Safeguarding the world's new currency; privacy requires a willingness and ability to take a different perspective on how data is and should be used. (Cover Story).At the Core This article: * Discusses the global business issue of privacy * Provides seven basic steps for responding to privacy issues * Explains current international privacy-related laws and regulations Privacy is perhaps one of the most important issues businesses face today. Personally identifiable information In information security and privacy, personally identifiable information or personally identifying information (PII) is any piece of information which can potentially be used to uniquely identify, contact, or locate a single person. has become the world's new currency. It helps companies identify new business opportunities and target new products to specific customers. It helps them operate more efficiently and test new markets. In today's global economy, powerful computers and vast databases have become mega partners to many companies, allowing them to track and store massive amounts of information in ways undreamed of only a few years ago. Personal information is available with just a click of a button, almost instantaneously in·stan·ta·ne·ous adj. 1. Occurring or completed without perceptible delay: Relief was instantaneous. 2. . And in the aftermath of the tragic events that occurred in the United States United States, officially United States of America, republic (2005 est. pop. 295,734,000), 3,539,227 sq mi (9,166,598 sq km), North America. The United States is the world's third largest country in population and the fourth largest country in area. on September 11, 2001, a new privacy landscape has emerged that will dramatically impact businesses of all types and sizes. The balance of privacy and security--the right to know or not know vs. the right to be safe--is likely to take on a new role of mass proportion and greater public focus. The Bottom Line Privacy is a bottom-line business issue. The ability to address consumers' and employees' privacy rights has become a critical factor for success in today's marketplace. More than simply posting a privacy policy online or in a brochure and operating a secure server, businesses must realize that privacy involves a "system life cycle" view of how information is collected, used, and stored. And it includes a change in business attitude and perspective. This is particularly true in an increasingly global market, with new and powerful advancements in Internet technology and databases. Privacy involves more than the Internet, however. It also encompasses how personal information is used, marketed, and distributed in the "brick and mortar See bricks and mortar. " everyday world. Privacy does not mean that an unscalable Adj. 1. unscalable - incapable of being ascended unclimbable scalable - capable of being scaled; possible to scale; "the scalable slope of a mountain" wall should be placed between consumers, employees, and businesses. Businesses want to know their customers. Reliable and accurate data is essential to maintaining a competitive edge and keeping customers happy. Customers, however, must be able to trust how their personal information is used. To effectively manage the personal information of both customers and employees, companies must gain a new understanding of information flows and associated tools. Privacy, like security, is a process. It requires a comprehensive look at the ways data moves within an organization. More importantly, it involves a willingness and ability to take a different perspective on how data is and should be used. Why Privacy? Each individual views privacy from his/her own unique perspective. Therefore, it has been difficult for legal scholars and privacy advocates to agree upon a single, simple definition. Dealing with the details of an individual's life is intensely personal, probably more so than anything else. For businesses, privacy presents both a challenge and an opportunity. How can a business obtain and store the information necessary to customize its services and products without bringing on the distrust of its customers and employees? And, how can it guarantee safety to its customers, while at the same time reserving individuals' rights to privacy? These are tough questions for today's businesses Today's Business is a show on CNBC that aired in the early morning, 5 to 7AM ET timeslot, hosted by Liz Claman and Bob Sellers, and it was replaced by Wake Up Call on Feb 4, 2002. . How they respond to this dilemma is one of the fundamental challenges of the Information Age--and will shape the marketplace for years to come. The current scenario, however, also offers an opportunity for businesses--the chance to take a proactive approach to privacy issues, garnering goodwill from both customers and employees and positively differentiating themselves from the competition. Public Perception For years, businesses and governments viewed personal information as poker poker, card game, believed to have originated in Asia and first played in the United States in the 19th cent. A traditional cutthroat gambling game at first, it is now also an internationally popular social pastime. chips: the more they had, the better. Information was correctly perceived as a valuable commodity that could be used or sold for profit. But times have changed. Businesses and governments now face a serious problem: Consumers are aware of how their personal information is being used, and many don't like it. The explosion of the Internet has accelerated the importance of this issue. The Internet has not only increased businesses' access to personal information, it has made consumers more aware of how that information is used. Numerous surveys indicate that consumers are concerned about privacy, especially online: * 90 percent of registered voters said they find it more difficult to keep personal information confidential today. (Source: Fox News/ Opinion Dynamics Poll. 7-8 June 2000.) * 82 percent of Internet users Internet user n → internauta m/f Internet user Internet n → internaute m/f surveyed said they are concerned about the privacy of personal information they give out on the Internet, as well as the privacy of what they do on the Internet. Of these, 53 percent are "very concerned," and 29 percent are "somewhat concerned." (Source: Gallup Poll Gallup Poll Noun a sampling of the views of a representative cross section of the population, usually used to forecast voting [after G H Gallup, statistician] Gallup poll n → . The Gallup Organization-Princeton, www.gallup.com. September 2000.) * Ninety-two percent of respondents In the context of marketing research, a representative sample drawn from a larger population of people from whom information is collected and used to develop or confirm marketing strategy. from Internet-active households stated that they do not trust online companies to keep their personal information confidential. (Source: "Survey Shows Few Trust Promises on Online Privacy." The New York New York, state, United States New York, Middle Atlantic state of the United States. It is bordered by Vermont, Massachusetts, Connecticut, and the Atlantic Ocean (E), New Jersey and Pennsylvania (S), Lakes Erie and Ontario and the Canadian province of Times. 17 April 2000.) * Ninety-four percent of Internet users want privacy violators to be disciplined. If an Internet company violates its stated privacy policy on personal information use, 11 percent of Internet users said the company's owners should be sent to prison, 27 percent said the owners should be fined, and 26 percent said the site should be placed on a list of fraudulent Web sites. (Source: Fox, Susannah. "Trust and Privacy Online: Why Americans Want to Rewrite re·write v. re·wrote , re·writ·ten , re·writ·ing, re·writes v.tr. 1. To write again, especially in a different or improved form; revise. 2. the Rules." The Pew PEW. A seat in a church separated from all others, with a convenient space to stand therein. 2. It is an incorporeal interest in the real property. And, although a man has the exclusive right to it, yet, it seems, he cannot maintain trespass against a person Internet & American Life Project. August 2000.) * By 2002, the Internet industry faces potential losses of up to $18 billion per year, due solely to privacy concerns. (Source: Sandeep, Junnarker. "Report: Half of Net Users Mistrust Sites." CNET (body) CNET - Centre national d'Etudes des Telecommunications. The French national telecommunications research centre at Lannion. News.com. 17 August 1999. Citing results of study: "Overview, Proactive Online Privacy: Scripting an Informed Dialogue to Allay al·lay tr.v. al·layed, al·lay·ing, al·lays 1. To reduce the intensity of; relieve: allay back pains. See Synonyms at relieve. 2. Consumers' Fears," by Jupiter Communications Inc.) Fair information practices are not confined con·fine v. con·fined, con·fin·ing, con·fines v.tr. 1. To keep within bounds; restrict: Please confine your remarks to the issues at hand. See Synonyms at limit. to e-commerce. Employees also are concerned about their employers' collection and use of personal data. And, there is widespread anxiety about the privacy of medical records, financial records, and information on children. Business Risk On any given day, headlines of major publications decry de·cry tr.v. de·cried, de·cry·ing, de·cries 1. To condemn openly. 2. To depreciate (currency, for example) by official proclamation or by rumor. the loss of privacy and criticize crit·i·cize v. crit·i·cized, crit·i·ciz·ing, crit·i·ciz·es v.tr. 1. To find fault with: criticized the decision as unrealistic. See Usage Note at critique. businesses for the improper use of personal information. The U.S. Congress has responded to the public outcry by scheduling hearings on privacy. Legislation is being considered that would prohibit the sale of customers' personal data during a bankruptcy proceeding. Other proposed legislation would prohibit the use of Social Security numbers. To date, hundreds of bills are pending in Congress addressing a variety of privacy concerns. Privacy issues also are being addressed in courtrooms. In New York, Michigan, California, and Minnesota, government officials have pursued companies for breaching their stated privacy policies. In Texas and other states, litigation An action brought in court to enforce a particular right. The act or process of bringing a lawsuit in and of itself; a judicial contest; any dispute. When a person begins a civil lawsuit, the person enters into a process called litigation. seeking billions of dollars has been filed against companies in damages for misuse of personal information. Globally, businesses also face an increased level of scrutiny and financial risks related to their use of personal information. The exchange of data between companies in different countries is massive, even though controlled to some degree. Privacy Legislation Escalation es·ca·late v. es·ca·lat·ed, es·ca·lat·ing, es·ca·lates v.tr. To increase, enlarge, or intensify: escalated the hostilities in the Persian Gulf. v.intr. in the collection and use of personal information by businesses has resulted in a proliferation proliferation /pro·lif·er·a·tion/ (pro-lif?er-a´shun) the reproduction or multiplication of similar forms, especially of cells.prolif´erativeprolif´erous pro·lif·er·a·tion n. of data use laws and regulations both in the United States and around the world. In Europe, privacy is a fundamental human right. The European Parliament European Parliament, a branch of the governing body of the European Union (EU). It convenes on a monthly basis in Strasbourg, France; most meetings of the separate parliamentary committees are held in Brussels, Belgium, and its Secretariat is located in Luxembourg. passed the Data Protection Directive in 1995. This comprehensive legislation was designed, in part, to accord governmental enforcement of personal privacy rights. Other governments have responded with similar and, in some cases, even more drastic privacy regulations. Canada's federal privacy law, which became effective January 1, 2002, extends privacy protection to all personal data regardless of when the data was collected. Companies doing business in Canada must now review how they handle personal data already collected. Other governments passing significant privacy legislation include Singapore, Australia, Hong Kong Hong Kong (hŏng kŏng), Mandarin Xianggang, special administrative region of China, formerly a British crown colony (2005 est. pop. 6,899,000), land area 422 sq mi (1,092 sq km), adjacent to Guangdong prov. , and Argentina. In the United States, the controversy over the collection and use of personal information has evolved more slowly, but with no less passion. Perhaps because Americans are more accustomed to having businesses use and gather personal information, initial privacy concerns focused on the security and transmission of data rather than on the use of the data. There are hundreds of new laws New Laws: see Las Casas, Bartolomé de. introduced each year in the United States to regulate and severely limit the collection and use of personally identifiable information. Under many of the new privacy laws, potential risks for business include the loss of data flow, costly litigation, criminal prosecution, injunctions, director and officer liability, damage to business reputation, loss of consumer confidence, and toss of market value. However, businesses must now identify, assess, and achieve compliance with these laws and regulations. Privacy Advantage Privacy is not just about legislation and compliance. Privacy in today's fast-paced world is becoming "non-negotiable" for consumers. It is as important as the quality of merchandise, the quality of customer service, and the ability to call a toll-free number. Companies that move quickly and voluntarily to address these privacy concerns will gain in both market share and customer loyalty. Businesses that ignore them, or fight reasonable guidelines guidelines, n.pl a set of standards, criteria, or specifications to be used or followed in the performance of certain tasks. concerning the use of personal information, will likely struggle in the marketplace and never realize the frill potential of e-commerce. Increasingly, consumers want assurance that their personal information will be protected and won't be sold or passed on to third parties without their consent. Some consumers even believe they should be compensated for sharing their personal information. As a result, companies can no longer assume they can acquire this type of information without related costs. Companies that question how much personal information they should collect about a consumer should err on the side of collecting less. The paradigm historically has been for a business to collect all the data it can and then keep it. However, today's views suggest that companies may actually receive more business by asking for less personally identifiable information. What to Do? Companies that take the issue of privacy seriously will be rewarded with consumer goodwill and trust, providing all advantage over competitors that do not act accordingly. Although details may vary across companies and industries, following are seven basic steps that will help most companies proactively respond to privacy issues: 1. Designate des·ig·nate tr.v. des·ig·nat·ed, des·ig·nat·ing, des·ig·nates 1. To indicate or specify; point out. 2. To give a name or title to; characterize. 3. a Chief Privacy Officer Assign responsibility for privacy and related issues to a single individual. This person, the chief privacy officer (CPO (Chief Privacy Officer) An individual who manages the privacy issues within an organization. Arising out of the privacy regulations in finance and health care in the late 1990s, the CPO position eventually crossed over to all industries. ), is in charge of developing, maintaining, and enforcing the company's privacy policy. In a large company, the CPO typically is an executive-level individual who reports directly to the president of the board of directors. A smaller company may designate its corporate counsel or marketing director as its CPO. Regardless of the CPO's position within the company, this individual retains final responsibility for privacy-related issues. (Editor's Note Editor's Note (foaled in 1993 in Kentucky) is an American thoroughbred Stallion racehorse. He was sired by 1992 U.S. Champion 2 YO Colt Forty Niner, who in turn was a son of Champion sire Mr. Prospector and out of the mare, Beware Of The Cat. Trained by D. : Also see article by Pemberton, page 65) 2. Obtain Internal and External Input Good privacy practices require input from the entire company and the marketplace. Rather than impose a policy dictated by upper management, successful companies typically establish an internal privacy committee to gather suggestions and ideas from all employees. Participants in this privacy committee might include representatives from such departments as human resources The fancy word for "people." The human resources department within an organization, years ago known as the "personnel department," manages the administrative aspects of the employees. , marketing, legal, records management, and information technology. Because privacy is a specialized field, even the largest companies may not possess all the internal expertise and manpower needed to successfully address privacy issues. External input from outside legal counsel, trade associations, and/or consulting firms Noun 1. consulting firm - a firm of experts providing professional advice to an organization for a fee consulting company business firm, firm, house - the members of a business organization that owns or operates one or more establishments; "he worked for a also can play an important role in collecting information. 3. Conduct a Data Flow Assessment Once a company has established privacy leadership and input channels, it should conduct a data flow assessment. A thorough understanding of the company's current data management processes is critical to improving privacy performance. A data flow assessment discovers and documents the * types of information a company collects * methods used to collect information * ways a company uses information it receives A data flow assessment also should include forecasts regarding future data needs and uses. A good assessment includes accurate information on both current and future practices. Once completed, an assessment allows a company to understand and mitigate privacy risks as well as aids it in creating new privacy policies designed to generate consumer trust. An ideal follow-up is to publish a written privacy policy that communicates practices to consumers. 4. Provide Data Safeguards Some data is more sensitive than other data; therefore, it requires tighter security measures Noun 1. security measures - measures taken as a precaution against theft or espionage or sabotage etc.; "military security has been stepped up since the recent uprising" security . Companies should establish flexible security strategies that provide different levels of protection, depending on data sensitivity. Businesses also should be aware that some countries classify clas·si·fy tr.v. clas·si·fied, clas·si·fy·ing, clas·si·fies 1. To arrange or organize according to class or category. 2. To designate (a document, for example) as confidential, secret, or top secret. data differently and require greater security than does the United States. For example, Article 8 of the European Union's Directive on Data Protection prohibits data processing data processing or information processing, operations (e.g., handling, merging, sorting, and computing) performed upon data in accordance with strictly defined procedures, such as recording and summarizing the financial transactions of a that reveals "racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership and ... data concerning health or sex life." 5. Track Data Collection Once a company has installed appropriate privacy policies and practices, it should document its data collection methods and the reasons those methods were selected. Such information can be helpful in resolving possible disputes that may arise by providing proof that data was collected legally and with the consent of participating individuals. 6. Create a Means for Dispute Resolution Creating a process for handling complaints and/or disputes is important. Companies should designate an individual--often the CPO--who can serve as a single point of contact for consumer questions and complaints. This individual should have the authority to research concerns and take appropriate actions. To reduce the number of complaints against it, a company also might consider creating ways in which a consumer can examine his/her own data, correct inaccuracies, and delete unwanted information. Such action can help consumers resolve their own problems, save company time, and foster goodwill. However, even the best privacy plans should include provisions for dealing with disputes. A good privacy policy clearly defines methods used for dispute resolution. For example, a company may agree to resolution by qualified third parties, such as BBBOnline or TRUSTe. 7. Ensure Adherence to Policies Follow-through is vital to a company's privacy practices. Companies must be sure they adhere to adhere to verb 1. follow, keep, maintain, respect, observe, be true, fulfil, obey, heed, keep to, abide by, be loyal, mind, be constant, be faithful 2. their own policies. Numerous privacy lawsuits filed by the Federal Trade Commission and state attorneys general offices have been based on failure by companies to comply with their own stated privacy policies. To ensure that policies are followed, a company must successfully communicate its policies to employees, as well as train its staff regarding privacy policies and practices--particularly employees who collect and have access to personal information. Human resources departments also should require new employees to read and sign a copy of the company's privacy policy. In addition, each time a company makes substantive changes to its policy, all employees should read and sign a copy of the new policy. If a company exchanges data with a third party, that party should contractually agree to adhere to the company's privacy standards. Often companies can remove third-party data transfer concerns by simply having customers provide personal information to the third party. For example, an online company might provide a link to a third party's Web site, where consumers can provide required information directly to the third party. Once employee education and training, as well as third-party contracts are completed, the CPO--or other responsible individual--should establish internal checks and balances to ensure ongoing compliance with privacy process. Turning Privacy Risks into Assets Privacy is a "top-down" and "bottom-up" issue affecting all levels of business. Managing privacy involves a wide spectrum of individuals and processes: from the collection of personal information from consumers, to the data flow through a company, to the distribution of that information to outside vendors, to possible illegal access by others through the security system. Businesses that realize that managing privacy properly may be one of the strongest confidence-builders they possess will seize this emerging opportunity and turn privacy risks into privacy assets. They will focus on privacy issues as an extraordinary marketing tool enabling them to establish and maintain trust with customers. Compliance is reactive, but building confidence is proactive. International Laws American companies conducting business abroad must be cognizant cog·ni·zant adj. Fully informed; conscious. See Synonyms at aware. [From cognizance.] Adj. 1. of numerous privacy protection laws, varying from country to country. Because regulations in Europe, Canada, and Latin America Latin America, the Spanish-speaking, Portuguese-speaking, and French-speaking countries (except Canada) of North America, South America, Central America, and the West Indies. restrict or often prevent trans-border transfer of personal information to the United States, it would behoove be·hoove v. be·hooved, be·hoov·ing, be·hooves v.tr. To be necessary or proper for: It behooves you at least to try. v.intr. To be necessary or proper. American companies to craft a single privacy policy that would conform to Verb 1. conform to - satisfy a condition or restriction; "Does this paper meet the requirements for the degree?" fit, meet coordinate - be co-ordinated; "These activities coordinate well" the highest international standards, fitting all countries. Most countries prohibit data transfers to countries that do not provide "equivalent protection." However, there are some differences between the laws of various countries; therefore, it is necessary to become familiar with a particular country's data protection laws prior to initiating data transfer to or from that country. This "equivalency equivalency the combining power of an electrolyte. See also equivalent. " approach is reflected in the Council of Europe's "Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data." The Council of Europe's Convention The Council of Europe's Convention is a European treaty opened for signature in 1981 and agreed to by 19 countries, including all of those in the European Union European Union (EU), name given since the ratification (Nov., 1993) of the Treaty of European Union, or Maastricht Treaty, to the European Community . This Convention is by far the most important Europe-wide agreement regarding the handling of personal information. It requires all signatories to establish equivalent data protection and provide common data protection safeguards. The Convention's most important element is the requirement for data quality, a set of concepts that encompasses most of what is called fair information practices. Data quality requires that personal information be "obtained and processed fairly and lawfully law·ful adj. 1. Being within the law; allowed by law: lawful methods of dissent. 2. Established, sanctioned, or recognized by the law: the lawful heir. , "that information be" stored for specified and legitimate purposes and not used in a way incompatible with those purposes," and that processing of data is limited to circumstances that are "adequate, relevant, and not excessive in relation to the purpose for which they are stored." Other principles provide individuals with the right to access and correct personal information, as well as remedies for violations of these rights. The principle having the greatest impact on U.S.-European commerce is the one stating that the free flow of data between signatories cannot be impeded im·pede tr.v. im·ped·ed, im·ped·ing, im·pedes To retard or obstruct the progress of. See Synonyms at hinder1. [Latin imped ; however, data flow to non-signatories should not occur unless the non-signatory has an equivalent level of data protection. The United States is not a signatory sig·na·to·ry adj. Bound by signed agreement: the signatory parties to a contract. n. pl. sig·na·to·ries One that has signed a treaty or other document. nation; therefore, it is considered to have a non-equivalent level of protection. Signatory nations are expected to have provisions that prohibit data transfers to countries that do not provide minimum standards of protection. The EU Directive (European Union Directive) A set of privacy requirements that took effect in 1998 and ordered European member nations to enact compliant legislation. It deals with the establishment of Data Protection Authorities, people's rights to personal information and enforcement. The EU Directive on Data Protection significantly restricts European companies It may never be fully completed or, depending on its its nature, it may be that it can never be completed. However, new and revised entries in the list are always welcome. This is a list of companies from the countries in the European Union. (and U.S. companies with European subsidiaries) from trans-border transfers of data to countries that do not have an "adequate level of protection" for personal information. Because the United States is considered to be among these, companies and some governments in the EU are restricted from transferring data to American trading American Trad (also known as AmerTrad or simply Trad in the United States) is a men's clothing style that was influenced by early Brooks Brothers clothes and its amalgam of Anglo-American style; as well as by the natural-shouldered Ivy League clothing style of the partners. The EU Directive became effective on October 25,1998, and applies to all processing of personal information by any person or organization, both private and governmental, that is governed by the directive. The Directive is "harmonizing"--meaning it requires each EU member to implement its own equivalent legislation. If a member fails to implement laws by a certain date or passes laws deemed incomplete or incorrect, its citizens and/or data protection commissioners can look to the Directive for compliance assistance. The Directive epitomizes the fair information practices, but also provides a highly restricted category of information--including religion, trade-union membership, and sexuality--that is subject to even greater prohibitions on processing. Although the Directive prohibits transfer of data in the absence of adequate levels of protection, there are certain exceptions. These include, for example, when an individual has given unambiguous consent to the transfer, or when the company receiving the data has given contractual assurances of adequate protection. Safe Harbor Safe Harbor 1. A legal provision to reduce or eliminate liability as long as good faith is demonstrated. 2. A form of shark repellent implemented by a target company acquiring a business that is so poorly regulated that the target itself is less attractive. The Convention and the EU Directive pose a direct challenge to American companies conducting business in Europe--because they severely limit the transfer of personal data out of EU countries to the United States. After months of negotiations, the EU and the United States created a set of "safe harbor" guidelines. These guidelines became operational on November 1,2000, and are administered through the U.S. Department of Commerce. Safe Harbor allows American companies that have shown they satisfy the "adequate level of security protection" required by the EU Directive to transfer data on EU citizens to the United States. It also requires all EU members to recognize the Safe Harbor for a U.S. company that has been certified See certification. as compliant. And it provides provisions for EU citizens to bring claims against U.S. companies for violations. Entering Safe Harbor is a voluntary decision. Companies that choose to do so are required to * publicly declare their intentions * self-certify annually to the U.S. Department of Commerce that they are in compliance * include a statement in their privacy policy that they are adhering to Safe Harbor guidelines To date, 176 U.S. companies have self-certified. Canadian Laws Canada enacted extensive privacy legislation on a national level in 1998. This law, entitled en·ti·tle tr.v. en·ti·tled, en·ti·tling, en·ti·tles 1. To give a name or title to. 2. To furnish with a right or claim to something: the Personal Information Protection and Electronic Documents Act The Personal Information Protection and Electronic Documents Act (abbreviated PIPEDA or PIPED Act) is a Canadian law relating to data privacy. It governs how private-sector organizations collect, use and disclose personal information in the course of commercial , became effective January 1, 2002, and protects all data collected by companies on Canadian citizens, regardless of when it was collected. The lack of a grandfather clause grandfather clause, provision in constitutions (adopted 1895–1910) of seven post–Reconstruction Southern states that exempted those persons who had been eligible to vote on Jan. requires companies conducting business in Canada to examine their information handling procedures to ensure that all information, even that already collected, is protected from disclosure. Canada's law implements the following 10 principles: 1. Accountability--The organization controlling data is responsible for the information and must appoint a responsible individual. 2. Identifying Purposes--The organization must identify and document the purpose for the information prior to collecting it. 3. Consent--Except where inappropriate, the organization must obtain knowledgeable consent from the individual prior to collection. 4. Limiting Collecting--The organization must collect only that information which is necessary for the identified purpose. 5. Limiting Use, Disclosure, and Retention--Information may only be used for identified purposes; disclosure must be limited, except where prior consent is obtained, and data must be destroyed when no longer required. 6. Accuracy--Information must be kept as accurate as reasonably necessary. 7. Safeguards--Information collected must be guarded from loss, theft, and tampering tampering The adulteration of a thing. See Drug tampering. . Organizations should consider policies that include encryption The reversible transformation of data from the original (the plaintext) to a difficult-to-interpret format (the ciphertext) as a mechanism for protecting its confidentiality, integrity and sometimes its authenticity. Encryption uses an encryption algorithm and one or more encryption keys. of data. 8. Openness--The organization must provide readily available information regarding its information collection policies and practices. 9. Individual Access--Individuals have a right to determine the existence, use, and disclosure of personal information about themselves. They also have a right to challenge accuracy and to require correction of inaccuracies. 10. Challenge Compliance--Individuals have a right to challenge an organization's compliance with the above principles. The Canadian privacy law applies to all commercial activities, as defined in the trade and commerce section of the Canadian Constitution. It applies to all personal information including information about employees--but does not apply to provincial public sectors, municipalities, or universities. The legislation acts as a floor privacy rule and it is up to the Individual Canadian provinces Noun 1. Canadian province - Canada is divided into 12 provinces for administrative purposes province, state - the territory occupied by one of the constituent administrative districts of a nation; "his state is in the deep south" to create tighter laws within their jurisdiction. Gary Clayton Gary Clayton (born Sheffield, 2 February 1963) is an English former professional footballer. He also represented the England semi-professional football team.[1] , J.D., is founder and Chairman of the Board of the Privacy Council, which provides consulting services Noun 1. consulting service - service provided by a professional advisor (e.g., a lawyer or doctor or CPA etc.) service - work done by one person or group that benefits another; "budget separately for goods and services" and knowledge products for privacy and data protection solutions. Over the past decade, Clayton has worked closely with U.S. and global business leaders and policymakers on Internet, technology, privacy, security, and data protection issues. He may be reached at gary.clayton@privacycouncil.com. |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion