Fenwick's Kesner thinks it's up to CIOs to help their companies understand what this Web 2.0 world means for data control. As a first step, he thinks more CIOs should establish a social media presence. It's essential, he believes, for IT leaders to understand how these tools work and how people use them.

CIOs, then, may not decide on their own what their companies do with customer data, but they will have to weigh in on--and support--whatever decisions business leaders make. That includes any technologies that companies deploy to mine customer information as well as protect it from unauthorized use.

But it's not only your customers who want to control data about themselves. Social media is blurring employees' personal information with business information, which presents a challenge for corporate privacy policies. Companies can't ban employees from using Facebook and Twitter. In many cases, notes Kesner, even though these are technically not work-related sites, they are increasingly critical for engaging with clients and customers. Yet companies want to be able to control information about themselves.

Fenwick has found, for example, that potential clients expect to be able to check out its attorneys on Facebook rather than in traditional sources like the Martindale-Hubbell Law Directory. "If there are pictures of a CEO at a beer bash 20 years ago, it really does change things," says Kesner. "Our job as CIOs is to educate people about how what they're doing today can be searched across the world today or tomorrow."