Brian Jackson - Fotolia
The Boston Consulting Group
Published: 13 Oct 2015
Privacy is dead.
Think about how often you’ve heard that phrase in the last 12 months. Even I, a representative of the millennial generation that scoffs at mobile privacy in favor of convenience and access to information, have said it. So what if a store I frequent spams my phone with offers and reminders the moment I walk in? I don’t care, because it makes my life easier.
As it turns out, privacy isn’t dead. I just forgot how much I enjoyed mine.
I recently attended Nemertes Research’s Navigator 360 conference, and one of the panels talked about how millennials are no longer the up-and-coming generation. Now it is the centennials -- current high school students, born after the turn of the century, who will be entering college and the workforce soon. And one of the biggest differences with centennials is they actually care about mobile privacy. So what does this mean for mobile technology going forward?
Like millennials, centennials are a mobile-first generation that largely grew up with ubiquitous connectivity. But they also grew up with Wikileaks and Edward Snowden, and they have seen firsthand what happens when privacy is an afterthought, including the damage it can do personally, economically and politically. For centennials, nothing trumps privacy, not even convenience.
IT needs to care about mobile privacy because our users do. There is a heightened sensitivity surrounding surveillance and how information is used. But corporate IT usually immediately leads its policies with “people should have no expectation of privacy.” Companies should respect the privacy of their employees in the same way they are required to of their customers.
So what can enterprise mobility practitioners do about this? Luckily, we’re starting to see more discussions and even new products around how to ensure mobile privacy. A hot topic in mobility now is identity access management (IAM), and organizations that aren’t yet looking at it really need to start.
IAM essentially gives people the feeling that business is business and personal is personal. It authenticates users’ identities and authorizes access to specific applications and data stores, ensuring that only the people permitted to access certain systems are able to do so.
IAM can also help keep IT out. When employees agree to the organization’s rules of use, then IT must agree to not touch their personal information or data. For example, the organization’s policy might say that IT can wipe the corporate information off an employee’s phone at any time; however, it may also say that IT can’t wipe the entire device without that person’s express permission.
Enterprise IT needs to have an understanding of what it’s like to be on the other side. The almighty security trump card doesn’t mean IT has the right to control users’ personal data. It’s important to separate work and personal so the organization can only have control over corporate information. That could mean employees having separate devices, or better yet, IT implementing containerization or dual persona technology.
This article originally appeared in the October issue of the Modern Mobility e-zine.
Updates to the FTC’s mobile privacy rules
Do Not Track feature key to mobile device privacy
Everything you need to know about remote wipe