Monday, December 19, 2011

Privacy and those Darned Whippersnappers


Just finished flipping through Forbes “30-Under-30” feature ranking the top young media influencers and up-and-comers. As you might guess, the list was full of individuals who have achieved impossible success at such a tender age. Oh to be twenty-something again, and full of promise, energy, and optimism. After all, how could so many accomplish so much in so short a time? Surely these kids haven’t experienced enough of life and gained sufficient knowledge three decades to contribute much of any value, let alone earn the recognition of a publication like Forbes.

Yet, while such thoughts may assuage the fragile ego of a curmudgeon who has likely already passed the halfway mark on his chronological journey, history suggests that these thirty feted individuals are in the prime of their creative lives. Among history’s greatest inventors and innovators, most were hitting their stride by the time they were in their twenties – even if popular legend would have us believe otherwise.

We envision Alexander Graham Bell as a grandfatherly old man in a white beard clutching his new invention while calling for the assistance of Dr. Watson, but Mr. Bell was only 29 when he filed his patent for the telephone. Likewise Thomas Edison is recalled as an old crank – the Wizard of Menlo Park – riding herd over a lab full of assistants, but he was 22 when he filed for his first patent.

Why, then, do we ignore history and marginalize the contributions that can be made by young people in this age when digital literacy is so integral to functioning in modern society? Instead of embracing the valuable input young people can offer we devalue their experience and insight.

As Peter Hinssen so clearly shows us in his book, The New Normal, the digital world that today looks so different than the analog world I and my generation grew up in is second nature to those in their twenties and younger. It’s all they’ve known, and they don’t think twice about how they interact with technology. Adopting and adapting to a networked world in flux is the way it is, and they think differently about their relationship with technology. Given that, why should we expect that an approach to defining and existing in the digital realm should come from those whose outlook has mostly been influenced in another time?

When it comes to privacy and information security, I think we do ourselves and the public a disservice when we attempt to change behavior based on the way things used to be. We should instead take our cues from those who are shaping the digital world. Facebook is a great case in point: created by college students, it was likewise embraced at first by college students (initially by design, but again once the platform was opened up to the public). The malleable nature of Facebook’s use and collection of profile information was largely reflective of the comfort level that generation has with digital sharing. But once old codgers like me got on board, we decided things had to change, and use of information had to reflect the way we wanted it.

Never mind that social networking on Facebook is strictly voluntary, and putting aside that Facebook has proven to be fairly quick to respond to user complaints, digital do-gooders decided that they should be the ones who dictate how the company should operate.

The digital age is one where ideas and innovation move faster than ever before. As history has shown, those who are exerting the most influence on the shape and direction of that age are also trying to find the courage to ask their crush to the senior prom. Rather than treat them with disdain, we should ask them what they think. And we should have the good sense and humility to accept that we may be able to learn a thing or two from their experience.

Even if they are a bunch of whippersnappers.

Labels: , , , ,

Thursday, December 08, 2011

Privacy Needs an Iron Eyes Cody


Yes, I play in the privacy sandbox less since moving over to cloud-focused EMC, but I still have regular conversations and keep track of the major issues.

In one such recent conversation I felt compelled to preface the discussion with a disclaimer: “I am not a technologist, and I am not a lawyer, but I also don’t believe that privacy issues can be solved with technology or regulations.” A bit smug, perhaps, but it’s the truth. The major privacy issues facing businesses today have very little to do with too much or too little technology, too many or too few laws. The issues are rooted in human behavior – employees who have habits that are not privacy or security friendly, individuals who are not privacy-aware, and miscreants who don’t give a fig about your privacy or mine.

When you begin with that premise, I don’t think you have much choice but to view technology and law as tools that are part of a bigger solution to the problem rather than the pillar upon which the solution must be perched. You also have to take a long view toward arriving at anything resembling a solution.

Changing human behavior across an entire culture takes time – usually a lot of time – but with persistence, patience, and the right strategy it can be done. I think of our national attitude toward pollution as an example of a successful shift in human behavior. As a kid growing up in the late ‘60s and early ‘70s, I saw the American landscape at a time when it was shockingly dirty. Trash, pollution, and urban blight were everywhere. The medians on every highway in land were garbage dumps; our rivers were open cesspools; and the sky was dark with industrial exhaust.

It didn’t happen overnight, but when we decided to do something about it, things started to change. After years of work to raise awareness of the problem, the advent of the 1970s brought about things like Earth Day, the Environmental Protection Agency and Iron Eyes Cody’s famous tear. As the Keep America Beautiful campaign said, “People start pollution. People can stop pollution.” Were laws passed? Of course, but laws didn’t clean up the environment and pick up the trash, nor did the millions of new trash receptacles fill themselves. People’s attitudes and habits had to change, and, with our collective eyes opened and consciences shocked, we did.

I believe the same approach can work with privacy. Help consumers understand that they can and should expect more from their digital experience. Make them aware of their situation and their risk; educate them and equip them with the information they need to respond to organizations; give them a voice and a way to amplify it and things will change. Consumers will also take this newfound attitude and information into the workplace where their awareness will translate into greater responsibility with the sensitive information entrusted to them, helping to curb the instances of human error leading to the compromise of personally identifiable information and other valuable data.

It won’t happen overnight, but it can happen.

Labels: , , , ,

Thursday, December 01, 2011

Healthcare Industry Takes $6.5B Hit Over Poor Information Security

Technology’s supposed to make us more efficient; more productivity for each hour we invest in a project. It also means less cost associated with the effort. Without the cost benefit, after all, why bother with efficiency?

During the last year or so we’ve seen the evidence of this productivity increase with each new round of earnings reports. This has been a fantastic year for corporate profits, even as the grass roots economy remains in the toilet. While unemployment remains stubbornly above 9 percent nationally, and with even more people out of work but off the books, companies are making record profits making and selling their products and services without adding payroll.

If you are among the un/under-employed, you might not think it’s a very fair shake, but we’ll leave that debate to the Occupy protesters and their foes in D.C. and on Wall Street. For business managers, however, it’s a pretty good deal – invest in new technology and see profits rise.

Yet a study released today by my friends at the Ponemon Institute, sponsored by ID Experts, shows that not every industry seems to understand that the cost savings isn’t just about reducing workforce, but it’s about investing in the right resources. Yes, I’m looking at you, healthcare.

For industries and organizations that deal with large volumes of sensitive information, information security is not an option, yet it seems many healthcare and related companies are trying to cut costs by ignoring their obligations to safeguard patient data and comply with regulations. They are operating in the digital age and a world of mobility and Big Data, but with antiquated policies created for a time when information moved largely on paper. According to Ponemon, the costs of poor information security and inadequate data management cost the healthcare industry $6.5 billion last year.

As the press release announcing the study points out, that $6.5 billion would have been enough to employ more than 81,000 nurses – or to equip the overworked medical administrative staffers with the right tools and training to do their jobs in a manner befitting the trust their patients put in them each day – trust, by the way, that is rapidly eroding. Hey, if you are going to spend that $6.5 billion anyway, why not invest it in the tools to protect information, preserve trust, and provide operational efficiency rather than pay fines, legal fees, and audit costs?

Do it right and the costs might actually decline next year. But I won’t be holding my breath; if I pass out, I might end up in the hospital, and I don’t trust them to keep my information safe.

Labels: , , , , , ,