Protecting privacy

New technology brings new challenges, especially when it comes to privacy. In the old days, it seemed easier to keep personal financial and identity information secret. If a company had information about its clients, it could be kept locked away in an area guarded by fences and dogs.

Few companies today can exercise that kind of discretion. In a world of interconnected databases, worldwide computer networks, and billions of transactions taking place every second, how can confidentiality be preserved? And how can an enterprise live up to expectations of security and mandates to preserve the privacy of the data it holds on millions of customers?

Enterprises, too, must worry about more than direct financial impact. In the past, companies thought that insurance policies could protect the enterprise from financial jolts due to loss of data - but now these entities are faced also with loss of reputation, which insurance cannot effectively protect.

"How do you prevent your enterprise from having reputation damage or loss of consumer confidence because of data breaches or bad privacy practices? These bleed together," says Mark Cohn, vice president of enterprise security at Unisys.

One of the reasons so much data is captured, seemingly at every turn, is that having it online makes it much less expensive for enterprises to interact with customers. That is, usually -- to the enterprise - the drivers are cheaper information provision and even cheaper data capture.

"Going from face-to-face tellers, to ATM, to internet banking - each one of those steps reduces cost by an order of magnitude," says Cohn. "But if there are problems because of data breaches or other factors, then cost could actually go up."

Ideally, if privacy can be thought of as hiding information about one's self, then the sharing of that information should be selective and controlled. And consumers are increasingly aware of the consequences of having their personal information widely and readily available. Many fear providing it unless they see a real benefit.

"Privacy concerns to a significant number of people are major factors in whether they are comfortable with a consumer-facing website," says Cohn. "As companies try to reduce costs by moving more operations to automation, the consumers' willingness to go along determines whether the companies can get the benefits they would like."

Thus, privacy may be voluntarily sacrificed, normally in exchange for perceived benefits. Cohn pointed out that in Unisys surveys, people say they are willing to provide personal information if it streamlines their interactions and provides some kind of benefit.

"You have to associate providing personal information with a specific benefit for that interaction. And you want to provide an assurance of what the information will be used for, and that the user will have control over whether it will be used for other purposes," Cohn says.

Compliance issues

Another factor in trying to protect privacy is how best to comply with regulations set up to protect personal identifiable information.

It doesn't help that much of the data about people is sliced and diced, mined or even sold to third parties. Such information could potentially be used for purposes not known to the individual providing the information.