Risk
4/19/2013
01:11 PM
Connect Directly
RSS
E-Mail
50%
50%

Consumers Concerned About Online Data Privacy

Companies that collect personal data must reassure citizens or risk serious backlash, warns Market Research Society.

Earlier this week, the Economist Intelligence Unit reported that consumers worldwide are becoming increasingly concerned about the security of their data online.

According to Jane Frost, CEO of Britain's Market Research Society, a group representing companies working in market, social and opinion research, market analysis, customer insight and consultancy, they may have good reason.

"Innovative use of data for research and for big business is developing rapidly, but approaches to data privacy are not -- and this is creating an ethical gray area," she told Information Week. "Consumer trust in data sharing is taking a beating, and organizations need to commit to ethical data sharing that respects personal privacy or risk jeopardizing their relationship with consumers."

[ Do you worry about how companies are handling your personal information? Read Online Privacy Worries Increasing Worldwide. ]

Frost works closely with the U.K. watchdog group the Office of the Information Commissioner. She has also worked as a marketer for Shell, Her Majesty's Revenue and Customs (HMRC) and the BBC, where she managed big data strategies and helped inform commercial decisions.

She noted that a vast amount of data is now readily available to organizations. "In most cases, data is being used in a way that we as consumers accept and are happy with. However, there have been an increasing amount of incidents where data has been used for purposes it was not meant to be."

As a result, Frost said, "Consumer concern is growing and data protection is becoming a serious issue." At least 58% of inquiries to the Market Research Society's confidential advisory service were related to data collection, integrity and use in 2011/12 alone, up from 43% the previous year.

The Society recently launched an initiative called Fair Data a branding exercise meant to show worried British consumers that the commercial organization bearing the label is using and retaining their data properly and ethically. The initiative is intended to work alongside statutory regulations such as the U.K.'s Data Protection Act and the Office of the Information Commissioner to help suppliers not only adhere to the legislative requirements but "go beyond them in their corporate commitments to be transparent with consumers about how they data is used." The Fair Data logo can be used only when an applicant agrees to ten core principles.

But beyond the marketing and corporate social responsibility, Frost pointed out, technology leaders play a key role. "CIOs are often responsible for managing, accessing and handling the data a company has on its customers," she said. "On the majority of occasions, they get it right."

The real concern, Frost alleged, is when it comes to sharing this data with other departments within the business. "CIOs need to ensure that data protection is a priority across the business and that there is a clear strategy and set of guidelines for everyone who is given access to customers' personal data."

For example, data is increasingly being collected in real time and used by marketing departments to make key commercial decisions. The Society advises IT leaders to "ensure that there is a joined-up approach across the business and [that the] rules of compliance are being followed."

Echoing many of the recommendations of the earlier Economist report, Frost said, "With vast amounts of data now readily available, it is essential that organizations understand how it can be managed ethically and fairly. Ethical business is good business."

Risk is a factor in any enterprise, and managing that risk is always a challenge. In regulated industries, however, the challenge is heightened by goals that sometimes overlap but more often do not. In this Assessing Risk In Your Enterprise Compliance Initiative report, we examine the general considerations organizations must make when putting risk into a compliance context, as well as recommend specific strategies for leveraging organizational risk management work to achieve compliance goals. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Drew Conry-Murray
50%
50%
Drew Conry-Murray,
User Rank: Ninja
4/19/2013 | 9:31:07 PM
re: Consumers Concerned About Online Data Privacy
People are right to be concerned. It's almost impossible not to leave digital crumbs these days, which are being hoovered up for all sorts of purposes. That said, people may also want to consider their own actions: we voluntarily give away tons of data about ourselves on social networking sites.

I wonder if there's a business opportunity to be had for people to market and sell their own data (rather than give it away free, or leave traces unwittingly that companies can gather up for analysis). That is, anyone who wants to gather and use my data has to get a license from me to get access to it. Could be a tasty little app for a startup.

Drew Conry-Murray
Editor, Network Computing
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3341
Published: 2014-08-19
The SNMP module in Cisco NX-OS 7.0(3)N1(1) and earlier on Nexus 5000 and 6000 devices provides different error messages for invalid requests depending on whether the VLAN ID exists, which allows remote attackers to enumerate VLANs via a series of requests, aka Bug ID CSCup85616.

CVE-2014-3464
Published: 2014-08-19
The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) 6.2.0 and 6.3.0, does not properly enforce the method level restrictions for outbound messages, which allows remote authenticated users to access otherwise restricted JAX-WS handlers ...

CVE-2014-3472
Published: 2014-08-19
The isCallerInRole function in SimpleSecurityManager in JBoss Application Server (AS) 7, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.3.0, does not properly check caller roles, which allows remote authenticated users to bypass access restrictions via unspecified vectors.

CVE-2014-3490
Published: 2014-08-19
RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform (EAP) 6.3.0, does not disable external entities when the resteasy.document.expand.entity.references parameter is set to false, which allows remote attackers to read arbitrary files and have...

CVE-2014-3504
Published: 2014-08-19
The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Dark Reading continuing coverage of the Black Hat 2014 conference brings interviews and commentary to Dark Reading listeners.