For years, cyber-security experts, the FBI, and U.S. Secret Service have lamented that technology alone will not prevent the unauthorized release of mission-critical data. Public awareness and training is a critical component of this process, and yet, we keep losing the cyber-security battle.
PriceWaterhouseCoopers and CSO Magazine recently released a collaborative report entitled – 2013 State of Cybercrime Survey. The report stated: (1) that cyber-crime is on the rise, and there is no progress for organizations to develop ways to defend themselves against internal or external threats; (2) organizations are misjudging the severity of risks from a financial, reputational, and regulatory perspective, in part, because the “attack surface” in the business landscape is operating on interconnected and interdependent disparate systems; and (3) vigilant and proactive awareness is tantamount to abating cyber-threat risks, which may be accomplished via (a) a tone at the top corporate culture, and (b) training and awareness programs for employees and third-party vendors.
Meanwhile, debate over “Do Not Track” legislation has reached critical mass in most state and federal legislative bodies. Lawmakers are looking for ways to give American consumers more control over how their online behaviors are managed and tracked. Privacy rights groups advocate for greater consumer insight and control over how the vast amounts of collected data is processed and analyzed. The Do Not Track feature allows users to avoid cookies that collect personal information about online habits, and any company found to be in violation of circumventing a Do Not Track protocol could face enforcement action by a regulatory agency (such as the Federal Trade Commission).
The “Opt Out” mechanism of Do Not Track legislation is uniquely American. The basic presumption for the American online consumer is that they want to have their online habits monitored, tracked, and analyzed. To the rest of the world, Do Not Track legislation is seen as an “Opt In” mechanism. In other words, the a non-American consumer sees their online habits as intimately private and not to be shared with anyone. Advertisers will argue that the information derived from such data analytics will enhance the shopping experience, because specific and targeted deals can be tailored to the users personal preferences. Opting out of this presumption will only ensure that the online ads are less relevant.
What is most striking about the paradigm differences in opting-in versus opting-out, is that from a monetization standpoint, it can be argued that the non-American consumer places a higher value on their personal information, and thereby, if sold, would command a higher price for its use and distribution. One look at most American corporate privacy policies, and it is hard to argue against this notion. Additionally, as the Affordable Health Care Act becomes law, how will insurance companies and other medical establishments share our personal health information with its affiliates and other third-parties, all the while never rendering the patient some sort of financial remuneration for such dissemination? Simple, we will release our rights via a “check the box” option when we enter our doctor’s office.
From an ecological perspective, the way information functions in American society makes it inherently less valuable, because its chain of custody is constantly being transferred. As supply and demand indicators take hold of the data, its value diminishes to the point that an employee, or individual, will see little harm in its unauthorized release.