04:53 PM
Stephanie Stahl
Stephanie Stahl

Editor's Note: It's Time To Get Down To The Business Of Privacy

Whew! Ninety-three--that's the number of pages in the PDF file I downloaded from the Federal Register last week detailing the final rule from the Department of Health and Human Services for privacy standards for health information. That's a lot for health-care and insurance companies to digest, and it's only one component of the Health Insurance Portability and Accountability Act. It's also a lot for consumers to chew over. But Marty Abrahms gives the department a lot of credit. Not only is it providing very detailed specifications, he says, it's also providing a summary that's more palatable. That's a concept that Abrahms, former chief privacy officer at Experian, who now works for law firm Hunton & Williams, and others are trying to convince companies to adopt. Already, the folks at Citigroup, J.P. Morgan Chase, Procter & Gamble, and others are working on shorter, friendlier, less legal mumbo-jumbo types of statements. It needs to be something consumers can glance at and compare with others, he says. I couldn't agree more. Last summer, my mailbox was deluged with privacy statements from banks and credit-card companies (those complying with the Gramm-Leach-Bliley Act), but somehow they always ended up in the "to read later" pile. It's one of those piles that, if it sits there long enough and I haven't touched it, can go into the recycling bin without much thought.

Of course, my reading habits and those of other information-overloaded consumers are a small part of the work with which chief privacy officers need to concern themselves. Once statements are written, agreed upon, and posted, they've got to make sure their actions live up to their words. That's where the real work begins. It's also where technology lends a hand. A growing number of vendors are coming out with software to manage policies, track customer privacy preferences, monitor the flow of customer information, and even tag data to prevent an application from accessing it if it violates a privacy policy or preference. Senior editor Rick Whiting investigates further in "Making Privacy Work".

I applaud companies that are going beyond regulatory compliance and strongly enforcing their policies, even using them as a competitive advantage. But let me end with something disturbing. According to two research studies, almost half of all companies have no privacy policy at all. And many that do have policies don't post them on their Web sites. I can't think of a reason why either statistic should be acceptable. Come on, folks. It's time to make your privacy polices a little less private.

Stephanie Stahl

To discuss this column with other readers, please visit Stephanie Stahl's forum on the Listening Post.

To find out more about Stephanie Stahl, please visit her page on the Listening Post.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of October 9, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll