Risk
4/19/2013
01:11 PM
50%
50%

Consumers Concerned About Online Data Privacy

Companies that collect personal data must reassure citizens or risk serious backlash, warns Market Research Society.

Earlier this week, the Economist Intelligence Unit reported that consumers worldwide are becoming increasingly concerned about the security of their data online.

According to Jane Frost, CEO of Britain's Market Research Society, a group representing companies working in market, social and opinion research, market analysis, customer insight and consultancy, they may have good reason.

"Innovative use of data for research and for big business is developing rapidly, but approaches to data privacy are not -- and this is creating an ethical gray area," she told Information Week. "Consumer trust in data sharing is taking a beating, and organizations need to commit to ethical data sharing that respects personal privacy or risk jeopardizing their relationship with consumers."

[ Do you worry about how companies are handling your personal information? Read Online Privacy Worries Increasing Worldwide. ]

Frost works closely with the U.K. watchdog group the Office of the Information Commissioner. She has also worked as a marketer for Shell, Her Majesty's Revenue and Customs (HMRC) and the BBC, where she managed big data strategies and helped inform commercial decisions.

She noted that a vast amount of data is now readily available to organizations. "In most cases, data is being used in a way that we as consumers accept and are happy with. However, there have been an increasing amount of incidents where data has been used for purposes it was not meant to be."

As a result, Frost said, "Consumer concern is growing and data protection is becoming a serious issue." At least 58% of inquiries to the Market Research Society's confidential advisory service were related to data collection, integrity and use in 2011/12 alone, up from 43% the previous year.

The Society recently launched an initiative called Fair Data a branding exercise meant to show worried British consumers that the commercial organization bearing the label is using and retaining their data properly and ethically. The initiative is intended to work alongside statutory regulations such as the U.K.'s Data Protection Act and the Office of the Information Commissioner to help suppliers not only adhere to the legislative requirements but "go beyond them in their corporate commitments to be transparent with consumers about how they data is used." The Fair Data logo can be used only when an applicant agrees to ten core principles.

But beyond the marketing and corporate social responsibility, Frost pointed out, technology leaders play a key role. "CIOs are often responsible for managing, accessing and handling the data a company has on its customers," she said. "On the majority of occasions, they get it right."

The real concern, Frost alleged, is when it comes to sharing this data with other departments within the business. "CIOs need to ensure that data protection is a priority across the business and that there is a clear strategy and set of guidelines for everyone who is given access to customers' personal data."

For example, data is increasingly being collected in real time and used by marketing departments to make key commercial decisions. The Society advises IT leaders to "ensure that there is a joined-up approach across the business and [that the] rules of compliance are being followed."

Echoing many of the recommendations of the earlier Economist report, Frost said, "With vast amounts of data now readily available, it is essential that organizations understand how it can be managed ethically and fairly. Ethical business is good business."

Risk is a factor in any enterprise, and managing that risk is always a challenge. In regulated industries, however, the challenge is heightened by goals that sometimes overlap but more often do not. In this Assessing Risk In Your Enterprise Compliance Initiative report, we examine the general considerations organizations must make when putting risk into a compliance context, as well as recommend specific strategies for leveraging organizational risk management work to achieve compliance goals. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Drew Conry-Murray
50%
50%
Drew Conry-Murray,
User Rank: Ninja
4/19/2013 | 9:31:07 PM
re: Consumers Concerned About Online Data Privacy
People are right to be concerned. It's almost impossible not to leave digital crumbs these days, which are being hoovered up for all sorts of purposes. That said, people may also want to consider their own actions: we voluntarily give away tons of data about ourselves on social networking sites.

I wonder if there's a business opportunity to be had for people to market and sell their own data (rather than give it away free, or leave traces unwittingly that companies can gather up for analysis). That is, anyone who wants to gather and use my data has to get a license from me to get access to it. Could be a tasty little app for a startup.

Drew Conry-Murray
Editor, Network Computing
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "I've seen worse.  Last week Tim had a dragon."
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.