Choose your language:

Hong Kong
New Zealand
United Kingdom
United States
hand pulling back red curtain

How a celebrity hack became a hook for the privacy debate

September 18, 2014
By Charles Ellison

Just when you thought the hacking of private celebrity photos would be confined to tabloid headlines and Twitter chatter, Congress moves into the conversation. It’s yet another tipping point that’s getting politicians to pay more attention to the Big Data and digital privacy debate.

No pun intended, but before sensitive pics of A-list celebrities were circulated, the debate on privacy apparently hadn’t been that sexy enough for Congress to get really lit up about it. But something about this latest episode was a great enough hook to push lawmakers into action. “Next time it won’t be celebrity secrets but students’ educational records that rain down from the cloud for the world to see,” said Sen. Ed Markey (D-MA) in a statement last week as he teamed up with Sen. Orrin Hatch (R-UT) on a bill that would protect student data stored by private companies.

“The compromise of celebrity information should signal the beginning of a big debate on how to strengthen the protections of American children’s most sensitive data that is now being stored in the cloud,” Markey continued while promoting the Protecting Student Privacy Act (PSP Act). “We need to pass student privacy legislation that requires companies to put in place data security safeguards that protect information they house about our children in the classroom.”

It’s more than just student records. Markey and Hatch are finding a way to connect the dots between what’s still largely a dearth of public knowledge on the policy aspects of the digital privacy conversation. But consumers, however, are much more aware of privacy issues and are looking for protections in an increasingly complex digital environment. Forrester analyst Heidi Shey drives this point in a recent research note:  “Historically, privacy concern has not resulted in action. Today, we are near the boiling point. Consumers are more likely to take steps to protect their privacy and express a willingness at work to tackle -- either on their own or with guidance from their employers -- basic security and privacy controls for personal devices that they use for work.”

In this sense, Congress will be looking for creative ways to get ahead of the issue before they are overwhelmed by a wave of frustrated constituent complaints. If it takes plugging an E! Channel headline, then so be it. Even after the Target and, more recently, Home Depot breaches, there hasn't been any real public outrage or movement. The absence of a very heated public response reflects a cost-of-doing-business attitude.

Most interesting, however, is how the celebrity pic hook acted as a spotlight for the PSP Act (it occurs to me that a gamer must have come up with the title) doesn't completely align with or tell the whole story of the act’s intentions. The bigger issue sheds light on the struggles of organizations that hold large amounts of consumer data: How will they continue to do it? The PSP Act could have far reaching implications beyond just student data.

In December of last year, Forrester’s Fatemeh Khatibloo was discussing contextual privacy and how companies would need to ensure that “the collection and use of personal data is consensual, within a mutually agreed upon context, for a mutually agreed upon purpose.”

Almost a year later, Khatibloo is focused on an era of consumer-managed data in which consumers completely control their personal data destiny. “Regulators, advocacy groups, and increasingly savvy consumers all want to shift the balance of control over consumer data. A new ecosystem is evolving as a result, and organizations need to prepare for a period of friction and possible loss of access to first- and third-party customer data.”

That could be the case—and it could be just as driven by generational demographics as it is by business imperatives responding to consumer demands. A recent Bankrate survey shows 63 percent of millennials (people aged 18-30) admitting they don’t own a credit card, with many saying they don’t want it. If the trend persists, that could also be one sign of millennial attitudes toward use of their data since credit cards are an integral component of the consumer data era. 

It’s not entirely clear if Congress has considered or caught up with consumer-managed data aspect of the discussion. But in the meantime, a consumer-managed data climate could present both dilemmas and opportunities for vendors who provide InfoSec services and data storage expertise to major retailers and other companies holding massive amounts of data.

Charles Ellison is a senior analyst relations strategist for TEKsystems. He keeps close tabs on changes and public policy shaping the innovation space. He is also a former congressional staffer, senior aide to state and local elected officials and an expert advocacy strategist. You can reach him with questions and comments @twoARguys via Twitter.

Blog Archive