|
What is Privacy?
Privacy Versus Confidentiality
Why the Concern?
Good Privacy Practices Make Good Business Sense
What Is Privacy?
Privacy has long been regarded as a basic human right in democratic societies.1 In 1948, the United Nations General Assembly issued the Universal Declaration of Human Rights. Article 12 of that declaration states, "No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honor and reputation. Everyone has the right to the protection of the law against such interference or attacks."
Privacy is "the right to be left alone."2 It is "freedom from intrusion or public attention."3 It concerns our right to control the flow of information about ourselves, the right to fair, reasonable, and confidential practices. A reasonable expectation of privacy might encompass:
· Personal privacy (for example, physical and psychological privacy)
· Privacy of communication (for example, freedom from monitoring and interception)
· Privacy of information (for example, control over the collection, use, and disclosure of personal information by others)
This document focuses on the privacy of personal information. Privacy encompasses the rights and obligations of individuals and organizations with respect to the collection, use, retention, and disclosure of personal information. Personal information is information about an identifiable individual that includes any factual or subjective data, recorded or not, in any form. Personal information might include, for example:
· Name, identification numbers, address, income, or hair color
· Evaluations, comments, credit history, or driving records
· Employee files, credit records, loan records, or the existence of a dispute between a consumer and a merchant
Certain personal information is considered sensitive and therefore prone to abuse if handled improperly. Sensitive personal information might include, for instance, information on medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, and sexual preferences.
Back to top
Privacy Versus Confidentiality
Privacy, as defined by laws and regulations, is about individuals having control over the collection, use, retention, and disclosure of their personal information. Unlike privacy, there is no widely accepted definition of confidentiality but, in most cases, it is about keeping business information from being disclosed to unauthorized parties, and it is usually driven by agreements or contractual arrangements.
It is important to understand that privacy is about individuals having control over their personal information. In this context, control means individuals have fundamental rights, including:
· Knowing what personal information is collected, how it is used, and to whom it is disclosed
· Accessing personal information and correcting inaccuracies
· Challenging decisions made on the basis of inaccurate or incomplete data
Individuals often forget that they have obligations concerning privacy; in other words, privacy is a two-sided issue, and is not just about individuals' rights to have their personal information protected. As consumers, individuals are obligated to take an active role in managing their personal information, such as deciding whether to provide their personal information to an organization for marketing purposes or taking steps to correct errors in their credit reports.
Protecting the privacy of personal information imposes certain obligations on organizations as well. Such obligations prohibit organizations from collecting, using, disclosing, or retaining personal information without the knowledge and consent of individuals.
Back to top
Why the Concern?
Privacy as an issue is not new. It has been debated, argued, and even legislated for decades.4 This debate is not limited to the real world. Privacy was a pivotal theme in George Orwell's novel, 1984, and such films as Minority Report and Gattaca have tackled issues surrounding the privacy of personal information. Research studies show that consumers are feeling frustrated about privacy. In a recent study conducted for Privacy & American Business by Harris Interactive (sponsored by the AICPA and Ernst & Young), 79 percent of consumers said they have lost all control over how companies collect and use their personal information.5
Privacy is also a global issue! Many countries have adopted privacy legislation governing the domestic use of personal information, as well as the export of such information across borders and, in particular, to countries that have not adopted similar privacy protection legislation.6 The United States has often taken a different approach by enacting privacy legislation that applies to specific industries, including the financial and health sectors.
Apart from the legislation, other drivers affecting privacy include advocacy groups, the privacy rights movement, voluntary industry privacy codes, and the public expectation that, as governments adopt freedom of information legislation to provide greater public access, so too should the private sector. Furthermore, these expectations are increasing as the public becomes more aware of privacy issues—such as identity theft—through media reports, presentations, and professional publications. These rising expectations are placing additional demands to address these concerns on all organizations.
Back to top
Good Privacy Practices Make Good Business Sense
Good privacy practices can provide a consistent approach to protecting personal information in a way that individuals can easily understand and organizations of all sizes, across all industry sectors, can readily implement. They permit flexibility in meeting business needs, limit administrative costs to those directly associated with implementing privacy programs within the organization, and encourage individuals to address the organization first to resolve complaints. In addition, they promote the growth of e-commerce by establishing an enforceable and consumer-friendly privacy environment.
From a business perspective, the benefits of good privacy practices include:
· Protecting the organization's public image and brand
· Protecting valuable data on the organization's customers
· Achieving a competitive advantage in the marketplace
· Meeting the requirements of an industry association
· Efficiently managing personal information and, thereby, reducing administration costs and avoiding unnecessary financial costs, such as retrofitting information systems
· Enhancing credibility and promoting continued consumer confidence and goodwill
Good privacy practices can do far more than build consumer confidence and protect the integrity of an organization’s brand—they can also increase customer loyalty and add to the bottom line. According to the recent Harris Interactive Study for Privacy & American Business, almost 50 percent of consumers said they would buy more frequently and in greater volume from companies known to have more reliable privacy practices.
Many organizations may not have given much thought to using privacy protections to promote consumer confidence and goodwill. For the most part, privacy is considered a legal compliance matter instead of a customer-strategy matter. However, the way personal information is obtained and used is both a challenge and an opportunity for businesses. Although the "privacy culture" is changing slowly, privacy is still a largely untapped customer-building resource in most businesses.
Just as good privacy practices have a positive impact on business, not having good privacy practices in place can increase risk to an organization. The Privacy & American Business Study indicates that 83 percent of consumers would stop doing business entirely with companies that misuse customer information.8
The misuse of customer information can potentially result in the following:
· Damage to an organization's reputation, brand, and business relationships
· Charges of deceptive business practices
· Customer, employee, and stockholder distrust
· Reduced revenue, market share, and shareholder value
· Refusal by customers to consent to the use of personal information for business purposes
· Legal liability and industry or regulatory sanctions
Clearly, an organization that follows good privacy practices will not only avoid potential legal liability and sanctions, but will likely satisfy both domestic and international requirements to protect personal information. In this regard, many European countries do not allow the transfer of personal information to an organization outside the country unless that organization has adequate privacy protection practices.
Back to top
. The evolution of privacy is discussed in Perspectives on Privacy, a booklet published by the Royal Bank Financial Group.
. The modern formulation of the concept of privacy was stated in an article by two American jurists. Samuel Warren and Louis Brandeis. The Right to Privacy. Harvard Law Review, 1890, p. 193.
. The Concise Oxford Dictionary of Current English. 1990. Oxford: Clarendon Press.
. The Privacy Act of 1974 was passed to control how U.S. government agencies gather and use personal information of U.S. citizens.
. Similarly, a study by the National Federation of Independent Business (NFIB) Research Foundation, National Small Business Poll—Privacy, found that U.S. small business owners are concerned about the unauthorized collection, release, and use of both their business and personal information; 81 percent of those worried about privacy do not distinguish between the two.
. Privacy International and the Electronic Privacy Information Center annually review privacy laws in over 50 countries around the world. The 2005 survey is available online (www.privacyinternational.org/survey/).
. According to a recent report by Jupiter Research, companies that fail to post and support clear privacy policies may be leaving money on the table. As much as $24.5 billion in online sales alone will be lost by 2006, because companies do not adequately address consumers' privacy and security apprehensions.
|