Craig Spiezle
Craig Spiezle

Now is the time to make privacy a corporate priority, says Craig Spiezle of the Online Trust Alliance.

A day does not go by without my hearing of privacy and data governance issues conflicting with core business objectives. As businesses of all sizes have become more dependent on the internet and online commerce, they have also become stewards of vast amounts of data. They now must navigate through a sea of emerging and evolving privacy definitions and requirements to manage both their operational and customer expectations.

Technical ingenuity continues to prompt new business models and opportunities but also opens up the flood gates of policy and regulatory concerns for business. For example, many companies use and rely on behavioral targeting and the promise of location-based data to provide services to users, but what are the privacy and data security implications? How will this data be used and can it be exploited tomorrow? How long should the data be retained? Which technologies should be used to encrypt it and what constitutes reasonable efforts to render it anonymous?

These questions are a few of the many which illustrate the perplexing and evolving issues we must navigate. The regulatory landscape is rapidly expanding, developing into yet another patchwork of dozens of state laws and a growing set of sectoral laws and regulations. Last May, U.S. Reps. Rick Boucher, D-Va., and Cliff Stearns, R-Fla., introduced a discussion draft outlining what amounts to a federal privacy act. The proposed bill covers both online and offline data collection, presents an expanded definition of sensitive data, demands broader notice and choice requirements for data collection and increased regulatory oversight for the Federal Trade Commission.

While the act includes some far-reaching implications, having a single federal law may turn out to be a blessing in disguise – so long as it does not penalize legitimate business models or stifle innovation.

The entire notion of privacy policies, notice and choice is being turned inside out. Consumer anxiety is at an all-time high with doubts being raised around major online service providers' practices. No longer can we consider privacy someone else's issue. The chasm between consumer expectations, privacy advocates and today's business operations must be aligned.

The increasing reliance on cloud services is another area of concern. Cloud services provide many key benefits to business, allowing the enterprise to scale easily and save on operational costs. With that comes increased concern on managing customer data through vendors. We need to consider more than a traditional service-level agreement. Vendor management teams must become active participants in the discussion with IT, security and compliance teams. What are their data handling procedures, data retention and minimization processes? What are their privacy policies? Are they sufficient? Are they as as good as or better than yours?

Privacy and consumer advocates are demanding change. Now is the time to make privacy a corporate priority. Who owns privacy issues for you? Assign this responsibility and support their ownership on these issues. Doing so not only will address growing consumer discontent but also help assure your competitiveness and the long-term vitality of e-commerce and online services.

Rather than wait until the dust settles, seize the moment and take a leadership position today. The investment will reap dividends that are far-reaching for your business: Improving risk management while helping to protect your brand's reputation.


Craig Spiezle is executive director and founder of the Online Trust Alliance, which plans to host its annual OTA Online Trust & Cybersecurity Forum in September.