Ask the Expert: Data Is a Valuable Asset Companies Must Protect

Michelle Dennedy, chief privacy officer at Cisco Systems, says companies must build privacy protections into their best practices.

Wednesday, December 30, 2015

There's a steep price to pay for all those empowering free online services, such as web searches and email: It's your privacy.

Every move you make online is routinely logged, stored and data-mined by companies aggressively seeking to profit from profiling individual Web users.

Meanwhile, the definition of personal privacy—which was shaped before the arrival of the Internet—has been dismantled in our Internet-centric society.

ThirdCertainty recently sat down with Michelle Dennedy, chief privacy officer at Cisco Systems, to discuss the wider context and go-forward implications. (Text edited for clarity and length.)

Q: Are businesses taking advantage of the absence of online privacy?

A:
We have not come to a common cultural definition, and certainly not a common financial definition, of privacy. When I say privacy, what I mean is the authorized processing of personalized information according to fair principles. Now, wrapped in that functional definition are all kinds of opinions and biases. So the right to be left alone is part of authorizing how information about you is stored and processed. And the commercial aspect of that has to do with who owns what data.

Q: Aren’t those lines blurred?

A:
They’re more and more opaque to the individual. You don’t know who has access to information about you, who has made observations about you, or who is making statements that may impact you. Today it’s coming full circle. We’re starting to talk about what organizations need to do to prepare themselves for increasing demands in a multicultural world where people want to be assured that their data is being treated with respect.

Q: From the corporate perspective, what are some myths about online privacy that need to be addressed?

A:
We think that because it’s cheap to buy the hardware to store information, and the processing power is exponentially cheaper than it once was, and we’re all carrying super computers in our pockets, that we can just grab information really quickly. We’ve devalued data and made it feel like it might be fast food. But the reality is, data is nourishment for our businesses.

And so if our businesses take the view that information is cheap, easy and worthless, they’ll treat information about their employees and customers as cheap, easy and worthless. And then you start to see cataclysmic levels of breaches because we’re not curating our information and treating it as if it’s an asset that’s worthy of curation.

Q: Cyber criminals have certainly figured out the value of stored data.

A:
I love the word value. We as individuals believe in determining our own reputation, our own life story. But we also value building sustainable companies that have enough cash currency, as well as informational currency, to grow. … As we build out the Internet of Things, we should also think about building the Internet of Experiences. But you can’t build an Internet of Experiences unless you really build in privacy protections.

Q: Right now there are a lot of creepy experiences. Why do I need to turn over virtually everything on my phone to use an app to tune my ukulele?

A:
So let’s take that ukulele app. It may be that by downloading all of your contacts, that app developer has a slightly higher chance of getting to a couple more people who happen to play the ukulele—if they pinged all of your contacts.

However, it’s inefficient and wasteful for them to probably creep out all of your friends when they do that. And what they’ve done is acquired more risks. If they were to lose your contacts, they’re going to have to pay for breach repair, and they’re going to have to deal with bad press.

And why do they need all of your data in the first place? The answer is they don’t. Maybe they want stickiness for their app or they want to resell their customers, who are devoted ukulele fans, to a larger company. They need to think through what they really want to know about you and how to get what they need in a way that delights the customer. Maybe do a survey.



Q: So business models built around users making informed choices about use of their personal data?

A:
Owning and curating data is going to start being recognized as being expensive again. We’ve seen a lot of activity coming out of Europe. The Safe Harbor decision alone has really thrown the world into an uproar. And here in the U.S., having a misstep in privacy is no longer a small offense. If you mess up and the FTC catches you, that can cost you millions of dollars over 20 years.

Also the requirements to recover after a major breach are becoming prohibitively expensive. The notion once was ‘Data is cheap, we don’t really know what it’s for yet, but we might use it later, so we’ll store it as an uncurated asset.’

On a balance sheet, an uncurated asset is known as a liability. By its very nature you are not in control of an uncurated asset. We’re going to start to see more companies wake up and recognize that an uncurated asset equals a liability, while a curated asset equals opportunity.

Byron Acohido is editor-in-chief of ThirdCertainty.com, where this article originally appeared.

© IDT911, LLC. All Rights Reserved.
If you need identity theft assistance, call your provider organization to be put in touch with the IDT911 Resolution Center. More information for individual consumers.