Editor's Note: It's Time To Get Down To The Business Of Privacy - InformationWeek
04:53 PM
Stephanie Stahl
Stephanie Stahl
[Dark Reading Crash Course] Finding & Fixing Application Security Vulnerabilitie
Sep 14, 2017
Hear from a top applications security expert as he discusses key practices for scanning and securi ...Read More>>

Editor's Note: It's Time To Get Down To The Business Of Privacy

Whew! Ninety-three--that's the number of pages in the PDF file I downloaded from the Federal Register last week detailing the final rule from the Department of Health and Human Services for privacy standards for health information. That's a lot for health-care and insurance companies to digest, and it's only one component of the Health Insurance Portability and Accountability Act. It's also a lot for consumers to chew over. But Marty Abrahms gives the department a lot of credit. Not only is it providing very detailed specifications, he says, it's also providing a summary that's more palatable. That's a concept that Abrahms, former chief privacy officer at Experian, who now works for law firm Hunton & Williams, and others are trying to convince companies to adopt. Already, the folks at Citigroup, J.P. Morgan Chase, Procter & Gamble, and others are working on shorter, friendlier, less legal mumbo-jumbo types of statements. It needs to be something consumers can glance at and compare with others, he says. I couldn't agree more. Last summer, my mailbox was deluged with privacy statements from banks and credit-card companies (those complying with the Gramm-Leach-Bliley Act), but somehow they always ended up in the "to read later" pile. It's one of those piles that, if it sits there long enough and I haven't touched it, can go into the recycling bin without much thought.

Of course, my reading habits and those of other information-overloaded consumers are a small part of the work with which chief privacy officers need to concern themselves. Once statements are written, agreed upon, and posted, they've got to make sure their actions live up to their words. That's where the real work begins. It's also where technology lends a hand. A growing number of vendors are coming out with software to manage policies, track customer privacy preferences, monitor the flow of customer information, and even tag data to prevent an application from accessing it if it violates a privacy policy or preference. Senior editor Rick Whiting investigates further in "Making Privacy Work".

I applaud companies that are going beyond regulatory compliance and strongly enforcing their policies, even using them as a competitive advantage. But let me end with something disturbing. According to two research studies, almost half of all companies have no privacy policy at all. And many that do have policies don't post them on their Web sites. I can't think of a reason why either statistic should be acceptable. Come on, folks. It's time to make your privacy polices a little less private.

Stephanie Stahl

To discuss this column with other readers, please visit Stephanie Stahl's forum on the Listening Post.

To find out more about Stephanie Stahl, please visit her page on the Listening Post.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll