News
Commentary
8/16/2002
04:53 PM
Stephanie Stahl
Stephanie Stahl
Commentary
50%
50%

Editor's Note: It's Time To Get Down To The Business Of Privacy

Whew! Ninety-three--that's the number of pages in the PDF file I downloaded from the Federal Register last week detailing the final rule from the Department of Health and Human Services for privacy standards for health information. That's a lot for health-care and insurance companies to digest, and it's only one component of the Health Insurance Portability and Accountability Act. It's also a lot for consumers to chew over. But Marty Abrahms gives the department a lot of credit. Not only is it providing very detailed specifications, he says, it's also providing a summary that's more palatable. That's a concept that Abrahms, former chief privacy officer at Experian, who now works for law firm Hunton & Williams, and others are trying to convince companies to adopt. Already, the folks at Citigroup, J.P. Morgan Chase, Procter & Gamble, and others are working on shorter, friendlier, less legal mumbo-jumbo types of statements. It needs to be something consumers can glance at and compare with others, he says. I couldn't agree more. Last summer, my mailbox was deluged with privacy statements from banks and credit-card companies (those complying with the Gramm-Leach-Bliley Act), but somehow they always ended up in the "to read later" pile. It's one of those piles that, if it sits there long enough and I haven't touched it, can go into the recycling bin without much thought.

Of course, my reading habits and those of other information-overloaded consumers are a small part of the work with which chief privacy officers need to concern themselves. Once statements are written, agreed upon, and posted, they've got to make sure their actions live up to their words. That's where the real work begins. It's also where technology lends a hand. A growing number of vendors are coming out with software to manage policies, track customer privacy preferences, monitor the flow of customer information, and even tag data to prevent an application from accessing it if it violates a privacy policy or preference. Senior editor Rick Whiting investigates further in "Making Privacy Work".

I applaud companies that are going beyond regulatory compliance and strongly enforcing their policies, even using them as a competitive advantage. But let me end with something disturbing. According to two research studies, almost half of all companies have no privacy policy at all. And many that do have policies don't post them on their Web sites. I can't think of a reason why either statistic should be acceptable. Come on, folks. It's time to make your privacy polices a little less private.

Stephanie Stahl
Editor
sstahl@cmp.com


To discuss this column with other readers, please visit Stephanie Stahl's forum on the Listening Post.

To find out more about Stephanie Stahl, please visit her page on the Listening Post.

Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Nov. 10, 2014
Just 30% of respondents to our new survey say their companies are very or extremely effective at identifying critical data and analyzing it to make decisions, down from 42% in 2013. What gives?
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 16, 2014.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.