Q&A: Cisco privacy chief Michelle Dennedy argues privacy can, and should, be ethically leveraged

By Byron V. Acohido

It’s truly amazing that we need pay no subscription fee to use Web mail or Web search, nor to participate on Facebook or Twitter or partake of countless other social media websites and Web apps.

But make no mistake, these empowering online services are not truly free.

Related: California’s privacy law returns control of personal data to individuals

The price you pay is your personal privacy. Every move you make online is routinely logged, stored and data-mined by companies aggressively seeking to profit from profiling individual Web users.

Meanwhile, the definition of personal privacy—namely, the right to be left alone that was shaped and widely honored before the arrival of the Internet—has been dismantled in our Internet-centric society.

Last Watchdog sat down with Michelle Dennedy, chief privacy officer at Cisco, to discuss the wider context and go-forward implications. (Text edited for clarity and length.)

LW: Are businesses taking too much advantage of the absence of online privacy?

Dennedy: We have not come to a common cultural definition, and certainly not a common financial definition, of privacy. When I say privacy what I mean is the authorized processing of personalized information according to fair principles. Now wrapped in that functional definition are all kinds of opinions and biases. So the right to be left alone is part of authorizing how information about you is stored and processed. And the commercial aspect of that has to do with who owns what data.

LW: Aren’t those lines blurred?

Dennedy: They’re more and more opaque to the individual. You don’t know who has access to information about you, who has made observations about you, or who is making statements that may impact you. Today it’s coming full circle. We’re starting to talk about what organizations need to do to prepare themselves for increasing demands in a multicultural world where people want to be assured that their data is being treated with respect.

LW: From the corporate perspective, what are some myths about online privacy that need to be addressed?

Dennedy

Dennedy: We think that because it’s cheap to buy the hardware to store information, and the processing power is exponentially cheaper than it once was, and we’re all carrying super computers in our pockets, that we can just grab information really quickly. We’ve devalued data and made it feel like it might be fast food. But the reality is, data is nourishment for our businesses.

And so if our businesses take the view that information is cheap, easy and worthless, they’ll treat information about their employees and customers as cheap, easy and worthless. And then you start to see cataclysmic levels of breaches because we’re not curating our information and treating it as if it’s an asset that’s worthy of curation.

LW: Cybercriminals have certainly figured out the value of stored data.

Dennedy: I love the word value. We as individuals believe in determining our own reputation, our own life story. But we also value building sustainable companies that have enough cash currency, as well as informational currency, to grow. … As we build out the Internet of Things, we should also think about building the Internet of Experiences. But you can’t build an Internet of Experiences unless you really build in privacy protections.

LW: Right now there are a lot of creepy experiences. Why do I need to turn over virtually everything on my phone to use an app to tune my ukulele?

Dennedy: So let’s take that ukulele app. It may be that by downloading all of your contacts, that app developer has a slightly higher chance of getting to a couple more people who happen to play the ukulele—if they pinged all of your contacts.

However, it’s inefficient and wasteful for them to probably creep out all of your friends when they do that. And what they’ve done is acquired more risks. If they were to lose your contacts, they’re going to have to pay for breach repair, and they’re going to have to deal with bad press.

And why do they need all of your data in the first place? The answer is, they don’t. Maybe they want stickiness for their app, or they want to resell their customers, who are devoted ukulele fans, to a larger company. They need to think through what they really want to know about you and how to get what they need in a way that delights the customer. Maybe do a survey.

LW:  So business models built around users making informed choices about use of their personal data?

Dennedy. Owning and curating data is going to start being recognized as being expensive again. We’ve seen a lot of activity coming out of Europe. The Safe Harbor decision alone has really thrown the world into an uproar. And here in the U.S., having a misstep in privacy is no longer a small offense. If you mess up and the FTC catches you, that can cost you millions of dollars over 20 years.

Also the requirements to recover after a major breach are becoming prohibitively expensive. The notion once was ‘Data is cheap, we don’t really know what it’s for yet, but we might use it later, so we’ll store it as an uncurated asset.’

On a balance sheet, an uncurated asset is known as a liability. By its very nature you are not in control of an uncurated asset. We’re going to start to see more companies wake up and recognize that an uncurated asset equals a liability, while a curated asset equals opportunity.


(Editor’s note: This article also appeared in ThirdCertainty.com.)

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone