Privacy – opportunities for infopros
Jinfo Blog

17th March 2010

By Tim Buckley Owen

Item

Not only is protecting personal information on your customers, suppliers and staff a legal requirement, it’s also good for business. That’s the message from the United Kingdom Information Commissioner’s Office (ICO), in a new report which also makes as convincing a case for the value of information managers as you’re likely to find. An organisation that commits to respecting people’s privacy and protecting their personal information will reap benefits says the report, The Privacy Dividend: the Business Case for Investing in Proactive Privacy Protection. It will earn and deserve people’s trust, paying dividends in terms of their loyalty and contribution to its success – and it’s more likely to have effective, well run information systems and processes. By contrast, an organisation that doesn’t protect personal information risks losing any immediate gains to be had from taking privacy shortcuts because customers won will be just as easily lost, and savings made today will be dwarfed by the costs of fixing the problems caused later. Aimed directly at executives, the report goes on to set out in detail how to create a business case for managing privacy effectively – and the examples it offers are fully costed (link to full report available from http://digbig.com/5bbfyj). Compliance matters to information managers, and the current ongoing FreePint survey shows that they are least satisfied with resources to help them with European data protection legislation (http://www.freepint.com/go/b530870). There’s also plenty of evidence that the stakes are currently being raised on personal data generally (see http://www.vivavip.com/go/e27941 for instance). The occasional well publicised example of successful prosecution can serve as a timely warning (try http://www.vivavip.com/go/e16932 and follow up comments). But actual wrongdoing aside, results from the Open Security Foundation’s Data Loss Database suggest that most privacy breaches are the result not of hacking or fraud but of simple carelessness (http://digbig.com/4yrhm). It’s inconceivable that the timing of the ICO’s report isn’t directly connected to the additional penalties that the Information Commissioner will be able to enforce from April, which he’s been warning about since last January (http://digbig.com/5bbfyk). They don’t include custodial sentences – yet – but even they aren’t ruled out for the future. It can be notoriously difficult to demonstrate return on investment in information management (try the FreePint FUMSI Folio and Survey on ‘adding value’ for ideas –http://web.fumsi.com/go/shop/report/1350). But, in the area of data protection at least, the ICO’s report offers a ready-made case for information managers who are either already the data protection officer for their organisation or are interested in making a pitch for this element of its compliance capability.

« Blog