Just like other security policies and compliance programs, privacy compliance should be part of enterprise risk mitigation strategy, and it deserves senior management-level discussion on a regular basis. I have seen both internal privacy policies involving holding of information about customers or employees, and external privacy policies around how an enterprise protects itself out on the open Internet either from a research standpoint involving a new product release, or even just some insurance against negative PR caused by online activity under the corporate identity. In either case, policies and the technologies that support them need to be in place ahead of the curve. Acting reactionary can serve to be a most costly mistake.
What do you see your clients most worried about?
Interestingly enough, we serve three distinct business sectors: consumers, enterprises and the government. Each certainly has their own concerns relative to what they are trying to accomplish, but they all stem from the basic concept of not leaving a digital footprint online. Our business is a balancing act of addressing known threats and working toward staying ahead of the unknown.