Well, despite the fact that “Do Not Track” did not end up making it into the bill John Kerry and John McCain recently introduced to Congress, it still seems to be getting to be a hot time for the concept. Indeed, not only is West Virginia Senator John Rockefeller considering introducing a “Do Not Track” bill himself, but the battle continues over California’s “Do Not Track” law that we mentioned had been introduced not long ago… [Washington Post - Rockefeller Bill | Sacramento Bee - California Bill]

And while we’re talking about what’s going on in Washington, perhaps you remember that tomorrow is the big day for location privacy on Capitol Hill. Specifically, Senator Al Franken had convened a hearing on location-tracking and the recent revelations from Apple and Google regarding such tracking. So, naturally, Apple will be participating, sending its VP of Software Technology Bud Tribble to handle the Committee’s inquiries… [CNET]

But all this activity and interest in the area of digital privacy is probably not a bad thing, considering that consumers really had no legislative protection for/from the recent serious security breaches of Sony’s Playstation Network and Online Entertainment Network, as well as that of Epsilon, the email provider for a number of major businesses, and others… [NY Times]

Oh, and about that Sony breach…apparently Sony may not have seen the last of those skilled hackers (or others, for that matter)… [CNET]

Perhaps you heard a couple weeks back about the Gawker security breach, through which tons of registered users’ information was culled and posted publicly on the web for anyone to download. Well, apparently the same thing happened recently with Mozilla’s add-ons site… [SecurityWeek]

After such a year in online privacy, everyone should be acutely aware of the dangers of oversharing, or at least doing so publicly. In that spirit, here’s a reminder to check out what Facebook applications you have given access to your account over the last couple of years. Even the ones you don’t use could be sharing your info… [All Facebook]

Naturally, after a report in the Wall Street Journal recently about how iPhone apps are collecting/sharing personal info, Apple and a number of app makers have been hit with a class action suit alleging privacy violation… [Apple Insider]

Finally, here are a couple of articles taking a look back at all of the online privacy threats we saw/experienced in 2010, in case you missed any of them… [CNET | PC World via Network World]

The International Association of Privacy Professionals has named 2010′s Top Privacy Innovators. Among them are Microsoft, Symcor, Inc. and Minnesota Privacy Consultants [Press Release]

Yesterday, we highlighted a recent “study” that showed 20 of the 30 Android apps surveyed were “misusing personal info.” Well, if you’re interested, here are some tips to combat that practice [PC World]

Might Facebook and Skype teaming up have privacy implications? [Slate]

In other POTENTIAL privacy problems – Google has now expanded its Street View efforts to all seven continents, including Antarctica [PC World]

Scribd may have a minor privacy problem on its hands now that it has partnered with Facebook for instant personalization based on a user’s Facebook likes – there’s no way to opt out either via Scribd’s site or via email [Wired]

I’m sure you remember the Google engineer we mentioned the other day who was fired for “spying on” a handful of underage teenagers Google accounts – well, in addition to having been fired, he could now be headed to prison (though, if anything, it’d more likely be a fine)… [Gawker]

A new Harris survey has revealed that four out of five people want to keep their computer files private from others. This, of course, seems kind of obvious (to me, anyway), and I’m not sure it’s quite the same idea as privacy on the web – where really, you’re concerned about controlling the visibility of the information you voluntarily share, but I suppose it’s related enough [PC World]

A Syosset, NY company that sells “monitoring software” to parents has reached a settlement in lieu of litigation over a privacy breach (mining the content teens were viewing to sell to marketers) [MediaPost]

The big news in privacy today is that back in July, Google apparently was alerted to an employee who was “spying” on four underage teenagers’ Google accounts (including their Google Voice call logs, contact lists, and chats) and fired him [Gawker]

And apparently, he’s not the only employee Google has had to dismiss on such grounds… [TechCrunch]

Elsewhere in Google privacy “news” – in response to criticism from the Taiwanese Consumer Foundation, Google Taiwan said it will blur the faces or license plates of any users it may have missed. Although, the foundation would also like Google to eliminate cars and people from Google Street View in Taiwan completely… [Focus Taiwan News Channel]

One of the big topics at the Internet Governance Forum this year is, surprise surprise – “privacy,” and one of the issues already discussed was whether or not there should be a time limit on how long companies’ can hold personal data [San Jose Mercury News]

One concern about the future of the mobile web, according to internet “founder” Tim Berners-Lee is privacy, and the solution is to “re-adjust our ideas about privacy”…sounds familiar… [ReadWriteWeb]

This one’s not about online privacy, but still electronic privacy – apparently a preschool out in the San Francisco area is planning on issuing all of its children shirts equipped with “electronic locator devices” so teachers can “monitor their whereabouts” and even what they eat… [Contra Costa Times]

[Editor's Note: This post comes to you from Digital Breakfast friend, Andy Harrison - President of the NY-based mobile gaming company, Clout Mobile and Principal of the digital strategic research company, Sixth Man Consulting. Feel free to follow Andy on Twitter, here]

“Six Blind Men and the Elephant”.  It’s the story that I keep going back to when data privacy is discussed.  There are too many issues and too many constituencies to create a simple, all-encompassing explanation.

Privacy is one of today’s “hot button” issues as technological advances have enabled increased access to, accumulation and manipulation of data on an unprecedented scale.  Further, there is a growing societal need to share almost everything; Geolocation services like Foursquare and sites like Blippy and Twitter being but a few examples.  There also seems to be a generational divide where, as a rule, those under 30 share anything about themselves without thinking twice about it.

Where do you draw the line?  How do you protect yourself, if you want protection?  How much should Government regulate or legislate?

We are in a constant state of flux as paradigms get obliterated or reinvented at a dizzying pace.  It gets more complicated because we are in a situation where the vast majority of our world’s decision-makers (government and business) still remember using pay phones, black-and-white televisions and transistor radios.  Wrapping their minds around today’s technology and the accompanying issues is a stretch for most.

So what else is new?

Technology has constantly been challenging privacy.  Thirty-five years ago, it was argued that privacy and security were dead because of the copy machine.  And years before that, it was photography and film.

What is new is the pervasiveness.  Not everyone had immediate access to a copier.  Not everyone had cameras. To understand what is happening, it is important to take a step back to 1)define the components of data privacy, 2) look at some current external pressures and 3) consider data-related key issues for corporations that use data (okay, that’s everyone).

And when you try to absorb everything about data privacy, you can feel like a blind man encountering an elephant.

Two Components

Effective data privacy is a combination of preventing self-inflicted damage and stopping attacks from the outside.  At its root, a company’s data privacy policy has two components.

Individual Privacy – Ensuring that Personally Identifiable Information (PII) is used properly during the regular course of business.  This focuses on how a company uses PII; particularly organizations that meld data from multiple sources and mine it to produce customer insights.  The big challenge here is defining the word “properly.”

Data Security – The means of ensuring that PII data is kept safe from corruption and that access to it is suitably controlled; particularly important for organizations that store and protect massive amounts of personal data (Data Centers, Big Pharmaceutical companies, financial services organizations, credit card processors).

External Pressures – The Current Environment

Shaping data practices and data privacy policy is not done in a vacuum.  Here are some key trends/considerations.

–  Organizations like the Consumer Federation of America, the Electronic Privacy Information Center, the Future of Privacy Forum and the Center for Democracy and Technology are becoming more vocal about all facets of individual privacy and data security.

–  The regulatory environment has not kept pace with the advances in technology and data analysis and practices, but that is changing (e.g., new laws in Massachusetts, Sen. Boucher’s Consumer Privacy Bill). More strident controls will change the landscape.

–  There are key concerns – ethical, legal, etc. – being raised regarding the ability to transform anonymous data into identifiable consumer profiles

–  Data Security is perpetually vulnerable because of technological advances.  Hackers are always one step ahead of programmers and the law.  While there are significant benefits to leveraging technology, it also facilitates theft, intrusion and voyeurism.  Therefore, pressure increases on gatekeepers of data to preserve the sanctity of the information.

–  Data breaches like HSBC are heightening public awareness of and concerns regarding privacy and raises increasing doubts on gatekeepers’ ability to self-regulate and protect confidential data.

Going Forward – The Balancing Act

Within Your Control

Implementing comprehensive data privacy practices can conflict with basic corporate goals (e.g., making money) and impinges on certain business practices. Which is more important?  Here are a few items to consider:

Out of Your Control – Kosher

Individuals and government still matter.

Out of Your Control – Criminal

Even with the best practices and applications in place, no company has complete control in the data chain of custody.  There is always an Achilles’ heel. To wit:

Data Privacy is no longer a topic that is limited to a business’ back room operations.  It touches every facet of business – from the tactical to the strategic.  Give short shrift to it at your own peril.