“PII” also means “Privacy is important”

In the technology industry, “PII” stands for “Personally Identifiable Information.” However, anyone who provides technology to customers should also think of it as standing for “Privacy Is Important.” Two important events this week—one regarding Google and one regarding Facebook—underscored the importance of this and served as reminders of how important protection of privacy is to mainstream adoption of technology.

Protection of privacy has proven vital to technology adoption

security-icon-bigFrom its inception, use of Information Technology (IT) presented the potential for enormous productivity and convenience benefits. However, this potential was not realized on a widespread basis until technology companies packaged technology into products that were 1) easy-to-use and 2) safe-to-use.Everyone remembers that making technology easy-to-use is vital to success. Fewer remember that making it safe-to-use if vital to making it a success on a ubiquitous basis. However, one only has to look at a few examples to see how important protection of privacy and security has been to the widespread adoption of IT:

  • “Techies” were happy using the World Wide Web to browse for content. However, mainstream use by families did not occur until Parental Controls became readily available.
  • Consumers were comfortable using the Browser to look for information. However, they not comfortable using it for commerce until use of SSL and multi-step authentication became standard.
  • Companies were interested in using mobile devices to provide greater productivity to their staff. However, they did not do this on a widespread basis until they had access to enterprise technology that enabled them to fully control mobile access to company data.
  • Students widely enjoyed sharing information about themselves on social networks. However, the broader public was not comfortable doing this until companies enabled social network members to control who could see their information.

This is because your identity is your most important asset in an information economy

These are just a few examples. However they underscore the importance of enabling people to protect their identity and personal information when using connected (i.e., online and mobile) information technology. This is because of circular phenomenon:

As use of IT has become more widespread, we have become an Information Economy. In an Information Economy, who we are—and what we know—is our most important asset. Protection of this asset is paramount to each person’s value. As such, the ability to protect the privacy of our information vital for continued expansion of the technologies enabling our Information Economy.

Two events this week highlighted sensitivity to privacy

Two rather public, albeit very different, events this week highlighted our sensitivity to protection of privacy and PII:

Google announced their successful defense of Gmail accounts to penetration attacks origination from IP addresses in China. This led to reinforcement of their commitment to protecting Gmail accounts in pursuit of their mission of making information useful; something met with broad mainstream approval.

At CES, Facebook suggested that consumers “no longer cared about [their] privacy.” While on face value this appeared to marginalize the importance of privacy, upon more care reading it actually highlighted the importance of enabling people to control sharing of different levels of information for distinct purposes.

These remind us what we need to do to protect privacy and PII

These two events—and the reactions of everyone from technologists to reports to mainstream consumers to them—serve as a reminder of what we need to do to protect privacy and foster widespread adoption of technology:

  1. Assume all information you customer provides you is private unless explicitly told otherwise.
  2. Secure access to this information—both with technology and policies for access control
  3. Enable your customers to determine who can see what information about them and when and how they can see it.

If you do this, you customers will feel safe and comfortable using your technology (for more thoughts on this, see my prior post on “Creating Safe Environments for Staff and Consumers.”) This will leader to wider and deeper adoption of it and growth of your market. (It is also, quite simply, this is “the right thing to do.”)

Are we approaching the point where this needs to be a global standard?

The rise of the Internet increased use of IT in everyday life several thousand-fold. The rapid adoption of more and more powerful smart phones (and their connectivity to everything from bank accounts to corporate systems to social networks) is increasing our connectivity (and access to private information) even faster.

As such, it may be time to create simple, but effective overarching standards for general protection of PII. (Similar but what the US government did for health care with creation of the Privacy Rule in HIPPA Part II in 2003.) The benefit of this is that all consumers would have much greater trust in their privacy, leading to increased adoption of IT—regardless of vendor or application. The price would be industry-wide increases in cost due to compliance and validation. The trick would be to develop a standard that encourages the right outcomes—without unduly restricting speed and innovation.