BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Edit Story

The TMI Problem

This article is more than 10 years old.

Startup Fitbit makes a thumb-size, accelerometer- equipped device that tracks users' steps, sleep and calories burned. Users keep a journal on the company's website to more closely track up to 800 physical activities. One of those physical activities? Sex. (With categories ranging from "passive, light effort" to "active and vigorous.")

Oops. Hundreds of Fitbit users hadn't realized that the company had made their journals public by default--to encourage sharing and competitiveness among friends--and that their sex-ercise sessions were exposed and showing up in Google search results.

Once made aware of the indiscretion, the company quickly hid all users' activity records and got the results removed from search engine pages.

Out of a desire to have successful "social strategies," many companies publicize their users' information as much as possible. Fitbit's experience, and that of many companies that have been sued for similar policies, shows the pitfalls of that strategy. Hence, the latest idea making the rounds of tech companies: Privacy by Design. It means simply that companies are starting to bake privacy into their products, relying less on privacy policies few bother to read. The phrase appeared in federal legislation for the first time this year in the Commercial Privacy Bill of Rights introduced in the Senate by John Kerry (D-Mass.) and John McCain (R-Ariz.).

"No one wants to scour through a privacy policy," says Canadian Privacy Commissioner Ann Cavoukian. "A small investment in privacy at the beginning prevents data breaches and reputational harm to your branding, but it also saves money."

The most visible current example of good privacy by design is Google's new social network, Google+. After flunking Privacy 101 with Buzz, which automatically built a public social network using Gmail users' formerly private contact lists, Google has designed a social network with privacy as its building block. All contacts are placed in nonpublic "circles" (for example, "Friends," "Colleagues" or "Family") and users are asked to designate the circle to share with for every post they make. "If you don't design privacy in at the architectural level, it can be devilishly hard to deal with later," says Jules Polonetsky of the Future of Privacy Forum.

Special Offer: Free Trial Issue of Forbes