Compromising customers' privacy. (Up front: news, trends & analysis).
According to a 2002 CSO magazine survey of almost 800 organizations, 45 percent of companies have supplied customer, employee, or business partner data to U.S. government or law enforcement agencies in compliance with court orders stemming from recent legislation. In addition, the survey revealed that 41 percent of respondents said they were willing to share information without a court order if they believe it is in the interest of national security.
But experts warn that this eagerness to help the government could leave companies open to litigation. As recently noted in CIO magazine, businesses that will give information to government agencies when required by law should amend their privacy policies to state that they will do so, but that's just a first step. The best protection against litigation is to have a company-wide policy--set at the executive level and distributed to every employee--that explicitly states what happens if and when law enforcement requests data.
Section 215 of the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (Patriot Act) amends the Foreign Intelligence Surveillance Act of 1978 to allow much broader access to private data. Specifically, section 215 says that federal agents "may make an application for an order requiring the production of any tangible things (including books, records, papers, documents, and other items) for an investigation to protect against international terrorism or clandestine intelligence activities." This law grants the FBI access to library records, video rentals, bookstore purchases, and business records.
As a result of the Patriot Act and Sarbanes-Oxley Act of 2002, companies have been updating their infrastructures to meet the IT costs of data-sharing requirements, but they may not be amending their privacy policies to reflect the new legislation and protect themselves. CIO found that in the two years since September 11, 2001, supermarket chains, home improvement stores, and others have voluntarily handed over large databases of customer records to federal law enforcement agencies, almost always in violation of their stated privacy policies.
According to a recent CIO article "What to Do When Uncle Sam Wants Your Data," under the Patriot Act the government has a right to businesses' data. Businesses, however, are caught in the middle--forced to compromise their customers' and partners' privacy to meet the new mandates. The article notes that although the Patriot Act may provide protection against lawsuits for companies that comply with court orders and subpoenas for data, organizations that turn over records voluntarily are not protected. Therefore, companies that don't have the right language in their privacy statements or the proper process for handling data requests could find themselves in serious trouble.
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||companies supplying data to U.S. government could leave them open to litigation|
|Publication:||Information Management Journal|
|Date:||Jul 1, 2003|
|Previous Article:||U.S. data-mining spurs investigations in Latin America. (Up front: news, trends & analysis).|
|Next Article:||Sorry ... that's classified. (Up front: news, trends & analysis).|