Your privacy mistakes can easily become everyone's business. Here's how to keep your company--and your career--out of the spotlight.
Getting there isn't a mystery, even if it's hard work. The many failures have shown what needs to be done. Here are nine truths about privacy that companies must live.
It's A Strategy, Not Just A Policy
Facebook, the popular social networking site for students, thought it was offering its users a cool new feature when it introduced News Feed in September. News Feed automatically updates Facebook users about changes to the pages of people in their social networks, such as someone adding a friend or posting to a discussion group. CEO Mark Zuckerberg was unprepared for the howls of protest from Facebook users who, instead of seeing a new networking opportunity, saw the shadow of Big Brother. In an Internet posting on Sept. 5 prompted by an increasingly hostile user community, Zuckerberg defended the new product: "We didn't take away any privacy options. ... The privacy rules haven't changed." Zuckerberg was out of touch with his own community. In a posting three days later, he was forced to admit: "We really messed this one up." Facebook reworked News Feed, offering users new ways to control their personal data, such as the ability to nix the broadcast of specific updates and to remove the time stamp many found particularly onerous.
AOL apologized for the gaffe immediately after it was discovered ("This was a screwup, and we're angry and upset about it," a spokesman said), and there were career consequences: It fired the researchers responsible, and its chief technology officer resigned shortly afterward.
Privacy Laws Will Change--Often
"California puts privacy laws into effect every week," says Parry Aftab, only partly tongue- in-cheek. Aftab's a privacy lawyer and executive director of WiredSafety.org. "I can't stay on top of them," she says.
But you must. More than half the states have laws that require organizations to notify consumers if their personal data is involved in a security breach. At the federal level, several privacy bills are percolating through both houses of Congress, though the feds have shown no real urgency to act on those bills.
Smart companies don't just stay on top of privacy legislation, they also seek to influence it. Kirk Hareth, chief privacy officer for Nationwide Insurance, served as an industry lobbyist for several years in the 1990s. He helped draft HIPAA, the Health Insurance Portability and Accountability Act. Hareth keeps in touch with Nationwide's lobbyists to stay current with pending legislation.
Case in point: On Oct. 13, President Bush signed a bill, S. 2856, that includes a provision that requires financial institutions to make their privacy statements "comprehensible to consumers, with a clear format and design." The Federal Trade Commission has 180 days after enactment of the bill to develop the new privacy model and will seek input from financial institutions.
Nationwide's privacy statement already complies with the new regulation, Hareth says. "We've gotten ours to an eighth-grade reading level," he says. That's because California law requires that all public documents be written below a ninth-grade reading level, and insurance companies are regulated by the states. Dealing with federal and state regs is a constant juggling act. "You need to have time to do that reconciliation," Hareth says.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.
Join us for a roundup of the top stories on InformationWeek.com for the week of December 7, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program!