Privacy in the collaborative business environment
Today, data is being gathered from an ever-increasing number of online and offline data sources. While supermarkets have tracked customer purchasing preferences and data through so-called "card clubs" for years, closed-circuit television (CCTV) surveillance has become pervasive and embedded transponders (such as RFID) can track products as they move through the supply chain.
A few years ago, Sun Microsystems CEO Scott McNealy stated that consumers have no privacy and they should simply get used to the idea and move on. But new connected technologies, such as Web services, grid computing and database mining, will continue to bring the question of privacy to the forefront.
Europe has had extremely specific and strong privacy laws since the 1980s, while during the same period the United States took a self-regulatory approach. Even in the United States where such laws do exist, they are difficult to not only understand and implement but also to enforce. That has led some consumers to believe that it is preferable to minimize the amount of data that a company can collect rather than trying to regulate how such information can be used.
The difference between U.S. and European attitudes on privacy are perhaps most evident in the area of CCTV surveillance. Specifically, why is the United States afraid of CCTV and why do Britons love it? Is it a social issue or a lack of understanding by U.S. residents about who will have access to the information.
Why would the cameras in the United Kingdom be thought of as a technology of the people, a watchful neighbor or relative, instead of being perceived as an Orwellian intrusion? Local governments couldn't get enough of them; each hamlet and fen wanted its own system, even when the greatest threat to public safety in that region might have come from mad cows.
To comprehend the relationship between the British and CCTV, one must go back to 1993 and 1994 when two terrorist bombs were planted in London. In response to the attack, the government created a "ring of steel," consisting in part of a CCTV network of cameras mounted atop entry gates to the city, which motorists must drive past slowly, effectively recording their entry. In 1994, a two-year-old was kidnapped and murdered by two 10-year-old schoolboys. Surveillance cameras captured a poor-quality image of the killers taking their victim out of a shopping center. Thus began a wave of enthusiasm for CCTV, and John Major's government devoted considerable resources to encouraging local authorities to install CCTV. One slogan of the time: "If you've got nothing to hide, you've got nothing to fear."
Today, it is impossible to tally the number of CCTV cameras in the United Kingdom, but estimates show at least 2.5 million and probably many more. Signs announcing the apparatus are everywhere (sometimes "CCTV: Watching for You!"). I have heard estimates that the average person is captured by about 300 cameras per day.
How, in turn, did officials in the United States approach the question of CCTV surveillance?
In the wake of 9/11, officials spoke of installing biometric scanning systems that would compare the faces of pedestrians with a database of suspected terrorists. The efficacy of such technology is well-known, but the manner in which the potential for deploying such a system was promulgated served to ensure a permanent bad taste for any CCTV in the public realm.
The experience of CCTV in the United States and the United Kingdom should serve as a primer for enterprise managers as to how they should approach privacy issues within the enterprise.
As knowledge workers collaborate not only with colleagues inside the firewall, but with suppliers, partners, customers and consultants, some of whom may be across multiple borders, the need to understand what the borders of information and data might be grows as well. Additionally, it will become imperative for organizations to clearly understand the data privacy ramifications related to collection, use, access and transfer of personally identifiable data from European Union countries to U.S.-based data servers or state facilities. A failure to understand how companies in the collaborative business chain perceive the need for privacy can result in a system that either protects data and privacy too much ... or too little.
Companies should develop privacy policies and procedures that allow local privacy laws to be respected without restricting the global flow of information. Collaborative business environments thrive on the free exchange of information, with appropriate corporate governance, as well as the ability for users to ensure that appropriate levels of access are afforded their work. Perhaps a slogan such as "CBE: Watching for You" is in order.
Jonathan B. Spira is CEO and chief analyst at Basex, e-mail jspira@basex.com.