10Meters News Report

March 12, 2001 – New wireless technologies are sparking broader concerns among privacy advocates, according to a new report, "Surviving the Privacy Revolution," from Forrester Research.

"Anyone who thinks the privacy issue has peaked is greatly mistaken," said Forrester analyst Jay Stanley. "We are in the early stages of a sweeping change in attitudes that will fuel years of political battles and put once-routine business practices under the microscope.''

Companies are facing mounting customer anxiety and a growing labyrinth of US and foreign regulation. To survive, they must institutionalize their commitment to protect and manage their customers' privacy by taking a comprehensive, whole-view approach to privacy, said Stanley.

Increasing the volatility of the privacy debate: new location-based services. Mobile devices extend the step-by-step tracking practices of the Internet to the monitoring of individuals' movements in the physical world. Only 6 percent of North Americans have a high level of trust in how Web sites handle their personally identifiable information (PII), and seven in eight express interest in legislation protecting Internet privacy, according to Forrester.

Existing legal protection of location-data privacy also falls short, further heightening consumer security concerns. While carriers tout support for federal regulation, they are pressing the FCC for a vague interpretation of "opt-in" that lets them secure consent in the fine print of larger documents like service agreements or on-screen "click-wrap" agreements. This obfuscation – and the FCC's likely partial support of it – only inflames consumers' privacy fears, said Stanley.

"Wireless is the next battle. Successive waves of new technology and the growing complexity of privacy regulations will keep the privacy issue from going away," added Stanley. "Privacy will become the main countervailing force against the Information Revolution and its radical effects on the free flow of data."

In response, companies must take a whole-view approach to privacy. First, firms must recognize privacy as a core business issue that, together with customer relationship management (CRM) strategy, dictates how customers are treated. Then, firms must conduct a top-to-bottom reassessment of their policies, practices, and exposure on the privacy issue. Included in the strategy:

• Companies must name a high-level person to orchestrate the effort to tackle the issue, a chief privacy officer (CPO). The CPO should be accountable on privacy issues, have a broad view on how the company operates, and have the clout to stop dangerous activities.

• Companies must then assemble an accurate and comprehensive picture of their existing information practices. This is the most onerous step toward a systematic approach to privacy. It requires a top-to-bottom assessment that reaches across divisions and business partnerships to document fully what information is being captured, how it is being used and secured, and how it complies with existing regulations.

• Once a company has charted its current information flows and areas of exposure, the next steps are to decide on a companywide privacy policy, and implement processes to maintain and enforce that policy on an ongoing basis. A company with a mediocre privacy policy is part of the pack today, but companies that endure the rigor of a top-to-bottom privacy transformation will increase their credibility across the board.