shop-Marketplace.com



TechWeb is brought to you by CMP Media LLC, Copyright © 2004
Privacy Statement | Terms Of Service