Google's announcement last week that
it is tracking the websites people visit to "infer" their
interest is likely to ratchet up interest in online behavioural
profiling.
Many firms, notably retailers, use loyalty programmes to capture
details about how people do business with them. More recently, the
government proposed to allow government departments to share
citizens' data. And from next month internet service providers will
have to
store records of all electronic communications.
Whether it is big businesses or government, the reason given is
the same - to serve and/or protect customers better.
But justice minister Jack Straw was
forced to withdraw enabling legislation to allow the government
to share personal details. In the US, the Federal Trade Commission
issued
guidelines
for the use of behaviour-targeted marketing. In the UK, the
Internet Advertising Bureau has been discussing how best to do it
here.
Why should CIOs care?
Firstly, the Data Protection Act places a duty on their
employers to keep personal information safe. The information
commissioner is
increasingly able and willing to punish transgressors.
Secondly, criminals collect people's personal details because of
potential blackmail opportunities they may reveal. It is more
efficient to blackmail a highly-placed but compromised individual
into stealing a company's secrets than trying to hack its
network.
It is tempting to think that behaviour profiling will tell what
people will do next. This is false. Given some sophisticated
probability modelling, it may allow a better guess. But it also
risks a backlash against what consumers may well see as an invasion
of their privacy.