The House of Lords’ recent e-crime report suggests the responsibility for ensuring data privacy be placed firmly in the hands of the companies which make up the IT industry. This implies technology vendors and consultants are ultimately accountable for securing personal information online. But is this the most effective approach? The Lords have assumed that the IT industry knows exactly what level of privacy assurance its users want, not to mention how, when and where they want to have control over the use of their information. Furthermore, it also assumes that IT companies know precisely the level to which personal data needs to be secured to ensure a balance between securing information and enabling  a free-flowing information society. Could the IT industry, left to deal with the implications of the Lords’ report, stifle incoming opportunities for advanced technology because they have to be over-cautious when it comes to security and privacy?Given that users are ultimately responsible for when and how they submit data about themselves, it could be suggested that they are in fact the best guides for the IT industry and that the responsibility is to be held by the marriage of industry and user.  This would shift the emphasis for the IT Industry to provide clear and unambiguous information on what protections are in place and how data will be used allowing the user to make informed choices. One could imagine a “food labelling” approach with simple, visual measures and consistent ratings to indicate the level of protection offered by suppliers.

If the IT sector is to best represent the privacy interests of its customers, perhaps a joint approach to defining what constitutes an appropriate level of information control is what is ultimately required.