"With all this privacy erosion, those CEOs may actually be right -- but only because they're working to kill privacy. On the Internet, our privacy options are limited to the options those companies give us and how easy they are to find. We have Gmail and Facebook accounts because that's where we socialize these days, and it's hard -- especially for the younger generation -- to opt out. As long as privacy isn't salient, and as long as these companies are allowed to forcibly change social norms by limiting options, people will increasingly get used to less and less privacy. There's no malice on anyone's part here; it's just market forces in action. If we believe privacy is a social good, something necessary for democracy, liberty and human dignity, then we can't rely on market forces to maintain it. Broad legislation protecting personal privacy by giving people control over their personal data is the only solution."
Bruce concluded that only legislation will work. I think that's only partially true. People can waive their rights and give away or sell their privacy and that will always be legal. Social Responsibility exists in the corporate world and exists alongside market forces. I think about this from the perspective of the 'corporate' world and the 'consumer' world. In the corporate world we have lot's of privacy (at least between the corporation and outside, not necessarily with each other) and most corporations and public entities are strongly in the camp of "We can't loose control of our data, thus we can't use GMail", etc. What this does, is leave the GMails and Facebooks of the world with no powerful rudder to counteract their tendencies to make money through erosion of privacy. By large public institutions and powerful private organizations 'opting' out of the 'social internet' of GMail and Facebook, we leave the consumers to deal with those entities on a one by one basis. That's why Bruce thinks we need legislation - individuals are relatively powerless and he believes that public/private organizations will not act on their own with profits at stake. I think that large public and private entities must directly engage with the consumer social networks by using them and demand privacy and pay real dollars for it to be delivered, thus providing a counter incentive for profit from erosion. That would be social responsibility and 'good will' for these organizations. It might even lower their IT costs. And our tax supported public institutions should not even need an incentive to do this, they should be acting in our interests.
I think that large organizations not engaging with the social internet by using it internally is counter-productive and will make the public/private security cocoon more porous. Privacy erosion will get worse and public and private institutions more prone to data loss from inside. Since consumer internet technology is in daily use by employee's (by definition, the consumer) and we already know how powerless corporate IT has been in stopping these technologies from getting used at work, A growing gulf between privacy expectations and behavior is developing between the organization and it's people. Corporate technology can and will continue to 'divorce itself' from the social internet technologies, by delivering the firewalled, vpn'd, streamed and virtualized application container on top of consumer technology. This direction will consume lot's of corporate IT energy and dollars. It will not stop the erosion of privacy and it will not stop the release of 'confidential' data. Enforcement of data privacy regulation, in the face of massive corporate profits to be made from loss of privacy will be an order of magnitude harder than enforcing the drug laws. I think we all know where drug enforcement has led us. Right now, the University of Michigan has banned all sponsored travel to Northern Mexico because of drug violence.....what a great outcome....Image similar outcomes with data privacy....
