The privacy environment is heating up. Its theme in 2015 could simply be “watch this space,” but I’ll flesh that out a little more. I see three areas that could well affect your data programs into the new year and beyond:
New default settings on consumer oriented devices.
In the past, security has not been the default for consumer devices. Encryption was turned off. SSL was an option you could enable, but it was not required. Passwords were not enabled right out of the box. In short, insecure was the default. This phenomenon is changing, however, as device manufacturers begin to take a more active stance on making configuration choices for their users based on public sentiment. You may have noticed that much has been made of Apple beginning to encrypt users’ phones by default in an effort to make security conscious choices for their customers without requiring any effort on the part of the latter. Even the FBI is complaining loudly to Apple and Google and other device manufacturers, saying that the agency’s efforts to thwart lawbreakers, catch child pornography predators, and intervene before terrorist attacks is threatened by the fact that it would have no way of looking into people’s phones, their usage history on the phone, and any pictures or data in the storage areas of those phones or tablets. Tim Cook and Larry Page basically said, “tough cookies,” and this attitude is reflecting the current mood of the general populace—a non specific but still present unease about shadowy agencies being able to eavesdrop on just about everything you do or see on a device connected to any sort of network.
Effects: If social media apps follow in the footsteps of device manufacturers and choose to limit certain types of sharing by default, you need to keep abreast of any changes. If there are changes, make sure you clearly communicate with users how their experience with your organization will end up better if they allow sharing of activities and behaviors with your company.
The government is getting interested in how private companies are collecting data and managing privacy.
Effects: The technology will always be two steps ahead of the regulation, and the regulation will always be two steps further into the breach than is necessary. But keep a careful watch in order to stay on the right side of the government.
Do not track and do not follow.
While the standard has been declining for a while because no major players are really enforcing the standard or participating in honoring the requests, I predict that in 2015 this standard and movement will receive renewed attention. On new laptops, desktops, and tablets, the browsers—Internet Explorer, Firefox, Google Chrome, and Safari are the major ones—will likely both support the option to enable the do not track HTTP header and also attempt to highlight sites that do honor the request, in the same way extra secure and name verified HTTPS SSL certificates are highlighted by a green section of the address bar when you visit websites that use them. Google Chrome may well be the last of the major browsers to support this type of functionality given the company’s dependence on advertising revenue, but eventually they will give in. Microsoft is supporting this in all versions of IE 9 and 10 that are still supported, and users can even verify this on a dedicated web page.
Effects: Giving users a choice means that some users will exercise that choice. If your users express a preference not to be tracked, it is important to honor it. Privacy is important, regardless of your larger data collection program.