SiS Logo

My Digital Identity

Sharp Perspectives on Identity, Security, and Privacy

The Privacy Payoff

Privacy Payoff Book Review

With the current news of Facebook’s IPO it is good to review selected chapters from a classic text on the importance of privacy by Ann Cavoukian the Information and Privacy Commissioner of Ontario. Don Tapscott in the forward provides a reminder of the digital shadow that results from data generated from everything we do through digital devices and networks. Bruce Schneier recently identified data privacy as a key item that we will be judged on in dealing with the digital age much like how the industrial age is judged on how pollution has been handled.

Ecommerce and Privacy Roots

How much more growth would there be in ecommerce if people had more trust that their private data would be protected?

Earthlink is used as a primary example of using privacy as a differentiator to win and keep customers and achieve the privacy payoff. Good to see that the business is still doing well but don’t see references to privacy highlighted as a priority (last references seem to be from 2000-2005).

Parallels are drawn in the book between privacy and environmentalism which beg the question if interest can be sustained to deal with these long term issues.

Privacy as a Business Imperative

In addition to a cost benefit analysis this chapter highlights the importance of privacy impact and risk assessments, policies, audits, and training.

We Didn’t Mean It and Why Consumers are Worried

There is very real fear and uneasiness about the amount of automated surveillance that is happening even though most people have only a vague understanding of the types of surveillance that affect them everyday.

The Impact on Marketing

The impact of privacy protection on targeted marketing is a good topic as it gets right to the root of the tradeoffs while showing that with proper knowledge and execution it is possible to meet requirements in both areas. They can also be complementary as in the issue of identity management which promotes the protection of true identities or personas instead of users dealing with privacy issues by providing fake or incorrect information.

Privacy Through Technology

As information technology is rapidly advancing there is some coverage of Privacy Enabling Technologies (PETs) and Security Technologies Enabling Privacy (STEPs). Since new technologies enable capabilities that are a threat to privacy, proper system design involves using technologies to also protect and enhance privacy. As a former PKI product manager I appreciate at least the cursory coverage of encryption and other fundamental technologies but the treatment shows its age by not covering the layering and sophistication as hybrid technology mashups have evolved.

Summary

While the Privacy Payoff book is now 10 years old the authors did well to anticipate evolving issues and provide guidelines for advancing privacy capabilities. Mostly the principles and issues have not changed and not surprisingly where the book most requires an update is how new technology affects the issues and solutions. I would like to see an update to address the topics of social networks and software agents (e.g. Siri conversational interface). The impact of social networks is obvious and the artificial intelligence of social agents directed by individual preferences and policies will be a very interesting development as properly controled automation of privacy decisions is critically needed.