Chapter 8. Privacy

“You have zero privacy anyway. Get over it.”

These famous words were uttered by Scott McNealy, then CEO of Sun Microsystems, in 1999.¹ Despite McNealy’s brutal pronouncement, privacy is still very much something identity professionals, product managers, architects, developers, company officers, and many others need to worry about.

Privacy is the place in identity where technology, policy, and the law meet. For example, in the early 2000s, General Motors set out to create a company-wide telephone directory, something companies have been doing for a hundred years, and put it online. It took two years. GM’s hang-up was not technical but legal: GM has employees in many countries, each with its own privacy laws, some much stricter than those of the United States. Privacy turned a seemingly simple project into a two-year ordeal.

More and more organizations are appointing chief privacy officers, high-level officers who ensure that data about people is protected or (to take the cynical view) at least reduce the risk of being fined or sued over it. Privacy is a big deal. People believe that their identity data should be private. They don’t necessarily believe that everyone else’s data should be private, but they want to protect their own information.