Risk
4/19/2013
01:11 PM
50%
50%

Consumers Concerned About Online Data Privacy

Companies that collect personal data must reassure citizens or risk serious backlash, warns Market Research Society.

Earlier this week, the Economist Intelligence Unit reported that consumers worldwide are becoming increasingly concerned about the security of their data online.

According to Jane Frost, CEO of Britain's Market Research Society, a group representing companies working in market, social and opinion research, market analysis, customer insight and consultancy, they may have good reason.

"Innovative use of data for research and for big business is developing rapidly, but approaches to data privacy are not -- and this is creating an ethical gray area," she told Information Week. "Consumer trust in data sharing is taking a beating, and organizations need to commit to ethical data sharing that respects personal privacy or risk jeopardizing their relationship with consumers."

[ Do you worry about how companies are handling your personal information? Read Online Privacy Worries Increasing Worldwide. ]

Frost works closely with the U.K. watchdog group the Office of the Information Commissioner. She has also worked as a marketer for Shell, Her Majesty's Revenue and Customs (HMRC) and the BBC, where she managed big data strategies and helped inform commercial decisions.

She noted that a vast amount of data is now readily available to organizations. "In most cases, data is being used in a way that we as consumers accept and are happy with. However, there have been an increasing amount of incidents where data has been used for purposes it was not meant to be."

As a result, Frost said, "Consumer concern is growing and data protection is becoming a serious issue." At least 58% of inquiries to the Market Research Society's confidential advisory service were related to data collection, integrity and use in 2011/12 alone, up from 43% the previous year.

The Society recently launched an initiative called Fair Data a branding exercise meant to show worried British consumers that the commercial organization bearing the label is using and retaining their data properly and ethically. The initiative is intended to work alongside statutory regulations such as the U.K.'s Data Protection Act and the Office of the Information Commissioner to help suppliers not only adhere to the legislative requirements but "go beyond them in their corporate commitments to be transparent with consumers about how they data is used." The Fair Data logo can be used only when an applicant agrees to ten core principles.

But beyond the marketing and corporate social responsibility, Frost pointed out, technology leaders play a key role. "CIOs are often responsible for managing, accessing and handling the data a company has on its customers," she said. "On the majority of occasions, they get it right."

The real concern, Frost alleged, is when it comes to sharing this data with other departments within the business. "CIOs need to ensure that data protection is a priority across the business and that there is a clear strategy and set of guidelines for everyone who is given access to customers' personal data."

For example, data is increasingly being collected in real time and used by marketing departments to make key commercial decisions. The Society advises IT leaders to "ensure that there is a joined-up approach across the business and [that the] rules of compliance are being followed."

Echoing many of the recommendations of the earlier Economist report, Frost said, "With vast amounts of data now readily available, it is essential that organizations understand how it can be managed ethically and fairly. Ethical business is good business."

Risk is a factor in any enterprise, and managing that risk is always a challenge. In regulated industries, however, the challenge is heightened by goals that sometimes overlap but more often do not. In this Assessing Risk In Your Enterprise Compliance Initiative report, we examine the general considerations organizations must make when putting risk into a compliance context, as well as recommend specific strategies for leveraging organizational risk management work to achieve compliance goals. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Drew Conry-Murray
50%
50%
Drew Conry-Murray,
User Rank: Ninja
4/19/2013 | 9:31:07 PM
re: Consumers Concerned About Online Data Privacy
People are right to be concerned. It's almost impossible not to leave digital crumbs these days, which are being hoovered up for all sorts of purposes. That said, people may also want to consider their own actions: we voluntarily give away tons of data about ourselves on social networking sites.

I wonder if there's a business opportunity to be had for people to market and sell their own data (rather than give it away free, or leave traces unwittingly that companies can gather up for analysis). That is, anyone who wants to gather and use my data has to get a license from me to get access to it. Could be a tasty little app for a startup.

Drew Conry-Murray
Editor, Network Computing
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-4440
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack.

CVE-2013-4442
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers.

CVE-2013-7401
Published: 2014-12-19
The parse_request function in request.c in c-icap 0.2.x allows remote attackers to cause a denial of service (crash) via a URI without a " " or "?" character in an ICAP request, as demonstrated by use of the OPTIONS method.

CVE-2014-2026
Published: 2014-12-19
Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to inject arbitrary web script or HTML via the request parameter.

CVE-2014-2716
Published: 2014-12-19
Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location System (RTLS) Controller 6.0.5-FINAL, and Activator 3 reuses the RC4 cipher stream, which makes it easier for remote attackers to obtain plaintext messages via an XOR operation on two ciphertexts.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.