When Google issued a statement this summer that it planned to flash a browser warning to any user whose account was at immediate risk of “state-sponsored attack”, it lifted the lid on the major theme of 2012: the war for customers’ and citizens’ data – who “owns” or controls it, what it contains, who has access to it, and what it should be used for.
For any social enterprise – ironically, a term now trademarked in the US by Salesforce.com – or any public or private organisation seeking a one-to-one relationship with citizens in the UK’s “digital first” economy, such data is as valuable as core intellectual property. Indeed, when fewer companies manufacture things or originate content, then all that really distinguishes some organisations from others is their customer lists and demographic profiles.
In 2012, as social platforms proliferate, chatter spreads, CCTV cameras guard street corners, Facebook spearheads facial recognition technology and its members build a database of faces by tagging friends’ images, more and more people’s lives are conducted in public – and not always willingly. For all UK organisations, data ownership and data security are vitally important strategic and operational considerations.
Andy Warhol said that, in the future, everybody would be famous for 15 minutes. That future is upon us, but the reality is that many of us are famous to 15 people. The desire to remain private and/or anonymous used to be a core British value, but in recent times it has been treated with suspicion – an unfortunate by-product of the widespread desire for fame.
Nevertheless, the right to be forgotten, to have our personally identifiable data (PID) erased, remains an important legal principle, and it is one that – as we will see – data regulators are grappling with, sometimes against the prevailing politics of the time.
The business case for prying
The battle for people’s data is a complex one, in which white hats and black hats have been replaced by a legion shades of grey. On one side of the battlefield are private companies. They, reasonably, want to get closer to their customers so they can up-sell and cross-sell targeted products and services, while minimising waste and maximising loyalty.
But in an economy where many companies have diversified into dozens of markets, such data-gathering risks becoming an intrusion into the most private parts of people’s lives, lifestyles, health statuses and preferences.
And if customer data is lost, hacked into or stolen, then an organisation’s reputation and financial stability can be threatened, while the private data of innocent customers may fall into criminal hands – or be splashed across discussion boards for (anonymous) comment.
While 2012 has been a red-letter year for good reasons, it has also been another year in which the security of several companies’ data and IT infrastructures has been found wanting.