As the executive director of the Electronic Privacy Information Center, in Washington, D.C., Marc Rotenberg is intensely focused on protecting your privacy. But in this age of counterterrorism, RFID tracking, and one-to-one marketing, Rotenberg seems, at times, to be overmatched.
CIO Insight: How big is the privacy problem?
Rotenberg: We've always focused on emerging civil liberties and privacy issues, particularly related to the Internet and new technology. But we think that in the 21st century the protection of privacy is going to be as big a challenge for our information economy as the protection of the environment was for the industrial economy of the 20th century. In the post-Sept. 11 world, we have the U.S.A. Patriot Act, police searches, and a whole host of new surveillance technologies being funded by the Department of Homeland Security, while innovative businesses are finding new ways to market to people based on personal information. These issues are enormous.
What responsibility do businesses have in the effort to protect personal information?
I think they have an enormous responsibility. It's a very simple equation. It's the responsibility that results from the collection of personal information. If you are in a business where you're not collecting much personal data, then the privacy folks will likely leave you alone. But if your business model is based on the collection, compilation, profiling and sale of personal datayes, we have a real interest in what you do.
Do people own their personal information?
I think just from a common-sense viewpoint, most people would say that they should have the right to control the use of their personal information. Now there are conditions where we give information to others that are perfectly reasonable. If a bank is trying to decide whether or not to give you a home mortgage, they're going to ask you for a bunch of financial information in order to make a good determination.
But to imagine that means that somehow the bank, in taking that information, has the right to turn around and sell it to others is, I think, completely wrong. Even if it is public-record information. Public information is public to enable oversight, not to create these detailed profiles on American consumers.
What about the belief that the flow of personal information between businesses greases the economic wheels of America?
Well that grease is turning to gravel. And I say that because of the enormous problem we're having today with identity theft. I think it's very difficult for the private sector to say that the unregulated use of personal information isn't causing economic harm to the U.S. economy. We lost $50 billion in 2004 as a result of identity theft. We now have people turning away from online commerce because of privacy concerns. So I think we need to look at that much more seriously than simply saying it's okay to have all that data out there because it's good for the economy.