Arun Marballi

Of late, Google, with its relentless march towards technological dominance (over even Microsoft � the erstwhile technological behemoth), has been facing mounting criticism regarding its practice of collecting consumer search data (perhaps even including data collected off your desktop if you have installed Google Desktop) � ostensibly for its use as a marketing tool. However, consumer protection protagonists have suggested darker motives and questioned Google�s sincerity in stating that it valued its customer�s privacy. Further, as Google continues to push its services in the form of free advertisement-supported online word processing, spreadsheets and other software applications that have hitherto been installed on our computers, their reach into the contents of our software existence will increase significantly. Consumer privacy and consumer data governance then becomes an important matter to consider.

Earlier this year around tax-filing time, many people in keeping with the trend these days of filing taxes online, used tools such as Turbo Tax. Now, if you have used Turbo Tax to file your returns for more than one year, you know that it is possible for you to access your tax filings from prior years. However, due to a glitch in the Turbo Tax software, it appears that a woman who was attempting to access her tax returns from prior years, found herself looking at returns of other people who shared her name. Although Turbo Tax has since fixed the problem, it highlights a need for corporations that maintain data owned by consumers to take the responsibility of protecting that data.

During the early days of the Internet revolution, the transfer of information was pretty much unidirectional � from a corporation�s Web site to our computers. With increasing use of online business-to-consumer (B2C) services offered in the Internet marketplace, the information highway has become a two-way thoroughfare. Consequently, more and more of our information have found its way onto corporate online data storage. Examples of this abound � picture sharing websites such as Snapfish and Yahoo Photos; Job search websites such as Monster.com; online community sites such as FaceBook and MySpace; Web sites of retailers who have an online storefront � all of these Web sites hold an increasing amount of information about us. The question then remains � How do these corporations take care of our information, what safeguards do they have in place, what is the recourse if the information were to fall in the wrong hands? These questions point to the discipline of consumer data governance.

Consumer data governance refers to an individual/organization�s care and protection of consumer data entrusted to them. The fact that much of this consumer data can be used to facilitate identity theft and identity theft directly translates to financial loss; it goes without saying that this form of data warrants the same level of care and protection as consumer finances.

The issue at hand is that there is no industry regulation in place for consumer protection and the industry has not embarked on a path of self-regulation either. Most consumer data governance happens because corporations would prefer not to attract any adverse publicity from a data loss or have to deal with any consequent consumer backlash. There are, however, no standards or codes in place and each corporation addresses this at a level commensurate with its internal policies and priorities. Obviously, some companies do it so well that they can be considered as setting the standard for the rest of the industry to follow; while others may do the least bit possible to avoid any mishaps.

The credit card industry, because of its closer links with consumer finances, offers the greatest regulation, but even in this industry, organizations that process credit card transactions are not regulated enough. The recent TJ Max incident exposes how fragmented this regulation is. The state of California, in its typical pioneering fashion, has recently embarked on a new legislation for creating new data security and breach notification requirements. Perhaps, other states will follow suit and establish a strong layer of security for securing consumer credit card data. And maybe the information management industry will take a cue from the credit card industry and establish a strong set of regulations for effective governance of consumer information as well.

Arun Marballi has worked in the Information Technology arena for more than 20 years with extensive experience in software development, process design and network/workstation management. For comments, questions, tips or suggestions, e-mail [email protected].

Home