Privacy: The Problem That Won't Go Away - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

11:55 AM
John Soat
John Soat

Privacy: The Problem That Won't Go Away

Your privacy mistakes can easily become everyone's business. Here's how to keep your company--and your career--out of the spotlight.

Everybody knows privacy is important. Every company has a privacy policy, or should (You have one, right? And you've read it, right?), and more and more companies are appointing chief privacy officers to ensure compliance with government regulations and company standards.

So why do privacy problems continue to plague large and small companies, government agencies, and nonprofit organizations? Because a privacy policy and honcho are only the table stakes in a global, online, real-time business world. Now that data is currency and network access ubiquitous, there's more to making privacy work than a wink and a nod. Privacy must go deeper into a company's culture, until it's part of how a company thinks and acts with its customers, partners, and the public.

Getting there isn't a mystery, even if it's hard work. The many failures have shown what needs to be done. Here are nine truths about privacy that companies must live.

It's A Strategy, Not Just A Policy
"The worst thing a company can do is post a privacy policy that says they do certain things to protect privacy, then they don't do them," says Gary Laden, director of the Better Business Bureau's BBBOnLine privacy program. Sound advice. Except these days, you must understand more than the letter of your policy. You must understand what your customers expect.

Facebook, the popular social networking site for students, thought it was offering its users a cool new feature when it introduced News Feed in September. News Feed automatically updates Facebook users about changes to the pages of people in their social networks, such as someone adding a friend or posting to a discussion group. CEO Mark Zuckerberg was unprepared for the howls of protest from Facebook users who, instead of seeing a new networking opportunity, saw the shadow of Big Brother. In an Internet posting on Sept. 5 prompted by an increasingly hostile user community, Zuckerberg defended the new product: "We didn't take away any privacy options. ... The privacy rules haven't changed." Zuckerberg was out of touch with his own community. In a posting three days later, he was forced to admit: "We really messed this one up." Facebook reworked News Feed, offering users new ways to control their personal data, such as the ability to nix the broadcast of specific updates and to remove the time stamp many found particularly onerous.

InformationWeek Download

Companies must watch the letter of their privacy policies as well. They're legal contracts between a company and its customers, so violations can lead to litigation. AOL is being sued by three unidentified individuals who claim the Web portal violated its privacy policy last July when, to aid academic researchers, AOL posted on one of its sites 20 million search queries from more than 650,000 users. The data didn't contain users' names, which had been stripped out and replaced with identifier numbers, but it did contain the personal data typical to search queries--addresses, phone numbers, medical conditions--so that it was possible to tie it to individuals.

AOL apologized for the gaffe immediately after it was discovered ("This was a screwup, and we're angry and upset about it," a spokesman said), and there were career consequences: It fired the researchers responsible, and its chief technology officer resigned shortly afterward.

Privacy Laws Will Change--Often
Customers aren't the only ones who might come back at you for privacy lapses. Last month, a federal jury awarded CollegeNET $4.5 million in its claim of unfair competition against rival XAP. CollegeNET and XAP are Web sites that help students apply to colleges online. CollegeNET sued XAP for creating an unfair marketplace advantage by violating its privacy policy when it turned over student data to loan agencies. CollegeNET said the opt-in lang- uage XAP used to obtain permission was unclear and misleading. XAP president Liz Dietz said in a statement that the disputed practices "all occurred in the past." The judge will decide the actual monetary damages early next year.

"California puts privacy laws into effect every week," says Parry Aftab, only partly tongue- in-cheek. Aftab's a privacy lawyer and executive director of "I can't stay on top of them," she says.

But you must. More than half the states have laws that require organizations to notify consumers if their personal data is involved in a security breach. At the federal level, several privacy bills are percolating through both houses of Congress, though the feds have shown no real urgency to act on those bills.

Smart companies don't just stay on top of privacy legislation, they also seek to influence it. Kirk Hareth, chief privacy officer for Nationwide Insurance, served as an industry lobbyist for several years in the 1990s. He helped draft HIPAA, the Health Insurance Portability and Accountability Act. Hareth keeps in touch with Nationwide's lobbyists to stay current with pending legislation.

Case in point: On Oct. 13, President Bush signed a bill, S. 2856, that includes a provision that requires financial institutions to make their privacy statements "comprehensible to consumers, with a clear format and design." The Federal Trade Commission has 180 days after enactment of the bill to develop the new privacy model and will seek input from financial institutions.

Nationwide's privacy statement already complies with the new regulation, Hareth says. "We've gotten ours to an eighth-grade reading level," he says. That's because California law requires that all public documents be written below a ninth-grade reading level, and insurance companies are regulated by the states. Dealing with federal and state regs is a constant juggling act. "You need to have time to do that reconciliation," Hareth says.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 5
Comment  | 
Print  | 
More Insights
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Pandemic Responses Make Room for More Data Opportunities
Jessica Davis, Senior Editor, Enterprise Apps,  5/4/2021
10 Things Your Artificial Intelligence Initiative Needs to Succeed
Lisa Morgan, Freelance Writer,  4/20/2021
Transformation, Disruption, and Gender Diversity in Tech
Joao-Pierre S. Ruth, Senior Writer,  5/6/2021
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll