Privacy, regulation, and reputation

I wrote previously about Google's challenges with respect to privacy, and since then it has incurred the wrath of consumers with its initial rollout of Buzz. And my colleague Chenxi Wang blogged about Facebook's issues with its privacy policy.

What's intrigued me about these two incidents is that the companies each ended up making serious missteps by publicizing information that at first blush seems innocuous. Google exposed information about who you email with; Facebook made public your circle of Friends.

Nor does this type of data fall into the category of PII (personal identifiable data). So despite the ever-growing regulatory climate on privacy (HITECH, Massachusetts 201 CMR 17.00, PCI, etc.), the nature of consumer concerns far outpaces any legislative efforts.

Consumers_are_more_protective_of_their Internet_behavior_than_PIISo why all the outcries? Each of these events strike to the heart of consumers' privacy concerns because they see a loss of control over information that embodies their interactions and relationships. Organizations like Facebook and Google are exploiting this information by publicizing or monetizing (directly or indirectly) it, without consumer consent or opt-out or even advance notification. Indeed, when we looked at the kinds of information consumers were willing to have in the public domain, they were far more accepting of having PII available than other information that could be surreptitiously aggregated.

With privacy, you’ve got to go beyond the low bar of regulations if you want to retain the trust of consumers.