"CIOs generally don't care about privacy," says Peter Milla, former CIO and chief privacy officer at Survey Sampling International (SSI). Milla says most CIOs either focus on technology, or regard privacy as outside their domain, the province of a chief privacy or chief security officer. He finds both attitudes wrongheaded. CIOs, Milla says, should "want to be ahead of the curve" on privacy.

The reasons, Milla adds, will become more obvious as business goes increasingly digital. Web 2.0 applications connect like Legos, creating opportunities for . On social networks and blogs, people post vast amounts of information about themselves. Marketers, meanwhile, are developing ever-better tools to exploit information about what individuals do online. Companies routinely unlock sensitive data for business partners. As businesses enter into cloud computing, they will give custody of their data to service providers. These trends create the potential for unprecedented insight into people's behavior and open new ways to do business. But they also create challenging questions about privacy, questions for which the answers are unclear.

Milla says he recently worked to modify a request from a big-box retailer who wanted information about the people surveyed by his company on their behalf. "They were bewildered and frustrated that we wouldn't give it to them," says Milla. The retailer already collects plenty of data on its customers and didn't see what the problem was with a bit more. But Milla saw a breach of privacy, a contractual violation. If it leaked out that SSI shared personal data about its panelists, it could devastate its business.

Milla says the big-box retailer's attitude is endemic. Companies think the data they gather belongs to them. Not true, he says, but is he right?