Chapter 22: Building Privacy into Your Application

Chapter 22

Building Privacy into Your Application

Before the proliferation of the personal computer or the Internet, an invasion of privacy was typically viewed as something the government did. The worry then was having your phone tapped, having your mail read, or being followed. Today, every transaction we're involved in is an opportunity for our privacy to be invaded. Whether it be using a discount card in a grocery store, purchasing a house, or buying software on the Internet, we risk having our information shared with people who might pass it on or use it in an undesired fashion. Every privacy infraction lowers customer trust and affects commerce in a negative manner. If you look at the current state of the financial markets, it's due more to the lack of trust in companies to do the right thing than real business reasons.

IMPORTANT
Most privacy threats are information disclosure threats. When performing threat analysis, you should look at all such threats as potential privacy violations.

Would you feel just as comfortable buying a new Porsche from a used car lot as from a Porsche dealership? You probably answered no to this question even though you have no real evidence that it would be a bad idea. It's all about trust. Respecting customer privacy is a crucial ingredient in building trust. People will not feel comfortable purchasing your products and services or investing in your company unless they trust you. By developing a privacy strategy for your company, you can visibly show that you care about your customers' privacy. The alternative is possibly having to respond to a privacy violation, unnecessarily losing customers, or having to pay out a lot of money due to litigation.