In the online world, privacy and security are often viewed as a tension pair. The advanced monitoring and threat detection systems that are the hallmarks of tighter cybersecurity, by necessity, require certain compromises on personal privacy, the argument goes.
But it doesn't have to be that way, according to Rick Buck, head of privacy with GSI, a merchant services company that eBay acquired last year.
"Certainly privacy by design is not just lip service at eBay," Buck said. "If the platform is not trusted by our consumer base, we don't have a business model, right? In many respects, we're very much a financial institution, right? So privacy, security is integral to what we do."
Buck and other privacy executives gathered at an event at George Washington University's law school to mark the occasion of Data Privacy Day, which counts eBay and Intel as official sponsors.
They stressed the close degree to which they work with the security and legal departments in their respective companies in a collaboration that seeks to develop compatibilities among those various interests that had once been considered in implicit conflict with one another.
"We may have a public policy tension between, you know, citizens giving up their rights in terms of security, but internal to our organization there's no tension between privacy and security," said Bob Quinn, AT&T's senior vice president of federal regulatory affairs and chief privacy officer. "We are extremely integrated and we have to be pretty seamless in how we approach it."
Some of that alignment comes from the sense that privacy and security are best considered as two sides of the same coin, Buck explained.
"Our definition I think is pretty textbook. Privacy is about how you use information and security is how you protect it and regulate who has access to it," he said. "It means the same thing regardless of whether it's online commerce or whether it's filling orders or merchant data or consumer data. It's all about protecting it."
To be sure, businesses continue to employ varying levels of data collection in the name of security that staunch privacy advocates might find intrusive. The privacy experts at Thursday's event noted that authentication techniques favored by security experts, in particular, can vacuum up more personal information than they are comfortable with.
And from a marketing perspective, compiling information about consumers' preferences into detailed profiles can be a lucrative trade - and a tempting proposition for ecommerce firms like eBay. But corporate privacy officers, increasingly, are making the case for data minimization, championing limits on the extent of information that companies collect and the length of time they store it.
According to Buck, the recent spate of high-profile data breaches has helped win support in some quarters of the business community that hadn't previously been inclined to shore up corporate privacy frameworks.
"In light of all the recent breaches that happened last year, I think one of the great things that came out of that was the fact that tried and true companies all of a sudden who thought they had great privacy policies and procedures and technology in place took a really hard look at what that looked like for them now," he said.
About the Author
Kenneth Corbin is a freelance writer based in Washington, D.C. He has written on politics, technology and other subjects for more than four years, most recently as the Washington correspondent for InternetNews.com, covering Congress, the White House, the FCC and other regulatory affairs. He can be found on LinkedIn here .
