Privacy: what every manager should know: companies can't afford to ignore the fact that consumers are increasingly concerned about how businesses use their personal information.

At the Core

This article:

* Lists consumer concerns about privacy issues

* Discusses how privacy has become a competitive issue

* Gives key components of effective privacy policies

Just a few years ago, information privacy issues were not even on the radar screen for most companies. More recently, however, consumers have become more aware of the issue and more concerned about the potential misuse of information about them by both government and business. Other developments that have pushed privacy issues to the forefront include technological advances, increased media coverage of companies' privacy missteps, privacy-related litigation An action brought in court to enforce a particular right. The act or process of bringing a lawsuit in and of itself; a judicial contest; any dispute.

When a person begins a civil lawsuit, the person enters into a process called litigation. , and an increased focus on privacy in Congress and federal regulatory agencies, as well as in state legislatures and regulatory agencies.

The business community, recognizing privacy as a competitive issue and responding to the increased consumer awareness of the issue, has made privacy a top-level issue. Many companies that obtain, maintain, use, and disclose personally identifiable information In information security and privacy, personally identifiable information or personally identifying information (PII) is any piece of information which can potentially be used to uniquely identify, contact, or locate a single person. about consumers (e.g., name, address, e-mail address See Internet address.

e-mail address - electronic mail address , telephone number, Social Security number) have:

* posted privacy policies on their Web sites

* created chief privacy officer (CPO (Chief Privacy Officer) An individual who manages the privacy issues within an organization. Arising out of the privacy regulations in finance and health care in the late 1990s, the CPO position eventually crossed over to all industries. ) positions

* increased employee awareness and training about the issues

* established self-regulatory initiatives

* taken other noticeable measures to shore up their privacy policies and practices

Without a doubt, privacy is now an issue about which every company that collects and uses personally identifiable information about consumers should be concerned. Public and consumer concerns, as well as the rising volume of legislation and regulations, are such that all managers would be well advised to consider them.

What the Public Thinks

Consumers' interest in and concern about potential threats to their privacy have been measured in numerous polls and surveys. These indicate that consumers' privacy concerns have increased, especially over the past decade. In a 1999 survey conducted by the Wall Street Journal and NBC News NBC News (along with NBC News + HD) is the news division of American television network NBC, a part of NBC Universal, which is majority-owned by General Electric. Its current president is Steve Capus. It is the top-rated broadcast news division and has been for a decade. , individuals were asked to identify the issue(s) that concern them the most about the 21st century. Remarkably, 29 percent of those participating in the poll responded that they were more concerned about threats to personal privacy than about other social issues, including overpopulation overpopulation

Situation in which the number of individuals of a given species exceeds the number that its environment can sustain. Possible consequences are environmental deterioration, impaired quality of life, and a population crash (sudden reduction in numbers caused by , war, and global warming global warming, the gradual increase of the temperature of the earth's lower atmosphere as a result of the increase in greenhouse gases since the Industrial Revolution. .

Increased public concern about privacy has affected consumer decisions about which companies they are willing to do business with and what personal information they are willing to provide. The increased levels of concern about privacy have been attributed to two factors: distrust of institutions and fears about the misuse of technology.

Undoubtedly, the events of September 11, 2001, have had a profound effect on the public's concerns about social issues, including privacy. Since then, Americans have expressed greater support for expanded law enforcement programs (e.g., increased surveillance)--a marked change in public opinion--even if the increased law enforcement powers would affect individuals' civil liberties.

In the online world, consumer concern about privacy has had a profound impact on e-commerce. For example, an October 2001 report by Forrester Research Forrester Research is an independent technology and market research company that provides its clients with advice about technology's impact on business and consumers. Corporate facts

Founded: 1983 by George F.

found that $15 billion of projected 2001 e-commerce revenues could be unrealized because of consumers' concerns about their privacy. Among the key issues about online shopping identified by consumers are credit card number theft and the misuse of their personal information.

These figures demonstrate that companies cannot ignore the importance of privacy to consumers. Companies that fail to address privacy issues are likely to see an impact on their business.

The Role of the Media

Media reports about companies' privacy missteps have become not only front-page business section stories but true front-page stories as well. This media scrutiny has heightened public awareness of the privacy issue and, in some cases, resulted in legislative and regulatory activity.

For example, in 1999 the plans of a New Hampshire New Hampshire, one of the New England states of the NE United States. It is bordered by Massachusetts (S), Vermont, with the Connecticut R. forming the boundary (W), the Canadian province of Quebec (NW), and Maine and a short strip of the Atlantic Ocean (E). company, Image Data, to purchase drivers' photographs from state departments of motor vehicles and create a database of digital photographs that retailers could use to combat fraud were met with an immediate negative public reaction. Headlines, for example, raged "Your Driver's License Noun 1. driver's license - a license authorizing the bearer to drive a motor vehicle
driver's licence, driving licence, driving license

license, permit, licence - a legal document giving official permission to do something

, For Sale?" The public reacted strongly despite the fact that the law did not prohibit this practice, and Image Data offered consumers an opportunity to opt-out or have their photographs removed from the database.

Elected officials in several states acted quickly to halt the practice of allowing companies to purchase driver's license photographs. At the federal level, language was added to the FY2000 Transportation Appropriations Act to amend the 1994 Driver's Privacy Protection Act, the statute under which drivers' information had been made available for commercial purposes. Image Data ultimately changed its business plan for its database to a consent-based model where participating businesses scan the driver's licenses of consenting consumers only.

Also in 1999, the plans of Internet advertising Delivering ads to Internet users via Web sites, e-mail, ad-supported software and Internet-enabled cellphones. Also called an "ad network," Internet advertising organizations act as a middleman between the advertiser and the Web sites and software publishers that display the ads. company DoubleClick to purchase direct marketing company Abacus Direct, which housed the nation's largest catalog database, were well covered in the press. This purchase would have allowed DoubleClick to marry information about consumers' online habits (clickstream The trail of mouse clicks made by a user performing a particular operation on the computer. It often refers to linking from one page to another on the Web. data) with Abacus' information, thereby creating personally identifiable online profiles and allowing DoubleClick's customers to better target online ads to consumers. (Editor's Note Editor's Note (foaled in 1993 in Kentucky) is an American thoroughbred Stallion racehorse. He was sired by 1992 U.S. Champion 2 YO Colt Forty Niner, who in turn was a son of Champion sire Mr. Prospector and out of the mare, Beware Of The Cat.

Trained by D. : Also see article by Cannon, page 42.)

Shortly after DoubleClick's plans were announced, the Electronic Privacy Information Center Electronic Privacy Information Center or EPIC is a public interest research group in Washington D.C.. It was established in 1994 to focus public attention on emerging civil liberties issues and to protect privacy, the First Amendment, and constitutional values in the , a Washington, D.C.-based privacy advocacy group, filed a complaint with the Federal Trade Commission (FTC FTC

See Federal Trade Commission (FTC). ) alleging that DoubleClick violated Section 5 of the FTC Act prohibiting unfair and deceptive trade practices. The FTC began an investigation, as did various state attorneys general, and in March 2000, DoubleClick backed away from its plans.

An attempt by failed Internet toy retailer Toysmart.com to sell personally identifiable information about its customers in violation of its privacy policy also received significant media attention. In May 2000, after filing for bankruptcy, Toysmart planned to sell its assets, including its customer list containing information about 250,000 customers. The Toysmart privacy policy, posted in September 1999, indicated that the company would never disclose customers' personally identifiable information to third parties. The FTC filed suit against Toysmart to prevent the sale of the customer list. More than 40 state attorneys general intervened in the bankruptcy proceedings bankruptcy proceedings n. the bankruptcy procedure is: a) filing a petition (voluntary or involuntary) to declare a debtor person or business bankrupt, or, under Chapter 11 or 13, to allow reorganization or refinancing under a plan to meet the debts of the party .

A settlement was finally reached when Toysmart agreed to destroy the customer list and Toysmart's parent, Walt Disney Noun 1. Walt Disney - United States film maker who pioneered animated cartoons and created such characters as Mickey Mouse and Donald Duck; founded Disneyland (1901-1966)
Disney, Walter Elias Disney Company, paid creditors $50,000 to end the controversy.

Repeated stories about identity theft also have received significant media attention, some because they involve stealing the identity of celebrities and others because of the elaborateness of the identity theft scheme.

The Private Sector's Reaction

The private sector has reacted in a variety of ways to the emergence of privacy as a competitive issue. While the business community recognizes the need to protect consumer privacy, it also depends on access to consumer information to facilitate transactions, such as mortgages and car loans.

Privacy issues are no longer limited to industry sectors that have traditionally focused on them, such as the financial and medical sectors. Now any company that handles personal information about consumers should have a privacy policy and privacy practices in place. The expanded commitment to privacy has manifested itself in many ways, such as the creation of the CPO position. (Editor's Note: Also see article by Pemberton, page 57.)

According to according to
prep.
1. As stated or indicated by; on the authority of: according to historians.

2. In keeping with: according to instructions.

3. Business Week Online, by the end of 2000 between 50 and 100 companies had appointed CPOs, including IBM (International Business Machines Corporation, Armonk, NY, www.ibm.com) The world's largest computer company. IBM's product lines include the S/390 mainframes (zSeries), AS/400 midrange business systems (iSeries), RS/6000 workstations and servers (pSeries), Intel-based servers (xSeries) , American Express American Express (NYSE: AXP), sometimes known as "AmEx" or "Amex", is a diversified global financial services company, headquartered in New York City. The company is best known for its credit card, charge card and traveler's cheque businesses. , Kodak, and Microsoft. The number had more than tripled by November 2001, according to Information Security magazine. Professional associations, such as the Association of Corporate Privacy Officers and the Privacy Officers Association, began to form shortly after the emergence of the CPO position. These two trade associations have now merged to form the International Association of Privacy Officers (www.privacyassociation.org).

Industry also has increased privacy protections through the establishment of self-regulatory organizations. One of the earliest such organizations was the Individual Reference Services Group, or IRSG IRSG - Internet Research Steering Group (www.irsg.org). Established in 1997 and comprised of 14 leading information industry companies, the IRSG, in conjunction with the FTC, created self-regulatory principles for the dissemination and use of personal information. In September 2001, IRSG members decided to dissolve the organization due to the regulation of the information governed by the IRSG principles (e.g., Title V [privacy] of the Gramm-Leach-Bliley Act The Gramm-Leach-Bliley Act, also known as the Gramm-Leach-Bliley Financial Services Modernization Act, Pub. L. No. 106-102, 113 Stat. 1338 (November 12, 1999), is an Act of the United States Congress which repealed the Glass-Steagall Act, opening up competition [financial modernization]).

Another industry self-regulatory group to rise out of the emergence of the privacy issue is the Online Privacy Alliance (OPA OPA: see Office of Price Administration. ), a coalition of more than 80 companies and organizations dedicated to online privacy protection (www.privacyalliance.org). OPA created guidelines for online privacy policies (i.e., notice and disclosure, choice/consent, data security, and data quality and access), and for enforcing self-regulation (e.g., verification and monitoring, complaint resolution, and education and outreach).

U.S. Privacy Protections

Privacy protections available in the United States United States, officially United States of America, republic (2005 est. pop. 295,734,000), 3,539,227 sq mi (9,166,598 sq km), North America. The United States is the world's third largest country in population and the fourth largest country in area. can be traced back to three main sources: constitutional law, statutory law, and common law (e.g., public disclosure of private facts; breach of an implied contract implied contract n. an agreement which is found to exist based on the circumstances when to deny a contract would be unfair and/or result in unjust enrichment to one of the parties. An implied contract is distinguished from an "express contract. ; and misappropriation misappropriation n. the intentional, illegal use of the property or funds of another person for one's own use or other unauthorized purpose, particularly by a public official, a trustee of a trust, an executor or administrator of a dead person's estate, or by any of name or likeness). In recent years, the Years, The

the seven decades of Eleanor Pargiter’s life. [Br. Lit.: Benét, 1109]

See : Time business community has focused on enacting privacy statutes and promulgating regulations implementing these statutes. In the United States, privacy statutes have been enacted on a sector-by-sector basis. For example, Congress has enacted legislation regarding children's online privacy, driver's privacy, financial privacy, and medical privacy.

Children's Online Privacy. In 1998, Congress enacted the Children's Online Privacy Protection Act Not to be confused with the Child Online Protection Act.

The Children's Online Privacy Protection Act of 1998^[1] (COPPA)^[2] is a United States federal law, located at Title 15, Section 6501, et seq., of the United States Code. (COPPA COPPA Children's Online Privacy Protection Act of 1998 (FTC) ) in an effort to give parents more control over the collection of personal information from children online. Beginning on April 21, 2000, COPPA required Web sites directed toward children under age 13 or sites that knowingly collect personal information from children to meet certain requirements, including:

* posting a privacy notice addressing specific issues such as type of personal information collected, how the Web site will use the information, whether the site operator will disclose the information to third parties, and how parents may contact the operator

* obtaining verifiable parental consent Parental consent laws (also known as parental involvement or parental notification laws) in some countries require that one or more parents consent to or be notified before their minor child can legally engage in certain activities. before collecting, using, or disclosing personal information from a child (certain exceptions include Web sites responding to a one-time request from a child)

* providing parents with an opportunity to review personal information that the Web site collected from their children

* allowing parents to revoke their consent and request that the Web site operator delete In the C++ programming language, the delete operator returns memory allocated by new back to the heap. A call to delete must be made for every call to new to avoid a memory leak. information collected from their children

COPPA allows children's Web sites to meet these requirements by complying with approved industry self-regulatory guidelines. The FTC, the federal agency responsible for promulgating the regulations implementing and enforcing COPPA, has approved three "safe-harbor" applications, including those of the Children's Advertising Review Unit of the Council of Better Business Bureaus Inc., ESRB ESRB Entertainment Software Rating Board
ESRB Estrogen Receptor Beta
ESRB Explosive Safety Review Board Privacy Online, (a division of the Entertainment Software Rating Board), and TRUSTe. The FTC has taken an active role in educating the public and Web site operators about COPPA requirements. The Commission hosted two COPPA workshops--one before COPPA became effective and one after to address compliance issues.

Approximately one year after the effective date, the Center for Media Education (CME CME

See: Chicago Mercantile Exchange

CME

See Chicago Mercantile Exchange (CME). ) issued a report, "Children's Online Privacy Protection Act (COPPA)--The First Year," on Web site compliance with COPPA. There had been concern that sites would comply with COPPA by reducing or eliminating online children's activities rather than meeting all of the requirements. CME found, however, that while COPPA had a significant effect on many of these Web sites' marketing and other business practices, many were able to meet the requirements without reducing or eliminating their sites' interactive features. CME reported that compliance issues did arise, however, with respect to the following COPPA requirements:

* A majority of affected sites did not display their privacy policies with a clear and prominent link.

* Many sites were not properly meeting the verifiable parental consent requirements.

* In an effort to ensure that children under 13 do not provide personal information, some Web sites use methods of verifying age that actually encourage age falsification falsification /fal·si·fi·ca·tion/ (fawl?si-fi-ka´shun) lying.

retrospective falsification unconscious distortion of past experiences to conform to present emotional needs. .

Driver's License Information. In 1999, following Image Data's attempts to purchase drivers' photographs from state departments of motor vehicles (DMVs), Congress enacted amendments to the Driver's Privacy Protection Act (DPPA DPPA Driver's Privacy Protection Act
DPPA Denver Police Protective Association
DPPA Dominica Planned Parenthood Association
DPPA Dallas Professional Photographers Association (Texas) ) to further restrict the entities to whom driver's license information may be disclosed. Effective June 1, 2000, the amendments prohibited state DMVs from disseminating drivers' photographs, Social Security numbers, or medical or disability information without first obtaining the drivers' expressed consent.

Certain exceptions to this general probation applied (e.g., dissemination to a government agency; to a court or self-regulatory body; for use by an insurer or an insurance-support organization or self-insurer for claims, antifraud, rating, or underwriting purposes; or to an employer or insurer in connection with a commercial driver's license).

The legislation amending the DPPA replaced the existing "opt-out" system for individual look-ups and bulk distributions of personal information for surveys, marketing, or solicitations with an "opt-in" system. The amendments severely restricted driver's license information as a source of information for individual look-ups and for surveys, marketing, or solicitations because many states chose not to change to an opt-in system or for those states that did change, few individuals opted in.

Personal Information Obtained by Financial Institutions. The collection, use, and disclosure of personal information by financial institutions also has been a focal point focal point
n.
See focus. for privacy protection. During the 106th Congress, financial modernization legislation known as the Gramm-Leach-Bliley Act (GLB (Gramm-Leach-Bliley Act) Enacted in 1999 and effective in mid 2001, the GLB stipulates that every financial institution shall protect the security and confidentiality of its customers' confidential personal information. Act) included privacy protections (Title V). Beginning July 1, 2001, the GLB Act required financial institutions to provide notice and an opportunity to opt-out of disclosures of "nonpublic personal information" to nonaffiliated third parties (exceptions apply). Reaction to the GLB Act has been mixed. Consumers have been inundated in·un·date
tr.v. in·un·dat·ed, in·un·dat·ing, in·un·dates
1. To cover with water, especially floodwaters.

2. with privacy notices, and many have complained that the notices are difficult to understand, according to a 2001 Harris Interactive Harris Interactive (NASDAQ: HPOL) is an American market research company that specializes in public opinion research using both telephone and surveys on online panels. The company is the product of a 1996 merger between the Gordon S. Black Company and Louis Harris & Associates. survey.

In response to these concerns, the FTC, along with the seven other federal regulatory agencies responsible for implementing and enforcing the GLB Act, hosted a public workshop in December 2001 entitled "Get Noticed: Effective Financial Privacy Notices." The purpose of the workshop was twofold: to discuss concerns that have been raised about the clarity and effectiveness of the GLB notices and to provide guidance to financial institutions regarding the form and content of their GLB notices.

Almost immediately after the enactment of the GLB Act, legislation further restricting the release of personal information collected by financial institutions was introduced, including legislation to restrict the sharing of personal information among financial institutions' affiliates.

Health Information Privacy: In 1996, Congress enacted the Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996.

According to the Centers for Medicare and Medicaid Services (CMS) website, Title I of HIPAA protects health insurance coverage for workers and their families when (HIPAA (Health Insurance Portability & Accountability Act of 1996, Public Law 104-191) Also known as the "Kennedy-Kassebaum Act," this U.S. law protects employees' health insurance coverage when they change or lose their jobs (Title I) and provides standards for patient health, ). Under HIPAA, Congress had until August 21, 1999, to pass comprehensive health information privacy legislation. Congress did not meet this deadline and, as a result, the Department of Health and Human Services Noun 1. Department of Health and Human Services - the United States federal department that administers all federal programs dealing with health and welfare; created in 1979
Health and Human Services, HHS (HHS HHS Department of Health and Human Services. ) was required to promulgate To officially announce, to publish, to make known to the public; to formally announce a statute or a decision by a court. health information privacy regulations. These regulations took effect on April 14, 2001, and most entities covered by the regulations must be in compliance by April 14, 2003.

The HIPAA privacy rule requires covered entities--health plans, healthcare clearinghouses, and certain healthcare providers (e.g., those who conduct billing and electronic fund transfers)--to provide certain privacy protections, including:

* written explanations to patients regarding how their health information may be used and disclosed

* patient access to their medical records

* patient consent as a precondition to sharing health information for treatment or payment purposes

* a separate authorization for non-routine disclosures of health information for purposes that are not healthcare related

* patient recourse (e.g., formal complaint process) for privacy violations

Covered entities must also meet privacy safeguard standards

Current Privacy Legislative Initiatives

Privacy legislation continues to be an area of interest for the 107th Congress. During the first session, proposals related to the following privacy issues were introduced:

* financial privacy

* online privacy

* Social Security number privacy

* identity theft

* unsolicited commercial e-mail (spam)

* wireless communication privacy/location

* the establishment of a privacy commission

* general/omnibus privacy

* student privacy

* health information privacy and genetic nondiscrimination

* do-not-call registries

Multiple congressional committees have jurisdiction over privacy-related issues, including the House and Senate Judiciary Committees The U.S. Senate established the Committee on the Judiciary on December 10, 1816, as one of the original 11 standing committees. It is also one of the most powerful committees in Congress; among its wide range of jurisdictions is investigation of federal judicial nominees and oversight of ; the House Financial Services The examples and perspective in this article or section may not represent a worldwide view of the subject.
Please [ improve this article] or discuss the issue on the talk page. Committee and the Senate Banking Committee; the Senate Commerce Committee and the House Energy and Commerce Committee; and the House Ways and Means WAYS AND MEANS. In legislative assemblies there is usually appointed a committee whose duties are to inquire into, and propose to the house, the ways and means to be adopted to raise funds for the use of the government. This body is called the committee of ways and means. Committee.

During the 107th Congress, the Subcommittee on Commerce, Trade and Consumer Protection of the House Energy and Commerce Committee has held a series of six privacy-related hearings. The chairman of the subcommittee, Rep. Cliff Stearns Clifford Bundy "Cliff" Stearns, Sr. (born April 16 1941), American politician, has been a Republican member of the United States House of Representatives since 1989, representing Florida's At-large congressional district (map). He was born in Washington, D.C. (R-Fla.), has also drafted an outline for a privacy bill that would cover both online and offline collection, use, and disclosure of personally identifiable information. The Stearns outline, proposing comprehensive privacy legislation, is a departure from the current U.S. system of providing sector-specific statutory privacy protections and includes the following key elements: pre-emption PRE-EMPTION, intern. law. The right of preemption is the right of a nation to detain the merchandise of strangers passing through her territories or seas, in order to afford to her subjects the preference of purchase. 1 Chit. Com. Law, 103; 1 Bl. Com. 287.
2. ; privacy notice requirements; consumer choice requirements; security requirements; protections against identity theft; protections against Social Security number misuse; an international provision; and a workplace monitoring (e.g., electronic mail, Internet usage) provision.

Current Privacy Regulatory Initiatives

The FTC has become the de facto [Latin, In fact.] In fact, in deed, actually.

This phrase is used to characterize an officer, a government, a past action, or a state of affairs that must be accepted for all practical purposes, but is illegal or illegitimate. federal privacy regulatory agency. In 2001, Timothy Muris was appointed chairman of the FTC. In October 2001, he outlined his privacy agenda. Under Muris, the FTC is focusing on enforcing existing law protecting consumer privacy. He has pledged to increase the FTC's focus on enforcing current privacy statutes with a 50 percent increase in the FTC's enforcement resources. Currently, Muris is not recommending that Congress enact online privacy legislation. At a November 2001 hearing, Muris indicated that his position on this issue could change depending on whether the states begin to enact online privacy legislation.

FTC officials continue to provide further details regarding their privacy agenda. For example, during a December 2001 appearance at the Promotion Marketing Association's annual meeting, Howard Beales, director of the FTC's Bureau of Consumer Protection, stated that the FTC has adopted the position that a privacy policy posted on a company's Web site will be applied to offline privacy practices unless the company explicitly states in its online policy that it applies only to online activities.

Key Components of Effective Privacy Policies

All companies that obtain, maintain, use, and/or disclose personal information about consumers should adopt a privacy policy. When adopting such a policy, it is critical for companies to state what their information practices are and follow their stated privacy policies. Companies may find themselves in trouble and the subject of an FTC action or a lawsuit if their privacy policies do not accurately reflect their practices or if they violate their own stated policies.

The key components of a privacy policy are

* Notice--A company should provide consumers with a clear and conspicuous notice regarding its information practices, including those described below.

* Consumer Choice--A company should provide consumers with an opportunity to decide (e.g., opt-out) whether it may disclose personal information about them to unaffiliated third parties.

* Access and Correction--Companies should provide consumers with an opportunity to access and correct personal information that they have collected about the consumer.

* Security--Companies should adopt reasonable security measures Noun 1. security measures - measures taken as a precaution against theft or espionage or sabotage etc.; "military security has been stepped up since the recent uprising"
security to protect the privacy of personal information. These measures may include administrative security (e.g., access rules for employees and contractors), physical security (e.g., placing computer equipment in secure areas), and technical security (e.g., passwords and firewalls).

* Enforcement--The company should have in place a system by which it can enforce its privacy policy. Some companies rely upon independent third parties to ensure compliance. For example, some companies have obtained privacy seals from BBBOnLine or TRUSTe, both of which require participation in their consumer dispute resolution program and enforcement mechanisms.

Because privacy has become a competitive issue, companies should also be aware of and comply with industry-best practices to ensure that they are meeting industry standards--even those not required by law.

Companies also may want to offer consumers privacy protection through the adoption of various technological tools. For example, one of the technology standards that has emerged recently is the Platform for Privacy Preferences (P3P (Platform for Privacy Preferences) A protocol for sharing private information over the Internet from the World Wide Web Consortium (W3C). A Web site's privacy policy is defined by the Webmaster answering a standard set of multiple-choice questions, which result in ). P3P is a system for matching consumers' online privacy preferences with the privacy practices of participating Web sites.

Privacy is an area of constant, growing activity. To reduce the risk of a lawsuit, an agency action, or a negative news article, companies that obtain, maintain, use, and/or disclose personally identifiable information about consumers must dedicate the appropriate level of resources and personnel necessary to ensure that they comply with the applicable legal requirements and industry best practices.

References

"Children's Online Privacy Protection Act (COPPA)--The First Year." Available at www.cme.org (accessed 10 April 2002).

"FTC Sues Failed Website, Toysmart.com, for Deceptively Offering for Sale Personal Information of Website Operators." Federal Trade Commission. 10 July 2000. Available at www.ftc.gov (accessed 10 April 2002)

Hunt, Albert R. "Americans Look to 21st Century with Optimism and Confidence." Wall Street Journal, 16 September 1999.

Kelley, Christopher M., Alanna Alanna may refer to:

Alanna Ubach, a Puerto Rican actress.
Alanna Kraus, a Canadian skater.
Alanna Nash, an American journalist and biographer.
Alanna Buehring, a crew member on the IPTV show Hak.5.

Denton, and Resa Broadbent. "Privacy Concerns Cost eCommerce $15 Billion." Forrester Research, September 2001.

Kontzer, Tony. "FTC Spreading Its Privacy Net." Information Week, 11 December 2001. Available at www.informationweek.com (accessed 10 April 2001).

Krebs, Brian. "Online Privacy Policies Apply to Offline Data Practices." Newsbytes, 10 December 2001. Available at www.newsbytes.com (accessed 10 April 2001).

McCormick, Gavin. "Judge Approves Toysmart Deal." Boston.internet.com, 30 January 2001.

McCormick, Gavin. "Settlement Reached in Toysmart Case." Boston.internet.com, 12 January 2001.

McCullagh, Declan. "Your Driver's License, For Sale?" Wired News, 1 July 1999.

Mendels, Pamela. "The Rise of the Chief Privacy Officer." Business Week Online, 14 December 2000.

Parker, Pamela. "DoubleClick Drops Controversial Plan" Business News Archives online, 2 March 2000.

Privacy & American Business, 3 October 2001. Alan F. Westin. Available at www.pandab.org (accessed 10 April 2002).

"Privacy Notices Miss the Mark with Consumers." Privacy Leadership Initiative survey summary. Harris Interactive. December 2001.

Rodger, Will. "DoubleClick Backs Off Web-Tracking Plan" USA Today, 7 June 2000.

Roiter, Neil. "The CPO." Information Security, November 2001. Available at www.infosecuritymag.com (accessed 10 April 2002).

Weiss, Murray. "How NYPD NYPD New York City Police Department (since 1845; New York City, NY, USA)
NYPD New York Play Development Cracked the Ultimate Cyberfraud." New York Post The New York Post is the 13th-oldest newspaper published in the United States and the oldest to have been published continually as a daily.^[3] Since 1976, it has been owned by Australian-born billionaire Rupert Murdoch's News Corporation and is one of the 10 , 20 March 2001.

Westin, Alan F. Written testimony before the Subcommittee on Commerce, Trade, and Consumer Protection of the House Energy and Commerce Committee, 8 May 2001.

"Woods's Identity Thief Gets Maximum Sentence." GolfLine, 28 April 2001.

Susan C. Haller, Esq., is an associate with Mullenholz, Brimsek, and Belair law firm in Washington, D.C., and a legal editor of Privacy and American Business. She may be reached at haller123@aol.com.

COPYRIGHT 2002 Association of Records Managers & Administrators (ARMA)
No portion of this article can be reproduced without the express written permission from the copyright holder.

Reader Opinion

Article Details
Printer friendly Cite/link Email Feedback
Author:	Haller, Susan C.
Publication:	Information Management Journal
Geographic Code:	1USA
Date:	May 1, 2002
Words:	3673
Previous Article:	Protecting your identity; private information theft has become a plague on modern society, but you can protect your business and yourself with the...
Next Article:	The ethics of database marketing: personalization and database marketing--if done correctly--can serve both the organization and the customer....
Topics:	Advertising services Data security Management Database industry Marketing Direct marketing E-commerce Safety and security measures Electronic commerce Safety and security measures False personation Prevention Impersonation (Fraud) Prevention Internet services Laws, regulations and rules Market research services Management Marketing industry Laws, regulations and rules Marketing research firms Management Online services Laws, regulations and rules Privacy Privacy, Right of Management Right of privacy Management Security systems industry Web sites Laws, regulations and rules Web sites (World Wide Web) Laws, regulations and rules

Related Articles
No telling. (Internet privacy controls)(Editorial)
Enter Your Personal Information Here (Or not ...).(Brief Article)(Statistical Data Included)
PRIVACY IN THE ONLINE WORLD.(Brief Article)
Public Internet/Private Lives.(Internet privacy laws)
Seal of approval.(Brief Article)
Web Sites Grab More Than Cookies From Kids.(privacy on Web sites targeting children)
Chief privacy officer: your next career? CPOs are a necessity in today's business environment, but no one envies their challenging role of upholding...
The global reach of privacy invasion.
Tapping our wired lives: sovereignty doesn't just apply to nations. Taking a broader brush stroke, it also includes the privacy and identity of the...
E-mail and the law: how to manage privacy issues using the AICPA/CICA framework.(Canadian Institute of Chartered Accountants)