Private corporate data is often encrypted using a key, which is needed to decrypt the information. Who within the corporation should be responsible for maintaining the "keys" to private information collected about consumers? Is that the same person who should have "keys" to employee data? Should there be global Internet privacy policy?