We need to talk about the cookie.
It’s such a sweet word—warm, comforting, bringing back memories of home. But in this time and this business, it also means something very different. In fact, it symbolizes the constant debate between openness and privacy, an uncomfortable discussion we need to have.
The end of January always brings us Data Privacy Day, as designated by the National Cyber Security Alliance (NCSA). The occasion is typically marked by a smattering of articles on the sensitive topic, particularly if it closely follows a high-profile data breach. This year proved no exception, and again, sensible advice that’s easy to follow is a good thing. The message of caution may be repetitive, but it’s still relevant, and it gets more so with each passing year.
That’s because, with each passing year, we get more of everything—data, devices, channels, applications, scams. The more we talk about privacy, it seems, the less we have of it.
For example, the NCSA asks consumers to celebrate Data Privacy Day hosting events and, of course, by “sharing resources and advice on social media.” It’s a weird irony that some of the tools we use to disseminate that advice will inevitably cost us a little bit of our privacy (any idea how many metatags are associated with each Tweet?).
That brings us back to the cookie, the subject of an interesting new research initiative from an organization with deep roots in the subject, the Interactive Advertising Bureau. “Privacy and Tracking in a Post-Cookie World” offers perspectives not only on the state of affairs as they relate to privacy, but alternative models for data transparency and privacy controls for all constituencies.
The White Paper traces the cookie’s relatively harmless origins, and describes how it has outlived its usefulness in a multi-platform user universe. Rather than identify a single, all-purpose solution—which may be how this option went awry in the first place—the IAB proposes a series of solution classes that can be adapted to develop specific technologies to meet particular industry and customer needs.
Of course, the IAB has a vested interest in learning more about consumers. So do those of us in finance. But that may be where our interests and concerns diverge.
Let’s be clear: Every time a retailer suffers a data breach, or a consumer inadvertently gives away personal financial details, or even a credit card falls into the wrong hands, it comes back to us. Even if it’s not our fault, it’s our problem. The government, other industries and the public will ask what we’re doing wrong. We function at the intersection of money, technology and data, and that means there’s a huge bull’s eye on our industry.
No one reasonably expects us to have all the answers, any more than the IAB does, but that’s no reason why we shouldn’t be asking the questions. The welter of regulations and compliance mandates governing the industry should be seen as a starting point, not a boundary. We want technologies that help us serve our customers better, but that still means walking a sometimes-fine line between extracting relevant information and respecting consumer privacy.
The perfect punctuation mark to Data Privacy Day this year came with the guilty plea from Aleksandr Andreevich Panin, who allegedly created the bank-hacking malware SpyEye, which apparently infected 1.4 million computers. He’ll be spending some quiet time for conspiracy to commit wire and bank fraud. Of course, we can rest assured that for every felon behind bars, there’s a bunch out there doing what they do.
Still, out-and-out criminality like this is one issue; data privacy is another. In this environment, we can be blamed for having information customers give us willingly, even if it helps us serve them better.
It would be good to have a range of alternatives to the cookie that meet our customers’ and our industry’s specific needs. Now that’s a comforting thought.
Image courtesy of Grant Cochrane/ FreeDigitalPhotos.net