Privacy issues will outstrip Y2K, predicts NCR

The battle over what consumer information should be kept private and what can be sold to the highest bidder is starting to shape up – and according to NCR Corp. IT departments are on the front line.

Traditionally, privacy hasn’t been a hot topic of discussion in IT circles. But Robert Henderson, vice-president of the newly created NCR privacy center of expertise (COE) in San Diego, said that’s about to change.

“My belief is that privacy is as large, if not larger than, the Y2K issue,” Henderson said. “The difference is that Y2K has an ending, while the privacy issue will be an emerging, iterative activity.”

Giving up personal information in order to do business isn’t a new phenomenon, Henderson admits. But as the number of on-line transactions grow, consumers are being asked to give up more data to more people, more often. Many are starting to question the practice, and with good reason, according to Henderson.

“When you look at a lot of businesses, the type of consumer profiles they have today is more extensive than profiles a lot of government agencies have had on people in previous decades. So this says that (the issue of) privacy is not going to go away,” he said.

Companies can still collect personal information about their customers, Henderson adds. But they are obligated — if not by law, then by ethics — to tell customers exactly how the information will be used, and promise not to share it with third parties without permission.

That’s where information technology comes in. Customer profiles are normally cobbled together from information stored in databases. As such, any corporate privacy policy will naturally involve restrictions around an organization’s data stores.

In most cases, it’s the CIO that should take responsibility for implementing privacy policies, both because they have a firm grasp of corporate data, and the executive teeth to get the job done, said John Boufford, I.S.P., president of e-Privacy Management Systems, a security and privacy consultancy in Lakefield, Ont., and member of the Canadian Information Processing Society (CIPS) external liaison committee.

“IS departments have a very important role to play in implementing privacy principles across the organization, ” Boufford said. “[But] IS folks have a ways to go to understand the obligations of their organizatons.”

He views privacy as an opportunity for IT to take charge of an issue affecting the entire business, something they’re increasingly being forced to do anyway, he added.

Echoing Henderson, Boufford said that as the public learns how companies can – and are – abusing confidential information, the issue of privacy will become a central social concern. “Privacy will be the next big issue on the horizon, ” he predicted.

Henderson said NCR is ready for the onslaught. The company is launching a new program under which privacy becomes a core customer satisfaction issue. That includes the creation of the NCR privacy COE, a three-person organization that Henderson heads, and several other tools and services to help customers implement privacy policies and compare standards to that of their peers.

They include Privacy Discovery Service, which helps users of NCR’s Teradata define their own privacy goals; the Privacy Assessment Service, which helps users implement them; the Privacy Data Modeling Template, which shows organizations how to optimize warehouses for privacy without affecting performance; the Privacy Administration Utility, to help customers prepare for a privacy audit; and the Privacy Consumer Access Interface, which lets Teradata users give their customers access to personal data stored in a warehouse.

“I think that privacy will…create a new way of doing business where enterprises treat privacy as a different shade of competitive advantage,” Henderson said.

The best way to optimize databases for privacy is to improve the logical data model. This is done by constructing databases with several layers, according to NCR. Each layer provides a more detailed profile, depending on customer preference. The final layer – the one with the greatest restrictions — would include the most sensitive information.

While banks and hospitals long ago adopted privacy principles, Boufford expects other companies to be less proactive. But whether they know it or not, most companies are already practising ethical privacy policies, he said. He also plays down cost concerns, adding that privacy will save some organizations time and money.

“Organizations tend to collect more information than they need…and [privacy measures] save them money in terms of collecting less information about individuals.”

NCR’s Privacy Discovery Service is currently available. The remaining services will be available by the end of 1999.

NCR Canada Ltd. in Toronto is at (416) 351-2104.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Previous article
Next article

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now