Last week I asked a handful of people to tell me whether they think privacy is alive or dead. As I mentioned Monday, the responses varied widely, with the majority coming down somewhere in the middle. Essentially they determined that we have as much privacy as we want to have. It's a matter of deciding what and how much we're willing to disclose, and then doing the work required to keep the rest private.
But what does that work involve? And where do businesses come in? Some of the people I talked to offered insight on that particular issues as well. For instance, IDTheftSecurity.com's CEO, Robert Siciliano, didn't mince words. "Privacy advocates are a dying breed," he said. In his view, "Privacy is an illusion." What's out there about us is out there. There's no getting it back. What people should really be concerned about, he said, is security. (That's probably why he's built his business around security services and not privacy advocacy, I'd imagine. But I digress.)
Slavik Markovich, the CTO of Sentrigo, shares Siciliano's viewpoint. He explains:
Online privacy is dead, but the ramifications of that have yet to be felt. Too many people, have shared way too much personal information, demonstrating that they simply don't value privacy online...While the security vendors are putting in place systems to minimize vulnerability from hackers, and breach notification laws require companies to disclose when customer data has been compromised, we can't save people from themselves.
But if you want to try to save yourself and still have an active "life" online, the security vendors do have much to offer. Representatives of quite a few security vendors were among those who responded to my spontaneous, unscientific poll. Take for example, Ty Huelle, at MaskYourCard.com. Huelle says online privacy is still intact, but offline privacy is threatened because so many merchants who take payment cards don't mask the number on receipts and other records. He is attempting to capitalize on that gap in security by providing a service that will allow customers to use their payment cards without putting their card numbers out there.
Other companies that handle personally identifiable information are also compelled to abide by a variety of different regulations to ensure that consumer information is secured. In addition to the PCI Data Security Standard mentioned by Huelle, financial services firms must abide by Gramm-Leach-Bliley and health care providers and their business associates must comply with the Health Insurance Portability and Accountabilty Act, just to name a few.
Jason Mark Anderman, an adjunct professor at Seton Hall University School of Law, noted that health information is perhaps the most at risk. He said:
When it comes to your personal health information, online privacy is alive and dead. It's alive in the sense that Presidents Clinton, Bush and Obama have all issued laws or regulations protecting your personal information. However, these rules are incredibly complex and elaborate, so many doctors offices simply ignore them, and hardly anyone has ever been penalized despite tens of thousands of complaints.
The lesson to be learned then, is that consumers must make use of the security tools available to protect their information at the same time that businesses must use the tools necessary to comply with the various privacy laws and regulations to which they are subject.