Information Technology Reference
In-Depth Information
Corporate Privacy Policies
Even though privacy laws for private organizations are not very restrictive, most organizations
are very sensitive to privacy issues and fairness. They realize that invasions of privacy can hurt
their business, turn away customers, and dramatically reduce revenues and profits. Consider
a major international credit card company. If the company sold confidential financial infor-
mation on millions of customers to other companies, the results could be disastrous. In a
matter of days, the firm's business and revenues could be reduced dramatically. Therefore,
most organizations maintain privacy policies, even though they are not required by law. Some
companies even have a privacy bill of rights that specifies how the privacy of employees,
clients, and customers will be protected. Corporate privacy policies should address a cus-
tomer's knowledge, control, notice, and consent over the storage and use of information.
They can also cover who has access to private data and when it can be used.
Multinational companies face an extremely difficult challenge in implementing data-
collection and dissemination processes and policies because of the multitude of differing
country or regional statutes. For example, Australia requires companies to destroy customer
data (including backup files) or make it anonymous after it's no longer needed. Firms that
transfer customer and personnel data out of Europe must comply with European privacy
laws that allow customers and employees to access data about them and let them determine
how that information can be used.
A few examples of corporate privacy policies are shown in Table 14.4.
Table 14.4
Company
URL
Starwood Hotels & Resorts
United Parcel Service
Corporate Privacy Policies
Visa
Walt Disney Internet Group
A good database design practice is to assign a single unique identifier to each customer—
so that each has a single record describing all relationships with the company across all its
business units. That way, the organization can apply customer privacy preferences consis-
tently throughout all databases. Failure to do so can expose the organization to legal risks—
aside from upsetting customers who opted out of some collection practices. Again, the 1999
Gramm-Leach-Bliley Financial Services Modernization Act required all financial service in-
stitutions to communicate their data privacy rules and honor customer preferences.
Individual Efforts to Protect Privacy
Although numerous state and federal laws deal with privacy, the laws do not completely
protect individual privacy. In addition, not all companies have privacy policies. As a result,
many people are taking steps to increase their own privacy protection. Some of the steps that
you can take to protect personal privacy include the following:
•
Find out what is stored about you in existing databases.
Call the major credit bu-
reaus to get a copy of your credit report. You are entitled to a free credit report every
12 months (see
freecreditreport.com
). You can also obtain a free report if you have been
denied credit in the last 60 days. The major companies are Equifax (800-685-1111,
www.equifax.com
),
TransUnion (800-916-8800,
www.transunion.com
),
and Experian
(888-397-3742
,
www.experian.com
).
You can also submit a Freedom of Information Act
request to a federal agency that you suspect might have information stored on you.
•
Be careful when you share information about yourself.
Don't share information unless
it is absolutely necessary. Every time you give information about yourself through an 800,
888, or 900 call, your privacy is at risk. Be vigilant in insisting that your doctor, bank,
or financial institution not share information about you with others without your
written consent.
