Google's announcement last week that it is tracking the websites people visit to "infer" their interest is likely to ratchet up interest in online behavioural profiling.
Many firms, notably retailers, use loyalty programmes to capture details about how people do business with them. More recently, the government proposed to allow government departments to share citizens' data. And from next month internet service providers will have to store records of all electronic communications.
Whether it is big businesses or government, the reason given is the same - to serve and/or protect customers better.
But justice minister Jack Straw was forced to withdraw enabling legislation to allow the government to share personal details. In the US, the Federal Trade Commission issued guidelines for the use of behaviour-targeted marketing. In the UK, the Internet Advertising Bureau has been discussing how best to do it here.
Why should CIOs care?
Firstly, the Data Protection Act places a duty on their employers to keep personal information safe. The information commissioner is increasingly able and willing to punish transgressors.
Secondly, criminals collect people's personal details because of potential blackmail opportunities they may reveal. It is more efficient to blackmail a highly-placed but compromised individual into stealing a company's secrets than trying to hack its network.
It is tempting to think that behaviour profiling will tell what people will do next. This is false. Given some sophisticated probability modelling, it may allow a better guess. But it also risks a backlash against what consumers may well see as an invasion of their privacy.