[A blog spot by ISS Editor Drew Whitney.]
Who isnt a big fan of the Internet? Ive come to trust it as a resource and huge convenience. No matter how remote I am, I can access resources for work, find old friends, and make purchases for anything under the sun.
Unfortunately, all is not to trust, though; and Ive come to use caution when hopping on the Web, making sure I dont leave a trail for untrustworthy purveyors to misuse my personal and financial information. More than once, Ive left a site if I get the slightest feeling of insecurity. My identity has already been compromised and a bank account depleted. Yes, Im on guard.
Thats why when Rachel Friedman, print campaign manager at News and Experts, submitted an article about customer privacy. It struck a chord with me. News and Experts is a nationwide news service providing expert resources to the media via its website. Heres what Rachel had to say:
Privacyits getting tougher to maintain, especially with identity theft on the rise. With this in mind, growing numbers of Americans are making demands on businesses to treat their personal information with secrecy. According to a Harris Poll sponsored by Microsoft, 60 percent of Americans said theyve decided not to support a store because of doubts about that stores privacy protections. What is surprising is it isnt just marketers who are trying to access personal information. The government has drafted private industry for data collection duty in the war on terror.
So how can businesses keep customers personal information under wraps when the U.S. Patriot Act allows the government to collect copious amounts of this sort of information? Jacqueline Klosek, an attorney and author of the new book The War on Privacy advises clients on issues related to data privacy and security. As a certified information privacy professional, Klosek says private industry faces a precarious balance, trying to simultaneously maintain consumer privacy.
Klosek routinely advises businesses to follow all privacy measures required by law. In addition to these measures, she offers the following additional tips:
1. Conduct an internal audit. Businesses should conduct an internal audit to understand: what data they are collecting, how they are using that data, with whom they are sharing that data, how that data is being protected and related issues.
2. Develop a privacy policy. Once the companys policies and plans for collecting and using customer information are clarified, these policies should be communicated to customers and clients through a Privacy Policy. It should clearly state how your facility can be contacted in regards to information and the types of third parties that will have access to such information. Also, be sure to follow all laws and legal requirements in this regard.
3. Be prepared. Anticipate the fact that your company could face a government subpoena demanding your clients personal information records. Prepare your policies knowing clients and customers expectations regarding the privacy of their personal information. This may help you to avoid making a strong privacy promise to consumers that governmental demands will not allow you to keep.
5. Seek prior consent. Its a smart idea to obtain prior consent from your consumers/clients about potential personal data transfers that could be subpoenaed by the government. The same holds true for other types of transfers, including transfers to business partners and service providers.
6. Conduct due diligence when outsourcing. Examine third-party service providers' experience with privacy and data security. Investigate privacy complaints the service provider has faced and make sure youre complying with all U.S. and foreign laws when outsourcing.
7. Protect your website. Its good practice to implement a web monitoring program that automatically runs privacy scans to ensure that the site hasnt been compromised and that privacy measures remain intact.
Protecting customers privacy is becoming a more cumbersome task with the advances in technology and the war on terror. Ironically, the erosion of individual privacy rights here and abroad occurs under the guise of enhancing national security, says Klosek. The surprising fact is that this so-called greater protection renders private citizens more exposed than ever before.