Privacy on parade

• Tags:
• Privacy,
• Data Protection,
• Compliance,
• Law

Leader ZDNet.co.uk

Published: 03 Jul 2006 14:30 BST

• 
• 
• 
• 
• 

Data protection is ever more important to us. We trust companies and government agencies to keep our particulars private — although that trust is frequently misplaced. Life savings and reputations can be lost in seconds through breaches in privacy, and there's no shortage of reports of such things happening on an ever wider scale. Identity theft is now so widespread, the Government says, that it justifies the ID card project, a database of unparalleled reach and power. Yet if the situation is so desperate, how is it that companies in breach of their responsibilities see so few repercussions?

Corporations have a moral and legal requirement to safeguard our information, a requirement that is frequently and publicly not met. But the impact on share price is minimal and of short duration, and since that's the sole determination of executive culpability, no heads ever roll.

One solution is to create personal liability, perhaps at board level, reflecting the personal suffering felt by those whose privacy is lost. Although that has a certain Old Testament sense of appropriate retribution, the lesson from other examples of strict personal liability, such as the American medical profession, is not encouraging. That way lies sclerosis in decision making, enormous insurance premiums and the feeding and care of lawyers — little of which encourages a better service for the customer. And like many regulatory approaches, it only solves the problem after the damage is done.

A much better approach is openness. Any company that holds personal data should be open to audit, or better still encouraged to publish their privacy provisions. This should be inherent in compliance legislation, but that field is notoriously opaque even to professionals — it has no role in promoting public knowledge of the quality of a company. It is worrying when a laptop stuffed with personal information is stolen, but more worrying that there is no way to compel revelation of why such a situation came about in the first place.

If a company's privacy mechanisms are faulty and seen to be faulty, then action will be taken before a security breach occurs — and if it isn't, then the company will be open to public condemnation that will aid its competitors and provide a constant downward pressure on its share price. To return to the medical analogy, acute problems can be fixed and forgotten, but chronic disease requires constant attention. We must make privacy a chronic problem for those who would cutely avoid it.

 

• 
• 
• 
• 

• Share this article:
• Digg
• Slashdot
• Del.ici.ous
• Stumble
• Reddit

• Most Recent
• Most Popular
• Most Discussed