"Anyone who thinks the privacy issue has peaked is greatly mistaken," said Jay Stanley, analyst at Forrester Research. "We are in the early stages of a sweeping change in attitudes that will fuel years of political battles and put once-routine business practices under the microscope."
Forrester says wireless location-based services will increase the volatility of the privacy debate because mobile devices extend the step-by-step tracking practices of the Internet to the monitoring of individuals' movements in the physical world. Only 6% of North Americans have a high level of trust in how Web sites handle their personally identifiable information (PII), and seven in eight express interest in legislation protecting Internet privacy, according to the report.
The report goes on to say that existing legal protection of location-data privacy also falls short, further heightening consumer security concerns. While carriers tout support for federal regulation, they are pressing the FCC for a vague interpretation of "opt-in" that lets them secure consent in the fine print of larger documents like service agreements or on-screen "click-wrap" agreements. This obfuscation -- and the FCC's likely partial support of it -- only inflames consumers' privacy fears, the report says.
"Wireless is the next battle. Successive waves of new technology and the growing complexity of privacy regulations will keep the privacy issue from going away," added Stanley. "Privacy will become the main countervailing force against the Information Revolution and its radical effects on the free flow of data."
Forrester says the whole-view approach to privacy should include the following steps:
- Firms must recognize privacy as a core business issue that, together with customer relationship management (CRM) strategy, dictates how customers are treated. Then, firms must conduct a top-to-bottom reassessment of their policies, practices, and exposure on the privacy issue.
- Companies must name a high-level person to orchestrate the effort to tackle the issue -- a chief privacy officer (CPO). The CPO should be accountable on privacy issues, have a broad view on how the company operates, and have the clout to stop dangerous activities.
- Companies must then assemble an accurate and comprehensive picture of their existing information practices. This is the most onerous step toward a systematic approach to privacy. It requires a top-to-bottom assessment that reaches across divisions and business partnerships to document fully what information is being captured, how it is being used and secured, and how it complies with existing regulations.
For the report, Forrester says it spoke with legal, academic, and industry experts on the issue of consumer privacy, as well as 20 wireless application developers, content providers, and carriers.