CNET también está disponible en español.

Ir a español

Don't show this again

Security

The new urgency to fix online privacy

Unlike Y2K, which was a nonevent, Internet attorney Eric Sinrod explains why the business world is mobilizing behind what it sees as a real threat.

    A decade ago, I started writing about online privacy issues. At the time, legal colleagues told me that while they found the topic interesting from an academic standpoint, it had no real world applications. They encouraged me instead to focus on "real" upcoming problems, like Y2K.

    Undeterred, I explained that there would come a time when good privacy translated into good business, and bad privacy meant horrible business. That time has arrived.

    Y2K came and went without much lasting effect. But privacy protection has become a real world industry of its own. Unfortunately, privacy and security breaches regularly occur these days. Indeed, the recently concluded meeting of the International Association of Privacy Professionals in San Francisco bore witness to just how important privacy issues have become to businesses, government, educational institutions, and of course, individuals.

    With hundreds of privacy and security professionals in attendance, the sponsor list included the expected roster of companies from the technology sector. But you also found companies from outside the tech world, like Chevron, and Deloitte, Ernst & Young, and PriceWaterhouseCoopers. The common theme: it's high time to find privacy solutions that really work.

    Privacy is like oxygen. You don't normally pay attention but when it is gone, the problem is immediate and real. So it was that the conference hosted numerous breakout sessions over the course of three days, ranging across issues that arise in financial services, marketing, health care, retail, government, human resources, children, higher education, international, and technology.

    As technology has advanced, the world has become smaller, and, frankly, more invasive, when it comes to the potential for revealing personally identifiable information without permission.

    When I first started writing about privacy issues, the world was familiar with the titles CEO and CFO, but there was no such thing as a "CPO." Here we are in 2007, and I found myself bumping into chief privacy officers all over the conference. These are the folks charged with developing workable privacy policies and practices for their respective companies.

    They have their work cut out. We all have read about security breaches that led to the disclosure of private details of thousands of people. This not only impacts the affected individuals, but it hurts the reputation, brand, and share price of the companies subject to the breaches. That's not to mention the possibility of government investigations, big penalties, and lousy press down the road.