Just a couple of years ago, looking up the definition for the word “Google” in the dictionary would have been an exercise doomed to failure. Yet few people today exhibit any hesitancy in using “Google” not only as a noun to describe the world’s number one internet search engine, but just as easily to employ it as a verb.
Google is one the most important communications phenomena of this early 21st Century. The ever-increasing speed with which Google is able to sort and display for the computer inquisitor answers to the questions he or she poses, is matched only by the awesome depth of those responses – from the mundane to the truly exotic.
Yet, just like major technological innovations before it, Google in many ways is paying a steep price for its success. How the company deals with these problems – particularly those involving privacy concerns — will to a large extent define its success in the coming biennium, in the marketplace and with government regulators and Capitol Hill lawmakers.
Other technology companies in recent years have faced similar threats to their operations; caused also by both mistakes the companies made as well as challenges from without. How these other companies responded to privacy-related problems might hold important lessons for Google.
In the fall of 2004, the large, data-brokering firm, fell victim to a serious security breach. A handful of criminals gained access to and stole a large quantity of credit reports and other personal information on consumers maintained by ChoicePoint. Instead of bobbing and weaving, and trying to avoid the problem presented by the security breach, or sticking its corporate head in the sand and pretending it wasn’t there, ChoicePoint tackled the privacy problem up front and decisively.
CEO Derek Smith admitted publicly the company could have done better, and announced a series of remedial steps. Most important among these responses was the hiring of Carol DiBattiste as the Chief Privacy Officer. She was given a clear mandate put privacy front and center; to identify privacy problems facing the company, develop solutions, and implement remedies. She was given direct access to Smith and the company’s entire board of directors.
The company reached out proactively to the Congress and state legislators clamoring for all manner of regulatory retaliation; and it began a dialog with non-governmental privacy organizations that were at the time gearing up to blast the data-brokering giant. ChoicePoint’s message to all these entities was the same – the company was serious about privacy and would take steps quickly and substantively to not only remedy the breach it suffered, but also to develop “best practices” for the industry to protect the privacy of the information entrusted to it.
Granted, ChoicePoint had other incentives to get its privacy act together – not the least of which were a class action lawsuit resulting from the 2004 data breach, and actions by the Securities and Exchange Commission and the Federal Trade Commission. However, the comprehensive and transparent manner in which it addressed these problems resulted in the company emerging stronger and more highly regarded than before the incident.
Google recently has been stung by a number of privacy-breach allegations, which, while not at this time a threat to its existence, already have caused a number of governments here and abroad to call for significant restrictions on its current and future operations to gather data. In response, Google has named a director of privacy – Alma Whitten – but at least to this point, has failed to endow the post with sufficient and unquestioned horsepower for its occupant to make and enforce real changes to Google’s privacy practices.
Like ChoicePoint before it, Google is now clearly within the gun sights of federal regulators and congressional investigators. It might do well to borrow a page from ChoicePoint’s playbook; keeping in mind the best defense is a good offense.