Compromising Customers' Privacy. (Up Front: News, Trends & Analysis)
Swartz, Nikki, Information Management
Does your organization share customer or employee data with the U.S. government? Does it inform individuals that it does so?
According to a 2002 CSO magazine survey of almost 800 organizations, 45 percent of companies have supplied customer, employee, or business partner data to U.S. government or law enforcement agencies in compliance with court orders stemming from recent legislation. In addition, the survey revealed that 41 percent of respondents said they were willing to share information without a court order if they believe it is in the interest of national security.
But experts warn that this eagerness to help the government could leave companies open to litigation. As recently noted in CIO magazine, businesses that will give information to government agencies when required by law should amend their privacy policies to state that they will do so, but that's just a first step. The best protection against litigation is to have a company-wide policy--set at the executive level and distributed to every employee--that explicitly states what happens if and when law enforcement requests data.
Section 215 of the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (Patriot Act) amends the Foreign Intelligence Surveillance Act of 1978 to allow much broader access to private data. Specifically, section 215 says that federal agents "may make an application for an order requiring the production of any tangible things (including books, records, papers, documents, and other items) for an investigation to protect against international terrorism or clandestine intelligence activities. …