The problem for corporate America is the fact that individual consumers, employees, the media, and our elected leaders now realize that their personal data is often sold or exploited without their knowledge or consent.

In just two years, there has been a dramatic shift in how the public views privacy issues and companies that abuse individual privacy rights. The Federal Trade Commission found 92% of Americans are either concerned or very concerned about privacy and the use of personal data. From Washington and from state legislatures across the country, scores of new laws are presenting CIOs with serious new challenges, requiring new network designs, new technologies, and new management tools to ensure individual privacy rights.

Simply posting a privacy policy on your company's Web site is not enough. If you're a CIO, you need to know the answers to certain basic privacy questions. Why? Because it's a sure bet that management considers privacy to be part of your responsibility. Privacy is often viewed as an element of network security so privacy enforcement, by default, falls in your lap.

Another big concern: Plaintiff's lawyers have discovered the privacy issue, and you probably have better things to do than spend this summer in depositions.

Here are 10 important privacy questions for E-business leaders to consider:

* Who in your company has overall responsibility for ensuring compliance with the company's stated privacy policy?

* How does your company ensure that consumers are notified about what information is being collected, how it will be used, and who will use it?

* How does your company ensure that consumers are given a choice in how their personal information is used?

* How do you protect their personal data from unauthorized use?

* How do you provide consumers with access to their personal information? How do they change their personal data?

* Does your company have written guidelines, procedures, and enforcement policies for the appropriate use of personal information?

* Does your company have a complete data-flow map-not a network diagram, but a complete process flow of how information is gathered, distributed, marketed, and stored by each division?

* What procedures ensure that consumers are notified of changes in privacy policies and that they have consented to changes in such policies?

* What procedures ensure that your business partners use personal information according to the terms of your privacy policy?

* How often have you trained employees on fair information practices?

The FTC recently submitted a controversial report to Congress entitled "Privacy Online: Fair Information Practices in the Electronic Marketplace." The report recommends that Congress enact legislation to ensure a minimum level of privacy protection for online consumers. This legislation would require consumer-oriented commercial Web sites that collect personal identifying information to comply with four widely accepted fair information practices: notice, choice, access, and security.

The FTC's report focuses only on online fair information practices. The privacy laws of our major trading partners and the proposed Safe Harbor Agreement with the European Union

aren't limited to information obtained online. Under these laws, fair information practices are required for the use of data throughout the company, both online and in the back office.

It's clear that the privacy concerns of individual consumers are driving the public debate. Companies that move quickly and voluntarily to meet these privacy concerns will gain in both market share and customer loyalty. Businesses that ignore the privacy concerns of their customers or fight reasonable guidelines concerning the use of personal information will be forced to endure hazing in the marketplace and will never realize the full potential of E-commerce.