Food for Thought: A CIO's Personal Data Practices

Lora Bentley

Regulations like Sarbanes-Oxley and payment card industry standards (not to mention HIPAA and countless other laws) are in place to make sure companies do everything possible to protect the personal information of their customers. And CIOs spend much of their time -- if not all of it -- figuring out how the requirements in those standards, regulations and laws can be met, and then carrying out their plans.


So if CIOs make it their life's work to protect other people's data, why are they so cavalier about their own? It's an interesting question, and one I hadn't considered much before reading this account at


The columnist, identified only as The Naked CIO, contemplates this irony as he or she recounts the number of online transactions in a typical day in which personal information (address, phone number, e-mail address) is required. And that's before the credit card information is entered.


With a magazine subscription purchase, a music purchase, an order from a florist and six or seven other transactions, the personal information is required along with payment information. Does The Naked CIO hesitate? Of course not. Does the Naked CIO even think about how the vendors with which he or she is interacting will protect that personal information? Not really.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.