It's time to take privacy seriously

It's time to take privacy seriously

DO you know where your customers' data is tonight? And what you're doing with it?

Data privacy woes are rampant. Every week, we hear about another debacle or encroachment on what should be a private sphere. And regular folks are getting angrier by the day.

IT, albeit reluctantly, is at the heart of the problem. But IT must also insist on being part of the solution.

Missteps are increasingly easier to make. One reason is the offshoring trend. Last year, for example, a medical transcriptionist in Pakistan threatened to release U.S. patients' data if his demands for higher payments weren't met. The U.S.-based company that farmed out the work later told the San Francisco Chronicle that its business had been hit hard by fallout from the disclosure - perhaps a fitting outcome.

Although it's not clear how much private data is now being sent overseas, there's no doubt that the amount is growing. And companies that don't exert the strongest controls over the information they send offshore are opening themselves up not just to financial trouble but also to a massive and well-deserved backlash.

IT departments can't control a transcriptionist making demands halfway around the world. But they can avoid preventable stupidity.

As The Washington Post reported in February, it's astonishingly easy to do a search on Google and other popular search engines and find Social Security numbers and other data that companies, universities and even government agencies have put on unprotected servers. Google isn't responsible for preventing these lapses; the careless data managers are.

Plugging such holes is simple compared with fixing some other security risks. "Phishing" attacks - where unsuspecting consumers fork over credit card numbers and other personal information on bogus Web sites that look like the real thing -- are all too common. Companies can't stop the creation of rogue sites, but they can communicate better with customers about how to avoid being victims.

A chorus of complaints met last year's California law mandating disclosure to consumers of serious breaches of corporate databases. But I maintain that the law did businesses a favour by forcing them to work harder to keep data secure and encouraging them to set up crisis plans in the event that hackers get through their firewalls.

It's routine to assume that garnering more data is better. The ability to store everything under the sun is growing along with disk space. If your company sells widgets that end up in consumers' homes and you plan to put radio frequency identification tags on these goods to help make the supply chain more efficient, that's great. But you should be planning now to make sure the tags stop working when they leave the store, because people like me will shout from the rooftops if you don't.

No matter how much data you collect, IT staffs should convince CIOs - who in turn should convince CEOs - that it's far better to build more protection into databases early than to attempt to bolt it on later. And they should convince them to support stronger pro-privacy laws while they're at it.

I can promise this: As identity theft soars, personal medical histories escape and cause all kinds of trouble, and privacy violations become more and more horrific, the public will start demanding some scalps.

Dan Gillmor is technology columnist at the San Jose Mercury News. Contact him at

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.



How MSPs can capitalise on integrating AI into existing services

How MSPs can capitalise on integrating AI into existing services

​Given the pace of change, scale of digitalisation and evolution of generative AI, partners must get ahead of the trends to capture the best use of innovative AI solutions to develop new service opportunities. For MSPs, integrating AI capabilities into existing service portfolios can unlock enhancements in key areas including managed hosting, cloud computing and data centre management. This exclusive Reseller News roundtable in association with rhipe, a Crayon company and VMware, focused on how partners can integrate generative AI solutions into existing service offerings and unlocking new revenue streams.

How MSPs can capitalise on integrating AI into existing services
Access4 holds inaugural A/NZ Annual Conference

Access4 holds inaugural A/NZ Annual Conference

​Access4 held its inaugural Annual Conference in Port Douglass, Queensland, for Australia and New Zealand from 9-11 October, hosting partners from across the region with presentations on Access4 product updates, its 2023 Partner of the Year awards and more.

Access4 holds inaugural A/NZ Annual Conference
Show Comments