Technological Damnation 78: e-Privacy

Privacy is a good thing, and e-Privacy is a better thing, but that doesn’t mean it’s not an eternal damnation to Procurement. Why?

Customers are always demanding more privacy rights.

Including rights that they do not have in the off-line world. While you definitely should not post online that they shop at your location, they some consumers don’t even want you to keep records that they do. But in the real world, you can keep your security feeds, that show them, your physical credit card receipts for at least seven years, that show they shopped their, and the associated transaction receipts, that shows what they bought. But as soon as you store that data in a system, aggregate it, and use it to build a loyalty program and target appropriate rewards (even if you do so in a private way and don’t share the data with anyone), you’re trying to invade their privacy rights. So you have to be extra careful in Procurement that any systems you source have the highest safeguards and are only going to be used for legal, responsible uses.

Oversight requirements are increasing as regulatory acts are multiplying.

As more and more consumers demand their e-Privacy rights, and as more and more data breaches happen as a result of lax (or nonexistent) security, more and more regulations are being proposed and passed. There are so many provincial and federal acts addressing e-Privacy across finance, health-care, and technology that it’s dizzying. It’s impossible to keep up, and when something is missed, Procurement, who will be made responsible for Procuring the technological systems needed by the organization and the third party services providers to help with proper configuration, will be the organization given the blame.

The technological sophistication required to achieve an acceptable level of security and privacy safeguards is through the roof.

It’s not just buying a new database with built in 256-bit encryption, it’s getting all of the data into the database, making sure the data is encrypted on the way in, making sure it goes through a secure, encrypted channel from the port from the old database to the new database, and making sure the new database is appropriately configured and locked down to only authorized access through only authorized channels. This configuration is not easy, given the complexity of today’s encryption technology, the complexity of the tools that need to be encrypted, the arsenal of freely available hacking tools on the deep web, and the average security and third party systems knowledge of an average system administrator. Procurement has to first identify true security experts with experience security the systems and software that need to be secured, source a firm, vet the experts presented, and ensure that the person who shows up is the person who is actually the person whom they are expecting. A tall order for an organization typically tasked with sourcing products to keep production and operations going.

Consumer fear combined with the a lack of technological understanding of the underlying security requirements makes this a difficult damnation to tackle, but one that is only going to get more relevant and immediate as time goes on.