The meaning of privacy is changing in important ways as technology eliminates conventional notions of maintaining secrets. "We are moving from a classic democracy with limited monitoring and surveillance into a fishbowl society in which monitoring and surveillance are widespread," said Richard Hunter, an analyst with the research firm, Gartner.

Hunter predicts that in the next five years technology will eliminate privacy as it has been known for centuries. "In 2004, governments and businesses can do large scaled data mining, but it's not centralized and the use for law enforcement is somewhat restricted." By 2009, Hunter said, any business, government or individual will be able to afford large-scale data mining of structured and possibly unstructured data, which will require breakthroughs in algorithms to parse.

Hunter said the way to deal with the creeping erosion of privacy, in large part prompted by the rise of the Internet and fear of terrorism, is for individuals to gain control of their digital information.

Legislation and devising generally accepted business practices around privacy are providing some deterrents to the abuse of personal information, but shady businesses, criminals and even governments will continue to find inventive ways to infringe on what was formerly understood as the "right to privacy."

Hunter cited the recent the National Do Not Call Registry as an example of how privacy and control can work to reduce the abuse of personal information. More than 57 million U.S. citizens signed up for the registry, sending shivers down the spines of the telemarketing industry. States have had do-not-call registries for several years. MCI, for example, was recently fined $100,000 for allegedly making unsolicited calls to people in Indiana who had registered with its do-not-call list.

Hunter expects that commercial uses will be restricted worldwide either as a matter of law or commercial agreements. "We are moving toward privacy as control in industrialized nations worldwide," Hunter said. "Privacy now equals control over how personal information is used, by whom and for what purpose. Consumers increasingly want and expect this."

He warned that attempts to loosen restrictions on the use of personal data by law enforcement agencies in the U.S., Australia and other countries indicates that privacy in the digital age could lead to a 1984-like scenario. "It's an increasing, but not unstoppable trend," Hunter said.

Hunter suggests that a new economics of privacy is on the horizon. "Data only produces revenue when customers allow it. In the new economics, the customer controls the value," Hunter said.

We are currently suffering through a period of mass exploitation, best exemplified by spammers. But the spammers are subject to falling into what Hunter calls CRM hell, or zero gain compliance, in which businesses have customer data but aren't authorized to do anything with it, as with the do-not-call registries. Businesses such as financial services that have more targeted exploitation tactics depend on opt-out laws for up-selling and cross-selling their services. As customers become more savvy about controlling how their data is used, those vendors could end up in the CRM hell bucket.

Ultimately, businesses need to determine whether they can afford to alienate customers with their privacy policies. According a HarrisInteractive poll conducted in February of 2003, only about 10 percent of the U.S. population is insensitive to privacy concerns. Hunter recommends that companies strive to become trusted advisors to their customers to extract the most value from the relationship.

"Too much information and not enough trust is the problem," Hunter said. "With a trusted advisor, a company becomes a preferred channel to the customer, similar to the value proposition of the Swiss banking industry."

Maintaining personal data also has a cost, and without explicit permission from customers, the full value of the data cannot be extracted by either the vendor or the customer. Unfortunately, the notion of building a two-way relationship with the customer and investing in a privacy, or trust, framework-similar to the technical requirements for a security or regulatory compliance framework-hasn't caught on with most CEOs and CIOs.

For companies that want to establish a trusted relationship with customers, Hunter recommends a privacy management framework that includes a policy architecture, which sets the rules governing the relationship with customers; a compliance architecture that aligns the culture of the company with business processes that touch customers; and a technical architecture that encapsulates the rules in automated ways and allows for communication to and from the customers. He pointed to eBay as an example of a company that offers a trust framework, giving customers notice of its privacy policies, keeping the data safe on behalf of the customer, and giving them a choice on how their information is treated.

Most companies are too aggressive in gathering information about customers. An estimated 70 percent of users abandon a site when they are asked for personal information as a condition of using a site, Hunter said. More than 10 percent provide false data. Many of these users may not be the target audience, but companies need to make clear why the information is being collected and how it will be used. Hunter recommends gathering only as much information as is needed to work with a customer within an established relationship. As the relationship expands and a notion of trust evolves, more data can be harvested.

Hunter observes, with an assist from Loyalty Rules! (Harvard Business School Press, 2001) by Frederick Reichheld, that the key outcome of investing in the cultural changes and technology required to build a trust framework is customer loyalty. Converted into business terms, a 5 percent improvement in customer retention could yield a 25- to 100 percent increase in profits. The potential for more profits and long-term customers should be enough of an incentive for companies to build competency around the concepts of privacy and trust.

You can write to me at dan.farber@cnet.com. If you're looking for my commentaries on other IT topics, check the archives.