The Privacy Versus Confidentiality Battle Continues

For a company to survive in an e-business world, its customers need to be sure that their private information stays just that: private. But once that information is given out by a customer, how "private" is it?

"Privacy has to do with whether you can collect certain information. Once you've collected it, privacy is a moot point," says Ken Orr, Cutter Consortium Senior Consultant and a Cutter Technology Council fellow.

"The issue that people are fighting about now is confidentiality, which has to do with the agreement that a business has with its outside (and inside) stakeholders to protect their data and to use it for the purposes that the provider intended. Until recently, most companies acted like they could do anything they liked with other people's data. The Internet has ended all that. Those companies that fail to protect their consumers' data will find themselves in a lot of hot water, whether they are a major bank or"

In a recent survey by Cutter Consortium, privacy ranked sixth in a list of important issues facing those organizations that are engaged in e-business:

1. Security

2. Cost

3. Reliability

4. User connection speed

5. Lack of standards

6. Privacy

7. Backbone

8. Other

Of those surveyed, only 53% have a formal e-business privacy policy. Among those companies, privacy is treated seriously: 73% of companies with a formal privacy policy use customer data for internal use only, 17% do not keep data, and only 9% share data with carefully selected screened parties. Renting data to outsiders, much less sharing data freely, is not common among companies with formal privacy policies.

"Of course," according to Chris Pickering, also a Cutter Consortium Senior Consultant and author of the study *e-Business Trends, Strategies, and Technologies* "there is plenty of cause for concern about the 47% with no formal privacy policy."

Privacy-protection mechanisms are used by companies to varying degrees. Two-thirds of the respondents say their company encrypts e-business transactions as standard practice (most often with SSL). But only 5% of respondents participate in privacy-seal programs.