Something Else For The IT Profession To Fret OverSomething Else For The IT Profession To Fret Over
Let's hope IT isn't blamed for the way companies implement federal privacy requirements
![information information logo in a gray background | information](https://eu-images.contentstack.com/v3/assets/blt69509c9116440be8/bltc0182b2356ae8eed/64b83949410a1b4c0bd7459b/IW_generic_image.png?width=1280&auto=webp&quality=95&format=jpg&disable=upscale)
One of the things about being a CIO that's hard to explain to someone who isn't in the IT industry is the feeling of almost always being on the defensive. You walk into a meeting and more often than not, someone comes over and complains about your department or some business difficulty that isn't even remotely your fault. It doesn't matter what you say, you're stuck with the blame; the IT group is a convenient foil for any and all problems.
It used to be that if something was your error, you'd apologize and say you'd do your best to fix it. If it wasn't, you'd shrug your shoulders and explain that you were giving users exactly what they'd wanted, as foolish as it might have been on their part to demand it. Recently, however, there's been a lot of discussion about the ethical responsibilities of the IT profession with regard to individual privacy.
Most of us accept that we have some accountability for what's done with the systems we build and the data we massage. The result is that in addition to the standard defensive paranoia, CIOs now suffer from pangs of guilt for things they only touch peripherally. It isn't a pretty picture, but it's the way things are.
Perhaps it's for this reason that I paid so much attention when Cindy and I began receiving with our credit-card and department-store statements little pamphlets with names such as An Important Notice About Your Account or Regarding Your Privacy.
All the pamphlets start off by telling us how concerned the companies sending them are with our rights as customers. We were impressed--how thoughtful of our friends at Mega-Bank to care. What followed were six or seven pages in typeface so small that it wouldn't have been out of place to have a magnifying glass enclosed with each booklet. In all of that fine print, however, there wasn't room to mention that our buddies were disclosing this information because the law makes them do so.
The 1999 Financial Modernization Act requires that by July 1, 2001, companies give you the option of protecting your privacy by telling them not to share your personal information with other entities. The law also lets companies continue their existing practices unless customers specifically notify them to stop what they're doing. Naturally, many of the companies aren't interested in eliminating the extra revenue they receive from peddling your data. Therefore, most of the material we're all receiving in the mail is as convoluted as possible.
I know that the IT people in their companies have had little, if anything, to do with the form and substance of these disclosure statements. I also know that if legislators and their constituents take exception to this half-hearted implementation of the law, it would bring into question the role of the IT professional in aiding and abetting this farce. And I don't like the idea that IT people may be viewed with suspicion or perceived as nothing more than robots following orders in what's done with customer data.
It's possible most people won't care. On the other hand, perhaps we'll see learned articles in The New York Times and The Wall Street Journal about what society should do to ensure that our privacy isn't compromised. The Times and the Journal may even agree with each other, much to their mutual chagrin.
In any case, it's amusing to contrast how the companies tell us of our rights and how they try to sell us something with those cute little product stuffers. The privacy pamphlets come with no return envelopes or easy-to-fill-out forms to remove your name from their marketable mailing lists. The worst one had the necessary information about how to communicate to them that we don't want our names distributed buried on page 5. The instructions were only somewhat more difficult than the assembly instructions that come with an 8-year-old's bicycle.
Being undaunted by semi-impossible tasks (I was once a project manager), I decided to take them up on their offer. I wrote a note saying I didn't really know all the details I had to give them (what's my account type?) to avoid blasting my personal data all over cyberspace. I added that it must have taken them quite some time to figure out such an obscure way of notifying their customers of their rights.
I explained that I wouldn't want them to go through that trouble again for me and perhaps they could just take what information they needed from my credit card, which I gave them in multiple pieces. I may not have followed their instructions exactly, but I hope they got the message.
Herbert W. Lovelace shares his experiences (changing most names, including his own, to protect the guilty) as CIO of a multibillion dollar international company. Send him E-mail at [email protected] and read his online column at information.com, where he will provide real--and sometimes whimsical--answers to your questions.
To discuss this column with other readers, please visit Herb Lovelace's forum on the Listening Post.
To find out more about Herb Lovelace, please visit his page on the Listening Post.
About the Author
You May Also Like