Privacy at Stake

Article excerpt

Access to personal data and how it's handled has always been a sensitive issue, but the development of the Internet has heightened concern. Yet, information is the lifeblood of the modern economy. The question is how businesses can recognize the individual's right to privacy while retaining the ability to collect and use information intelligently.

YOU HAVE NO PRIVACY anymore," said Sun Microsystems CEO Scott McNealy. "Get over it." But few are willing to leave it at that. Different views and laws covering privacy rights are generating heat on both sides of the Atlantic. Governments of European Union nations have enacted restrictions on data transmission and content on Internet Web sites, whereas the U.S. is often conflicted about privacy vs. free speech.

According to recent surveys, most Internet users describe privacy as one of their major concerns, yet a majority readily provide personal data on a regular basis. It's not clear whether they're worried about infringement due to personal experience or because news coverage has spurred anxiety. The Clinton administration and the FTC have recently announced a privacy policy that advocates the "opt-out" approach. Companies are permitted to release any and all personal information unless specifically told not to by a consumer. The problem is, most people lean toward the "opt-in" approach. "Users want the `Golden Rule' of the Internet to be: `Don't do anything unto me unless I give you permission,"' Lee Rainie, director of the Pew Internet & American Life Project, told MSNBC.

The battle over privacy will likely play out over two rounds, according to Forrester Research, which has studied the issue. An initial round of legislation focused on Web sites will be passed next year; the issue will go into remission for a year or two after that followed by a second, broader round of legislation in 2005. The legislation will require all companies to post information practices, with the FTC retaining authority to take action against those that don't comply. It will almost certainly require consent for the sharing of data. What's less clear is whether industry lobbying will defeat measures requiring companies to provide consumers with access to the information collected about them.

In the following roundtable conducted in partnership with Acxiom, a Little Rock, AR, data integration services firm, CE gathered CEOs and CPOs (chief privacy officers) from Internet, software, marketing, retail, medical, security, banking, and insurance industries to examine the impact of privacy concerns on the flow of information and how businesses can get ahead of the curve. The discussion centered on ways companies can prepare to honor customer concerns and to what degree technology can help compliance. Acxiom CEO Charles D. Morgan and the Privacy Council's Gary Clayton mapped a six-point manifesto that companies may consider adopting as a working privacy philosophy.

-J.P. Donlon

Here's Looking at Everybody

J.P. Donlon (CE): It might be interesting to share a snapshot of where we are: A Web privacy rating company called Enonymous.com did a survey last spring of more than 30,000 Web sites over a nine-month period. They rated sites' privacy policies from zero to four stars, based on the site's behavior regarding user contact and data sharing, and third party use. And 3.5 percent, or just over 1,000, qualified for the four-star rating, which means they never share personally identifiable information with third parties, period. Three stars, which signified a policy of sharing only with user's permission, went to 799 sites. Two stars were given to 2,500 sites, the ones that would contact users without permission, but only share data with permission. One star was given to 2,251 sites that share data without permission, and zero stars, meaning the site had no privacy policy at all, went to 22,000 sites, or about 73 percent of the group.

That looked pretty awful until I learned that two years ago, only 1,400 even posted the policy on privacy at all. …