SmartAdvice: Private Is As Private Does - InformationWeek
IoT
IoT
Business & Finance
Commentary
4/22/2004
11:01 PM
Commentary
Commentary
Commentary
50%
50%

SmartAdvice: Private Is As Private Does

Keep customer's data privacy at the forefront of your company's compliance efforts, The Advisory Council says. Also, implement P3P on your Web site, and create and enforce human-resource policies that reflect your company's privacy policy.

Question A: How do we develop a Web site privacy policy that's aligned with the needs and values of our business?

Our advice: A company's privacy policy is a statement of the "value" it places in its customer relationships. Perhaps the first reflection of that is in the value it places on customers' "property"--personal information, in this case. This simple thing can help build trust that's critical to any relationship.

However, trust is a fragile commodity, and once broken it can seldom, if ever, be regained. Consequently, not only should you ascertain the proper use of customer information, but also ensure that all perceptions related to this issue are handled correctly.


Related Links

Online Privacy Alliance

Electronic Privacy Information Center


An organization's actions rather than words are a better reflection of its real intent. Most customers are intelligent enough to distinguish between politically correct lip service and sincere action. To sustain a customer's trust, a company must support its policy with concrete action. Over time, a company must embed privacy in its business processes, and establish roles and responsibilities to ensure compliance. Remember, to a customer, this is an issue that showcases the company's beliefs and core values.

One must be aware of the legal implications of abusing a consumer's privacy. Since the Freedom of Information Act of 1970, there have been many laws passed by Congress to protect the privacy of individuals, including:

  • Fair Credit Reporting Act, 1970


  • Privacy Act, 1974


  • Right to Financial Privacy Act, 1978


  • Health Insurance Portability and Accountability Act, 1996


  • Federal Internet Privacy Protection Act, 1997


  • Communications Privacy and Consumer Empowerment Act, 1997


  • Data Privacy Act, 1997


  • Children's Online Privacy Protection Act, 1998


  • Financial Services Modernization Act, 1999

Privacy Guidelines For Companies
In light of these laws, every company must take steps to ensure the privacy of visitors to its Web site. Here are some things a company can do to ensure both compliance with the law and maintaining the trust of its customers.

    Privacy:

  • Request only information that is absolutely necessary. For example, using Social Security numbers as a customer identifier is not a good idea.


  • Protect information at all times. Do you have security strategy, processes and infrastructure in place to prevent the theft of customer information?


  • Disseminate collected information carefully. Is the information treated on a strictly need to know basis even among company employees? Is this information sold or shared with external entities?


  • Accuracy:

  • Ensure accuracy of information. Is the information correct and consistent across sources and data stores?


  • Update information regularly. Are there processes in place to periodically verify information?


  • Property:
  • Clearly establish and communicate the ownership of information. This is a gray area and must be handled with care.


  • Clearly establish and communicate the ownership intellectual property rights.


  • Access:

  • Provide customers with access to information about themselves at no charge.


  • Clearly establish and communicate the means of information access. However, ensure that privacy is not compromised when using one of these means.


  • Provide means of updating/changing information.


  • Provide mechanisms to challenge potentially damaging information.


  • Provide equitable means of conflict resolution.


  • Notice:

  • Clearly notify consumers of policies and practices as they relate to privacy of personal information.


  • Periodically review and update these policies.


  • Consent:

  • Clearly obtain consumer's consent prior to disseminating information about them.

A company's privacy policy might not sell a product, but it sure can prevent one from being sold. Over time, negative perceptions in the marketplace can and do destroy brands.

-- Sourabh Hajela

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
2018 State of the Cloud
2018 State of the Cloud
Cloud adoption is growing, but how are organizations taking advantage of it? Interop ITX and InformationWeek surveyed technology decision-makers to find out, read this report to discover what they had to say!
News
Enterprises to Bump Up IT Spending in 2019
James M. Connolly, Executive Managing Editor, InformationWeekEditor in Chief,  9/12/2018
News
AIOps to Drive Big IT Pivot
Jessica Davis, Senior Editor, Enterprise Apps,  9/11/2018
Commentary
AWS vs. Azure: Users Share Their Experiences
Guest Commentary, Guest Commentary,  9/7/2018
Register for InformationWeek Newsletters
Video
Current Issue
The Next Generation of IT Support
The workforce is changing as businesses become global and technology erodes geographical and physical barriers.IT organizations are critical to enabling this transition and can utilize next-generation tools and strategies to provide world-class support regardless of location, platform or device
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll