For technology companies, privacy and security investment isn’t just about protecting against downside any more — new products and venture money mean it’s finally possible to deliver on the upside by developing privacy-enhancing technologies.
I attended another cyber security seminar last week, where a panel of distinguished security experts succeeded in scaring the bejeesus out of a group of business owners about the dangers of being underprepared for the inevitable breach headed their way.
No doubt, the costs of recovering from breach can be staggering. Here’s how Home Depot described the realized and anticipated costs of dealing with its breach earlier this year:
“cost(s) to investigate the data breach, provide credit monitoring services to customers, increase call center staffing, and pay legal and professional services…liabilities to payment card networks for reimbursements of payment card fraud and card reissuance costs; liabilities related to the company’s private label credit card fraud and card reissuance; liabilities from current and future civil litigation, governmental investigations and enforcement proceedings; future expenses for legal, investigative and consulting fees; and incremental expenses and capital investments for remediation activities.”
Certainly, companies can and should take steps to avoid the kind of negative ROI associated with breach, and should examine their internal policies and behaviors to avoid the embarrassment and brand damage that can accompany even non-breach privacy mishaps. Many traditional insurers are now offering comprehensive breach management as part of their cyber policies, which can protect against both the economic and reputational costs of breach. And it’s never a bad time to make sure that your company’s customer-facing policy notices are compliant with California’s notice requirement, and that you are actually making good on the promises that notice contains.
But it’s more fun to talk about companies that are targeting positive ROI by embracing privacy as a core value, and by developing tools and products that put privacy control in the hands of mainstream consumers. These are companies like Abine, whose Blur and DeleteMe tools offer subscription-based programs for reclaiming your online identity; Wickr, Threema, and Sicher, each offering different flavors of secure private messaging; Xpire and Ello, private non-ad-supported social networks; SurfEasy and ZenMate’s private browsing solutions; private search from DuckDuckGo; and Avatron,* whose upcoming Everydisk software is a private alternative to third-party cloud storage.
It remains to be seen how these companies will turn their virtuous goals into gold – but it’s a fair bet that the big venture money behind some of them (Mark Cuban, in the case of Xpire; T-Ventures with ZenMate; Atlas and General Catalyst behind Abine) is looking for more than social capital in return.
This month’s Pew report on perceptions of data privacy shows that consumers are well aware of the excess collection and disclosure of their private information, so the market should be ripe for easy-to-use tools that deliver control back to the data owners. While work continues at the FTC and elsewhere to drive legislative change that will force organizations to treat private data with transparency, care, and accountability, companies like these can move faster to deliver data control back to consumers, and make some money at the same time.
Know about another consumer-focused privacy tool or company? Send a link and spread the word!
*Avatron is the only company on this list that I have a personal interest in.