Risk
4/19/2013
01:11 PM
50%
50%

Consumers Concerned About Online Data Privacy

Companies that collect personal data must reassure citizens or risk serious backlash, warns Market Research Society.

Earlier this week, the Economist Intelligence Unit reported that consumers worldwide are becoming increasingly concerned about the security of their data online.

According to Jane Frost, CEO of Britain's Market Research Society, a group representing companies working in market, social and opinion research, market analysis, customer insight and consultancy, they may have good reason.

"Innovative use of data for research and for big business is developing rapidly, but approaches to data privacy are not -- and this is creating an ethical gray area," she told Information Week. "Consumer trust in data sharing is taking a beating, and organizations need to commit to ethical data sharing that respects personal privacy or risk jeopardizing their relationship with consumers."

[ Do you worry about how companies are handling your personal information? Read Online Privacy Worries Increasing Worldwide. ]

Frost works closely with the U.K. watchdog group the Office of the Information Commissioner. She has also worked as a marketer for Shell, Her Majesty's Revenue and Customs (HMRC) and the BBC, where she managed big data strategies and helped inform commercial decisions.

She noted that a vast amount of data is now readily available to organizations. "In most cases, data is being used in a way that we as consumers accept and are happy with. However, there have been an increasing amount of incidents where data has been used for purposes it was not meant to be."

As a result, Frost said, "Consumer concern is growing and data protection is becoming a serious issue." At least 58% of inquiries to the Market Research Society's confidential advisory service were related to data collection, integrity and use in 2011/12 alone, up from 43% the previous year.

The Society recently launched an initiative called Fair Data a branding exercise meant to show worried British consumers that the commercial organization bearing the label is using and retaining their data properly and ethically. The initiative is intended to work alongside statutory regulations such as the U.K.'s Data Protection Act and the Office of the Information Commissioner to help suppliers not only adhere to the legislative requirements but "go beyond them in their corporate commitments to be transparent with consumers about how they data is used." The Fair Data logo can be used only when an applicant agrees to ten core principles.

But beyond the marketing and corporate social responsibility, Frost pointed out, technology leaders play a key role. "CIOs are often responsible for managing, accessing and handling the data a company has on its customers," she said. "On the majority of occasions, they get it right."

The real concern, Frost alleged, is when it comes to sharing this data with other departments within the business. "CIOs need to ensure that data protection is a priority across the business and that there is a clear strategy and set of guidelines for everyone who is given access to customers' personal data."

For example, data is increasingly being collected in real time and used by marketing departments to make key commercial decisions. The Society advises IT leaders to "ensure that there is a joined-up approach across the business and [that the] rules of compliance are being followed."

Echoing many of the recommendations of the earlier Economist report, Frost said, "With vast amounts of data now readily available, it is essential that organizations understand how it can be managed ethically and fairly. Ethical business is good business."

Risk is a factor in any enterprise, and managing that risk is always a challenge. In regulated industries, however, the challenge is heightened by goals that sometimes overlap but more often do not. In this Assessing Risk In Your Enterprise Compliance Initiative report, we examine the general considerations organizations must make when putting risk into a compliance context, as well as recommend specific strategies for leveraging organizational risk management work to achieve compliance goals. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Drew Conry-Murray
50%
50%
Drew Conry-Murray,
User Rank: Ninja
4/19/2013 | 9:31:07 PM
re: Consumers Concerned About Online Data Privacy
People are right to be concerned. It's almost impossible not to leave digital crumbs these days, which are being hoovered up for all sorts of purposes. That said, people may also want to consider their own actions: we voluntarily give away tons of data about ourselves on social networking sites.

I wonder if there's a business opportunity to be had for people to market and sell their own data (rather than give it away free, or leave traces unwittingly that companies can gather up for analysis). That is, anyone who wants to gather and use my data has to get a license from me to get access to it. Could be a tasty little app for a startup.

Drew Conry-Murray
Editor, Network Computing
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-5084
Published: 2015-08-02
The Siemens SIMATIC WinCC Sm@rtClient and Sm@rtClient Lite applications before 01.00.01.00 for Android do not properly store passwords, which allows physically approximate attackers to obtain sensitive information via unspecified vectors.

CVE-2015-5352
Published: 2015-08-02
The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time ...

CVE-2015-5537
Published: 2015-08-02
The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566.

CVE-2015-5600
Published: 2015-08-02
The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumptio...

CVE-2015-1009
Published: 2015-07-31
Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 use cleartext for project-window password storage, which allows local users to obtain sensitive information by reading a file.

Dark Reading Radio
Archived Dark Reading Radio
What’s the future of the venerable firewall? We’ve invited two security industry leaders to make their case: Join us and bring your questions and opinions!