This article, "Privacy Is Good Business" and all the recent privacy and data-theft scandales got me thinking that privacy will require it's own set of services inside IT. Privacy is another, emergent IT silo for which having well defined services in a catalog will pay off nicely.
From the article
In addition, CIOs need to take steps to ensure that personal data the company collects is accurate and current. One way to improve accuracy is to provide customers with the ability to access and, if necessary, correct, personal information collected about them. And when personal data is no longer relevant (or required by law), companies should get rid of it. The storage of stale or outdated personal information is almost always a threat to privacy.
Privacy is becoming a front page of New York Times issue. The collection of data, the managing of privacy preferences, the moving of data, and the disposal of data -- in short, the entire life cycle of customer's data is going to come under heavy regulation.
From an ITIL perspective this means that we are going to have to bring the same management processes (Service Request, Change, Release, Incident) to data that today we have for infrastructure elements.
We will have to have a privacy catalog for requesting access or use of customer data, applying approval processes and controls and then managing it as asset and CI. Data will have to have regulatory attributes, specific life cycle and disposal.
What do you think? Is this an issue for your company yet? Do you see it coming up?
Comments