CORPORATE VIEW

Privacy Stewardship On Your Net

Allow me to explain. Recently, and for the very first time in my life, I had to get an unlisted phone number because of constant and unbridled harassment from a seemingly endless variety of stockbrokers. These bozos (this is the kindest variation of all the words I considered) would call my home at all hours of the day and night (they conveniently forgot about the three-hour time difference from East to West Coast). Even after waking me, they were not apologetic, but completely boorish. To add insult to injury, they would preface each call with an unmitigated stream of garbage about how they had talked to me a few months ago and how I had asked them to call back. Yeah, right.

My family and I developed a few coping mechanisms, most of which involved foul language. The final straw came when one of "them" called while my wife and I were out and my niece was baby sitting. The cold caller scared my niece half to death with his incessant questions, such as where I was, w hen I was coming home and how he could reach me. And that, my friends, is how I ended up with an unlisted number and a penchant for violence.

The Name and Number Trade How does this involve you and your world of corporate computing? Well, these louts got hold of my number when my mortgage was sold. As a result of that transaction, my name was sold to another company and added to someone's mailing list--without my consent, of course. Now, most likely because of the neighborhood where we live, our record has been flagged with a "buys Florida swamp" indicator.

I'm opting out of this invasion into my life. Because of the obnoxious behavior of one business set, I got off the grid altogether. As a result, all other businesses, charities, associations and organizations that would have contacted me for legitimate purposes now cannot contact me and cannot benefit from my normally generous nature.

This is not the type of consumer feeling we want to instill in our Web-based customers. If others mak e the connection I made, consumer trust of any kind in businesses on the Web is at risk.

The solution lies in your sense of ethics and professional conduct. You have as much responsibility for the privacy of others and appropriate use of data as you have for any other facet of the network infrastructure. For example, you probably have, or at least you should have, an explicit plan and policy for network security in place, likewise for the basics such as data backup. As network professionals, we spend our professional lives as the stewards of other people's data. The popularity of the Web exposes the fact that we have overlooked our most basic responsibility: the privacy of data.

What do you do when asked for the names of all the people who visit your intranet Web server's human resource department employee assistance page looking for information on drug addiction programs, or if asked for those who hit your competitor's help wanted pages? How are you or one of your employees expected to make that dec ision?

You need to recognize the issue and put a policy in place. Don't believe that what happened with the abuse of the telephone won't apply in cyberspace. Both networks are driven by anarchy. Abusers are largely undeterred by ineffective professional associations or government policy. Consumers and providers on both the voice and data network are left to their own devices to screen the information from the misinformation, the entrepreneurs from the hucksters.

Marketing folks are enamored with the Internet's abilities. They strive for a market of one for every product. That doesn't mean an infinite number of products, rather it means that they know every consumer intimately enough that a product's pitch, timing, delivery and content can be hyper-tailored to an increasingly smaller segment--ultimately a pitch designed in real-time just for you.

But many consumers don't want to be profiled. Let's say we do arrive at this Web-enabled commerce nirvana where we buy like mad over the Web. What happens if I've been profiled to the point that it is common knowledge among retailers that I have bought the latest and greatest outdoor recreational gadgets online. Now, as I browse for a handheld, waterproof, shock-resistant combination global positioning system and altimeter, what incentive is there to offer me the best possible price? After all, my history indicates that I will buy it regardless. In this case, the consumer's best interests have been profiled into oblivion.

My experience with the cold callers was really the abuse of two separate ethical situations. One, I should be free from harassment from unsolicited advertisements. Two, there should be a reasonable expectation that my right to privacy will be respected.

Solving the Privacy Problem Two Internet organizations have banded together to address this issue. The Electronic Frontier Foundation describes itself as "a civil liberties organizatio n working in the public interest to protect privacy"; and CommerceNet defines itself as "th e premier industry association for Internet commerce." Both recognize that the growth of consumer-driven commercial transactions on the Internet will be limited if there is a lack of trust in the way online business is conducted.

· think both parties realize that once trust is lost, people will use existing, or invent, ways to protect their anonymity and/or privacy. The effect of widespread distrust will be to limit growth and to limit the legitimate use of profiles.

The two groups are sponsoring eTRUST (www.eTRUST.org). The idea is if Web sites post their policies instantiated in a commonly accepted logo, consumers will know the ethics with respect to their personal data on the site. The basic guidelines for any site with the eTRUST logo bear review here:

· Disclosure of information. The service must explain and summarize its general information-gathering practices. The service must explain in advance what personally identifiable data is being gathered, what the information is used for and with whom the information is being shared.

· Communication monitoring. The service may not monitor personal communications such as e-mail or instant messages.

· Display of names and contacts. The service will not display or make available name or contact information unless it is explicitly agreed by the user.

Anarchy on the Internet greases the wheels of progress. It is vastly superior to regulation or other interference. However, it doesn't absolve us from responsibility. As stewards of the corporate network, we are responsible for the ethics protecting users' privacy.

Brian Walsh can be reached at bwalsh@nwc.com.