In early September, CMOR participated in a workshop sponsored by the National Science Foundation (NSF) with researchers in the information technology and statistical research communities. The goal of the workshop was to determine where they should focus their efforts in order to improve data privacy and confidentiality, without unduly sacrificing the usability and utility of the data.

What is Privacy All About?
In his keynote presentation, the head of Microsoft’s Trustworthy Computing program observed that privacy has two sides: (1) the right to be left alone; and (2) information privacy (the control of and access to your digital persona).

Corporate Vice President Scott Charney, who originally founded the Department of Justice’s section on Computer Crimes and Intellectual Property, said that the earliest fights over data confidentiality were between anonymity and accountability – with activists on both sides forgetting that both aspects were necessary.

The ideal is confidentiality, a high degree of confidentiality (anonymity or privacy) with the ultimate capacity for law enforcement to get the bad guys (accountability or security). Meaning, as a society, we would rather let people die from anonymously-mailed anthrax, rather than eliminate people’s freedom to send mail through the U.S. Postal Service. We want law enforcement to have a chance to catch the criminals. Charney pointed to that dichotomy as the key to Trustworthy Computing, since the marketplace is now demanding both aspects. The program emphasizes opt-in tools for product users and a “security lifecycle” within the company itself (to ensure that privacy is part of the corporate “value system”). Charney said that consumers are privacy pragmatists, who give only what’s needed in order to get what they want and need. That’s why the “sweet spot” for privacy is entirely dependent on the individual.

Privacy Policy Management
The second day of the workshop focused on the management of privacy policies, which was the most relevant for the survey and opinion research.

The question posed by the breakout group in which CMOR participated, was how to implement a policy into an organization’s daily operations – a key issue. Participants acknowledged that public and consumer trust is an organization’s greatest asset, and several researchers advocated including privacy from the idea and design stage in all products and services. Participants identified outsourcing and data sharing as the biggest hitch in that process, and several discussed research they are conducting to create integrated software systems to allow consumers to micromanage their data privacy, and allow personnel across an organization to follow those directions accurately and easily. As CMOR learns more about the progress of these kinds of software, we will report it to the profession.

No matter how your organization deals with privacy, one thing is certain; it is likely different than other organizations in the profe ssion. Also true: privacy is different for every respondent.

Disclaimer: The information provided in this message is for guidance and informationa l purposes only. It is not intended to be a substitute for legal advice. All parties should consult with private legal counsel regarding the interpretation and application of any laws to your business.