Posted by Jonathan Penn on March 17, 2010
What's intrigued me about these two incidents is that the companies each ended up making serious missteps by publicizing information that at first blush seems innocuous. Google exposed information about who you email with; Facebook made public your circle of Friends.
Nor does this type of data fall into the category of PII (personal identifiable data). So despite the ever-growing regulatory climate on privacy (HITECH, Massachusetts 201 CMR 17.00, PCI, etc.), the nature of consumer concerns far outpaces any legislative efforts.
So why all the outcries? Each of these events strike to the heart of consumers' privacy concerns because they see a loss of control over information that embodies their interactions and relationships. Organizations like Facebook and Google are exploiting this information by publicizing or monetizing (directly or indirectly) it, without consumer consent or opt-out or even advance notification. Indeed, when we looked at the kinds of information consumers were willing to have in the public domain, they were far more accepting of having PII available than other information that could be surreptitiously aggregated.
With privacy, you’ve got to go beyond the low bar of regulations if you want to retain the trust of consumers.