Data privacy: The IT "elephant in the room"

Information privacy continues to be a topic of hot debate. Some have argued that privacy for the social networking generation is a thing of the past, so we may as well get used to it. Others argue that privacy is a basic right that must never be ignored. However, today’s expectations appear to be much more subtly differentiated.

Consumers are becoming more aware of the value of their personal data. They will trade personal information for real or perceived benefit, but will punish a company relentlessly if it is perceived to have managed their information poorly.

These views come into sharpest focus when applied to government information.

Governments have a privileged position in the community, because they have significant legislative powers to compel people to hand over personal information. Governments therefore need to meet a higher standard of information privacy to maintain the trust of the community. Against this background, government CIOs will need to take special care with information privacy.

There is no place for technology adventurism when it comes to data privacy.

The privacy debate on overdrive

Data privacy has always featured on the management radar. However, today there is increased sensitivity about the need for data privacy, and it has come from the unlikeliest of places. Edward Snowden’s leaks about internet interceptions and mobile phone tapping have raised the ongoing debate to a new level.

As the perpetrator of these leaks, the justice system will ultimately need to deal with these actions. However, notwithstanding this, the tapping allegations have struck a raw nerve in parts of the community and have substantially repositioned the privacy debate.

Something subtle but significant has changed in community attitudes about information privacy. Developments in mobile technology and social networking have turned personal information into a tradable commodity, but consumers are also becoming more aware of the underlying value of their personal information. While some may part with their information willingly, others are taking even greater care – guarding rights to personal information as they would treat any other asset.

Government managers need to weigh up the long-term impact for government policy, and for the advice provided to their ministers. These concerns were supported recently by the World Economic Forum in its assessment – Global Risks 2014. The report is produced annually and delivers a high-level assessment of world economic risks. This year, the report commented on concerns that recent events may threaten community confidence in the government sector as a trusted manager of private information.

Citizens have a right to data privacy

National security agencies have been given wide powers, and so they should. These agencies play a key role in the frontline national defense for any country. However, even national security agencies cannot operate within a bubble, separate from the broader national interest and changing community expectations.

This is why arguments like “if you have nothing to hide, you have nothing to fear” do little to address community concerns.

Many countries have some sort of privacy legislation that outlines basic privacy principles, as well as legislation to govern the activities of each particular agency. Over time, this legislation has typically become increasingly focused on the challenges of electronic information privacy. However, legislation will inevitably lag behind developments in technology, and there is a growing need for a stronger focus on principle-based guidance, coupled with effective independent oversight.

"Just Say No"

There is a piece of longstanding advice, commonly called “the sunlight test”, usually given to rookie policy advisors. Essentially the advice says that if you can’t figure out how you might explain your proposed actions if called to account, then don’t undertake that action. In a democracy, there are checks and balances, and accountability will eventually catch up.

A savvy policy advisor should always think through the potential downside implications of their proposed actions, particularly if these actions are likely to embarrass their minister.

Against this background, it is puzzling that some governments initially handled eavesdropping allegations so awkwardly. Initial explanations were based on the proposition that “everybody is doing it, so why worry?” This response fails the sunlight test and merely underlines the political ineffectiveness of such a response.

Damage control

Privacy and security are at the heart of much of what the IT industry does. Today, mobile and social technologies are offering new opportunities and Big Data has opened up possibilities for understanding clients in new ways. Damage to community confidence could have a negative impact on the IT industry at large.

Industry leaders have been quick to understand the potential implications, and are taking this issue very seriously. For example, a Microsoft blog, by Brad Smith, General Counsel & Executive Vice President Legal and Corporate Affairs, stated: “Like many others, we are especially alarmed by recent allegations in the press of a broader and concerted effort by some governments to circumvent online security measures. If true, these efforts threaten to seriously undermine confidence in the security and privacy of online communications. Indeed, government snooping potentially now constitutes an ‘advanced persistent threat,’ alongside sophisticated malware and cyber-attacks.”

Facebook’s Mark Zuckerberg added his perspective in a post on the Facebook site in March 2014: “When our engineers work tirelessly to improve security, we imagine we’re protecting you against criminals, not our own government.”

There is no doubt that governments have suffered reputational damage from recent world events, and it will take long-term efforts to rebuild that confidence. In the wake of these problems, it would be unwise for any government manager to be associated with further privacy breaches without carefully weighing up the potential downside implications.

Kevin Noonan is a Research Director in Ovum’s Australian government practice. This post was first published on Ovum's StraightTalk, republished with permission.