Printer Friendly

Compromising customers' privacy. (Up front: news, trends & analysis).

Does your organization share customer or employee data with the U.S. government? Does it inform individuals that it does so?

According to a 2002 CSO magazine survey of almost 800 organizations, 45 percent of companies have supplied customer, employee, or business partner data to U.S. government or law enforcement agencies in compliance with court orders stemming from recent legislation. In addition, the survey revealed that 41 percent of respondents said they were willing to share information without a court order if they believe it is in the interest of national security.

But experts warn that this eagerness to help the government could leave companies open to litigation. As recently noted in CIO magazine, businesses that will give information to government agencies when required by law should amend their privacy policies to state that they will do so, but that's just a first step. The best protection against litigation is to have a company-wide policy--set at the executive level and distributed to every employee--that explicitly states what happens if and when law enforcement requests data.

Section 215 of the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (Patriot Act) amends the Foreign Intelligence Surveillance Act of 1978 to allow much broader access to private data. Specifically, section 215 says that federal agents "may make an application for an order requiring the production of any tangible things (including books, records, papers, documents, and other items) for an investigation to protect against international terrorism or clandestine intelligence activities." This law grants the FBI access to library records, video rentals, bookstore purchases, and business records.

As a result of the Patriot Act and Sarbanes-Oxley Act of 2002, companies have been updating their infrastructures to meet the IT costs of data-sharing requirements, but they may not be amending their privacy policies to reflect the new legislation and protect themselves. CIO found that in the two years since September 11, 2001, supermarket chains, home improvement stores, and others have voluntarily handed over large databases of customer records to federal law enforcement agencies, almost always in violation of their stated privacy policies.

According to a recent CIO article "What to Do When Uncle Sam Wants Your Data," under the Patriot Act the government has a right to businesses' data. Businesses, however, are caught in the middle--forced to compromise their customers' and partners' privacy to meet the new mandates. The article notes that although the Patriot Act may provide protection against lawsuits for companies that comply with court orders and subpoenas for data, organizations that turn over records voluntarily are not protected. Therefore, companies that don't have the right language in their privacy statements or the proper process for handling data requests could find themselves in serious trouble.
COPYRIGHT 2003 Association of Records Managers & Administrators (ARMA)
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2003, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:companies supplying data to U.S. government could leave them open to litigation
Author:Swartz, Nikki
Publication:Information Management Journal
Geographic Code:1USA
Date:Jul 1, 2003
Previous Article:U.S. data-mining spurs investigations in Latin America. (Up front: news, trends & analysis).
Next Article:Sorry ... that's classified. (Up front: news, trends & analysis).

Related Articles
Protecting Online Privacy to Avoid Liability.
New BNA Publications cover employment and Privacy Laws.
The global reach of privacy invasion.
U.S. data-mining spurs investigations in Latin America. (Up front: news, trends & analysis).
U.S. to start airline background checks.
Database nation: the upside of "zero privacy".
Privacy issues: getting noticed; Privacy has become a bottom-line business issue, and companies around the globe are seeing value in ramping up...
"Privacy and Data Security Review" from Sheshunoff.
How much is your customer's trust worth?
Senate Judiciary Chairman wants strict data-security measures.

Terms of use | Privacy policy | Copyright © 2022 Farlex, Inc. | Feedback | For webmasters |