SAN FRANCISCO — When it comes to federal regulation of personal privacy information, the U.S. is a bit like the Old West.
The closest the federal government comes to a privacy regulator is the Federal Trade Commission, said Joanne McNabb, chief of the California Office of Privacy Protection, which was the first state-created agency dedicated to consumer privacy rights when it opened in 2001.
"In the United States we don’t really have a comprehensive regulation of personal information privacy — this contrasts with a lot of the rest of the developed world, where they do have a comprehensive approach," said McNabb, who participated on a panel focused on privacy issues during the first-ever Inman News Data Summit, held July 25-26, 2011.
And complicating privacy is the fact that we are "living in the public square," due to the march of communications technology and the widespread sharing and dissemination of personal information, said Terence Craig, a panelist who is CEO for Pattern Builders, a data analytics firm.
"It’s very hard to have real privacy unless you want to drop off the grid, and I don’t think most people are willing to give up (their participation in online communities)," Craig said.
The panel discussion, "With Big Data Comes Big Responsibility: Why Privacy is a Big Deal," highlighted some pressing issues surrounding the use and abuse of consumer information, such as the likelihood of federal legislation to enhance privacy protections. The National Association of Realtors has a stake in those federal discussions, as new privacy laws could impact how real estate firms monitor, collect and share information about consumers using their websites and services.
"The reality is that online privacy is increasingly in the attention of Congress" and the public, said Nicole Ozer, director of technology and civil liberties policy for the American Civil Liberties Union of Northern California." Laws, she said, "have not necessarily kept pace" with the fast adoption rate of technology, and "so many people are using so many services there is starting to be a confluence of energy and attention around some of these services."
And just as more companies are seeking ways to monetizing the massive amounts of data they’ve compiled, there is also a growing awareness by consumers about "how their information is being collected, how it’s being used, how it’s being maintained," Ozer said.
As privacy laws and regulations evolve, navigating privacy protections is "going to be quite complicated" and potentially costly, said Michelle Dennedy, founder of The iDennedy Project, a privacy and security consulting company. She noted that California is among the states to have legislation providing for notifications in the event of a data breach involving personal information.
Dennedy said that real estate consumers concerned about privacy can take steps to anonymize their home, such as changing the decor in order to avoid revealing details in online photographs about children living in the home, for example.
Ozer noted that there can be trade-offs in revealing some personal information online, and that a good privacy gauge for companies is whether consumers would be surprised about information that is revealed about them — whether or not that data and information was publicly available.
"What I’ve seen is people don’t like surprises," Ozer said, and she said that companies creating new business models should give serious attention to privacy issues.
McNabb noted the important distinction between "being in a public place and being reported in a public place," for example. "Walking on the street — yes, I know I’m out in public. If I’m being recorded, that’s different. And that isn’t what I expect being out in the street."
While there are some clear lines in information "that’s clearly private (and) data that’s clearly public, there is a difficult area in the middle" that companies must wrestle with, said Jim Adler, chief privacy officer and general manager of data systems for Intelius, which offers people search, background checking, and identity protection services and tools.
There is "shared information, or information someone might have the expectation of privacy but there’s no harm that can come from it" to consider, he noted. Existing privacy regulations in the U.S. are mostly "harms-based," focused on potentially harmful releases of private information, and he said that for the real estate industry and other industries he sees opportunity to make privacy protection a company asset. "I think privacy can be something that you actually compete on vs. something that you get bludgeoned by."
His own company, which he described as a "voracious procurer of information about people," has engaged in talks with some of its toughest critics, he noted, to get input in shaping the company’s own strategies related to privacy.
Ozer cited the phone-hacking scandal involving Rupert Murdoch’s media empire as an example of how damaging the charges of privacy violations can be for a company.