The contradictions, understandably, make some CIOs skeptical that privacy needs to be an overarching concern. "It's not a nightmare situation," says Gerard McCartney, vice president of information technology and CIO at Purdue University. Not that he ignores privacy--the university spends half a day during orientations discussing privacy and security issues with incoming students. But McCartney thinks most people can and do manage their own privacy fairly well through common sense.

But here again, there are multiple points of view. There are questions, for instance, about how far common sense goes in the online world. "There is a sense of anonymity for people when they sit in front of a computer screen that I don't fully understand," says Leon Goldman, chief compliance and privacy officer at Beth Israel Deaconess Medical Center. "They say things to a computer they wouldn't to a real person."

Gidari, with Perkins Coie, says our values about privacy may be changing: "I wonder whether we are 10 years behind in our views of privacy, and this next generation may not be much concerned about the things this generation is screaming about." He points to behavioral ad targeting, which the U.S. Federal Trade Commission and especially the European Union are attempting to regulate. It's "a joke to kids," who expect targeted advertising, he observes.

Jim M. Swartz, CIO at Sybase, says privacy worries aren't keeping him awake right now. He notes, however, that technology shifts can quickly rewrite the rules for CIOs. More mobile workforces, for instance, create challenges and situations "that we wouldn't even have thought about five or six years ago," he says. For instance, it's easier for people to download attachments on their handheld devices, making it much harder for companies to control where sensitive data goes.