Ubiquitous surveillance technologies have stripped us of our anonymity. What we do, even if it’s part of a crowd, no longer goes unwatched.
Technology and fear are combining to remove the anonymity of the crowd. In the ‘fishbowl’ society the meaning of privacy will change, from secrecy to control.
How will citizens react to the fishbowl society? Some will become privacy fundamentalists, single-minded in protecting their personal information. Most will become privacy pragmatists, concerned about privacy but wanting convenience too (but be warned, privacy pragmatists morph into privacy fundamentalists if they believe their trust has been violated). And a small and dwindling minority will become privacy unconcerned, caring nothing about personal privacy and allowing anyone to record – and more importantly use – their personal information for whatever ends.
The business of privacy
Legislators everywhere are wading in to protect the personal information of their voters. In Canada, for example, the ‘The Personal Information Protection and Electronic Documents Act’ (PIPEDA) stipulates that personal data can’t be used for anything that hasn’t been agreed to beforehand by the subject (sometimes-called ‘opt-in’ permission).
With privacy changed from the ‘anonymity of the crowd’ to ‘control through legislation’, a business opportunity opens up. There are several different strategies an enterprise can adopt in its attitude towards the privacy of its customers and stakeholders in order to take advantage of the fishbowl society.
The least profitable strategy is zero-gain compliance. In zero-gain compliance, an enterprise can’t use its customers’ data because it doesn’t have the permission to do so. Both customer and enterprise suffer added costs (vigilance costs for the customer; increased data-management costs for the enterprise) and neither gets much in return.
An only slightly better alternative is mass exploitation. Mass exploitation solicits personal information from a huge audience in advance of permission for use. Spamming and telemarketing are obvious examples of this practice today. With few exceptions, only outright criminals (who may use spamming as a vehicle for malicious code and other attacks) find this strategy successful. The rest are caught by regulatory requirements for managing personal information. More legitimate enterprises, such as telemarketers, will find that mass exploitation degrades to zero-gain compliance as privacy-sensitive customers deny permission to use their data.
For legitimate businesses seeking profits in the fishbowl society, there’s targeted exploitation. Targeted exploitation solicits selected privacy-insensitive audiences who either can’t or won’t prevent unauthorized uses of their data. Targeted exploitation is more relationship-oriented than mass exploitation, but the relationship is one-way – the vendor isn’t asking for customer input. If the customer becomes privacy-sensitive and has a choice, the strategy may quickly degrade to zero-gain compliance.
Best of all, there’s trusted advisor. A trusted advisor uses customer data only for uses preauthorized by customers and actively seeks permission for new uses likely to meet customers’ needs. The trusted-advisor strategy is the long-term, high-value opportunity. It requires careful, almost zealous, protection of customers’ information, but generates returns that make this strategy worthwhile.
A technology-enabled opportunity
None of these strategies is possible without extensive support from information technology. The more sophisticated your strategy, the more critically dependent on IT you are.
For years, data-savvy enterprises have loaded up on customer personal data whenever they got the chance. But in the fishbowl society, this approach has risks.
A conservative estimate is that 25 to 30 percent of the information in a large corporate database is inaccurate. That’s the kicker. It’s not enough just to get information. You have to get accurate information.
Enterprises should get into the habit of acquiring only the personal information they know they can use and validate – and most importantly, they should get permission to use it!
Andrew Rowsell-Jones is vice president and research director for Gartner’s CIO Executive Programs.