Number 8 on AdWeek’s Ten Digital Trends for 2010 is Privacy Wars. I agree. In fact, especially since the September 11 attack almost ten years ago, the last decade has been a period of great change as to how we view privacy, and the issue will be a lot more important in the new year. With the pervasiveness of the web, mobile and social network in our everyday life, privacy is no longer assumed nor easy. A few years ago, for example, there was some uproar because of the images in Google Map and Street View.

Back in December last year, Facebook announced new privacy changes, which created more privacy debates. One of the greatest contentions on the privacy changes amongst privacy advocates is that some information is now classified as “publicly available information” instead of “private”, as it was previously. The Electronic Frontier Foundation has a good overview of these changes. On the same day that Facebook announced the changes, Bruce Schneier also responded to a comment by Google CEO Eric Schmidt on privacy. For me personally, I subscribe to Bruce Schneier’s view but also believe in trading some information for convenience. For example, the HungryGoWhere app on my wife’s iPhone is so convenient even though it means revealing my location to anyone who is interested.

The good news is that service providers are generally giving consumers more control over their private information and more granularity in the control. One important thing to remember though, is that privacy is becoming very complicated. As sites like Facebook grow, there is a great number of scenarios and options where proper checks are required to ensure privacy control is adhered to.

Privacy is closely related to information security, and marketers and agencies need to understand that information security can impact privacy. Take the example of a telemarketer calling you on behalf of your credit card company. Here’s a sample conversation:

• Telemarketing: Good afternoon, Mr. Oh. My name is so-and-so from such-and-such company, calling on behalf of haven’t-collapsed-bank. There is a credit transfer offer specially for you for being such a loyal credit card customer of haven’t-collapsed-bank. The credit transfer interest rate is 3% only for 6 months. This offer is specially for you only.
• Me: Sounds good. How do I proceed?
• Telemarketing: Great! In order to proceed, I need to do some verification. Can I know your NRIC, mother’s maiden name, and how many cards you have with haven’t-collapsed-bank?

If you have experienced these calls, I hope you have not given out the information requested at this point. Otherwise you would have given a complete stranger calling from an unknown or hidden number your details, without any proof that the caller is genuinely authorised by your bank. I usually challenge the telemarketer to tell me my details instead. Recognising that the telemarketer also needs to verify me, I’ll furnish some further details once I confirm the caller. A simple challenge and handshake authentication.

Five years ago, I received an email with a RSVP function from a government statutory board. A click on the email link brought me to a RSVP form with my details already pre-filled. But the implementation was flawed, as I could change the web address to retrieve all the almost 50,000 user details. I informed the board of the flaw, and their agency quickly responded and fixed it after I described the flaw.

Now let’s take a look at Facebook Connect. One of the terms on Facebook is that you cannot cache any Facebook data for more than 24 hours. This is part of Facebook’s Terms of Service, and agencies will need to ensure that any campaigns adhere to them properly. In addition, if there are any API services that your campaign or website in turn provides, it has to ensure that no such Facebook data is passed on to third party sites.

Hence, while it is easy to say that privacy is important, making sure that it is properly managed requires a good understanding of legal details and information security. For marketers, it is important when designing your digital campaign to not just have a privacy statement, but ensure that the agency has taken care of the entire information security process. Getting a IT person on your side is a good start, but in the era of digital, marketers should also learn and understand the processes in information security.

Tags: Digital, Facebook, privacy

This entry was posted on Tuesday, January 12th, 2010 at 11:08 am and is filed under Digital. You can leave a response, or trackback from your own site.