Think twice before you post personal data online

These aren't futuristic ponderings. They are timely, important questions that relate to your very personal corner on the Internet. Or, as we say at Sun Microsystems, the "network of you".

As Sun's chief privacy officer, I am constantly thinking about how to best safeguard and respect the many million networks of you that interconnect with each other.

We gain significantly more economic and social benefits from increased participation on the network than digital isolationism.

But, if we want to enjoy the benefits of participation and avoid isolation on the network, we need a renewed effort by industry, policymakers and individual users to prevent an unprecedented breach of data privacy that would shake consumer confidence and create crisis.

With 1.1 billion people using the Internet now, and with another 500 million users expected to come online by 2010, individuals are creating a massive boom in data.

Think about how much e-mail, photos, videos, music, and personal thoughts you stored online 10 years ago. Now think about how much you put online now and will, a decade from now. It's a whole lot and a whole lot more.

The Population Reference Bureau says that, on average, one person generates 850 megabytes of data a year. And, by 2010, individuals will create about 70 percent of the world's digital data, says the analyst house IDC.

Yet, while consumers are creating massive amounts of data, IDC also predicts that by 2010, businesses, governments and other organizations will be responsible for the security and privacy of 85 percent of this information.

That information represents not only power for those entities, but also a new currency. The big public and private players in IT, search, retail, healthcare, insurance and content sharing are running the equivalent of an information World Bank.

Unfortunately, despite the tremendous personal and financial value of the information in huge databases, we're still operating in an environment where a US$47 savings account is more institutionally protected against misuse, fraud and theft than US$47 billion worth of digital records.

To solve this problem, we need to develop transparent, open controls that are appropriate to specific types of information and that create respect between organizations and individuals.

Here are the first steps:

•  Harmonize regulations. There are numerous laws and legislative proposals at the state, federal and international levels currently trying to keep up with the explosion of digital data and its societal impact.

Many of these current and proposed rules are in conflict with each other, as lawmakers try to balance mandated retention of data with a desire to protect consumer privacy.

We need to work toward synching local rules with international standards, and we need to nurture other economies that are struggling to set up their own legislative privacy schema. A mishmash of rules creates complexities and unpredictability that open opportunities for criminals.

•  Build privacy into products and services and gain competitive advantage. There is a fundamental need for privacy to be built into systems to protect personal data. Where we must retrofit existing technology architectures and individual systems, we must--but this approach comes with its own set of risks.

Indeed, as it is now becoming the norm to consider energy efficiencies when creating products, so should it be to consider privacy from the start of the development process and throughout a product lifecycle.

Businesses that integrate strong, transparent privacy controls into their systems will gain competitive advantage over those that don't.

•  Consider privacy part of good corporate governance. Technologies that help protect confidentiality, control access to data, and enforce enterprise data management policies are enablers for privacy, but they don't address the decision making around how personal information will be used by the organization.

Organizations must carefully consider what data to keep, who can access it and how third-parties can audit the effectiveness of their data management efforts. With a transparent privacy policy in place, a company incurs much less risk and is more attractive to investors and customers.

Companies that manage significant amounts of data tied to individuals should appoint a chief privacy officer with senior-level power, access and accountability.

Yet, despite all the things that policymakers and corporations can do to make the Web a more secure place for your private information, everyone with a network of you has to take personal ownership of his or her small, but growing, space on the Internet.

Before you post that hilarious vacation picture for everyone to see, think about whether it could come back to haunt you years later when you are trying to ascend to the highest court in the land.

biography
Michelle Dennedy is chief privacy officer of Sun Microsystems, where she oversees the development and implementation of the IT company's data privacy policies and practices. Denney also works with Sun's product development teams to build products that enable privacy best practices. She has a professional degree (Juris Doctorate) in law from the Fordham University School of Law.