Consumer privacy

Consumer privacy

Consumer privacy laws and regulations seek to protect any individual from loss of privacy due to failures or limitations of corporate customer privacy measures. They recognize that the damage done by privacy loss is typically not measurable, nor can it be undone, and that commercial organizations have little or no interest in taking unprofitable measures to drastically increase privacy of customers - indeed, their motivation is very often quite the opposite, to share data for commercial advantage, and to fail to officially recognize it as sensitive, so as to avoid legal liability for lapses of security that may occur.

Consumer privacy concerns date back to the first commercial couriers and bankers, who in every culture took strong measures to protect customer privacy, but also in every culture tended to be subject to very harsh punitive measures for failures to keep a customer's information private. The Hippocratic Oath includes a requirement for doctors to avoid mentioning ills of patients to others, not only to protect them, but to protect their families - the same basic idea as modern consumer privacy law and regulation, which recognizes that innocent third parties can be harmed by the loss of control of sensitive information, and that therefore there is a responsibility beyond that to the 'customer' or 'client'. Today the ethical codes of most professions very clearly specify privacy measures beyond that for the 'consumer' of an arbitrary service. Those measures are discussed in other articles on medical privacy, client confidentiality and national security - and to a degree in carceral state (where no privacy in any form nor limits on state oversight or data use exist).

Modern consumer privacy law in a recognizable form originated in telecom regulation, when it was recognized that a telco, especially a monopoly (known in most nations as a PTT), had access to unprecedented levels of information about not only the direct customer's communications habits and correspondents, but also that of those who shared his or her household. It was also often the case that telephone operators could hear conversations, inadvertently or deliberately, and were required to dial the exact numbers.

The data gathering required for billing began to become an obvious privacy risk as well. Accordingly, strong rules on operator behavior, customer confidentiality, records keeping and destruction were enforced on telcos in every country. Typically only police and military authorities had powers to 'wiretap' or see records. Even stricter requirements emerged for banks' electronic records - in some countries financial privacy is a major focus of the economy, and penalties for violating it are severe and criminal penalties applied. In Austria in the 1990s mere mention of a client's name in a semi-public social setting was enough to earn a junior bank executive a stiff jail sentence.

Through the 1970s many other organizations in developed nations began to acquire sensitive data, but there were few or no regulations in place to prevent them from sharing or abusing it. Customer trust and goodwill was generally thought to be sufficient in some nations, notably the United States, to ensure protection of truly sensitive data. 'Caveat emptor' applied. But in the 1980s much smaller organizations began to get access to computer hardware and software, and these simply did not have the procedures or personnel or expertise, nor less the time, to take rigorous measures to protect their customers. Meanwhile, via target marketing and rewards programs, they were acquiring ever more data.

Gradually, customer privacy measures alone proved insufficient to deal with the many hazards of corporate data sharing, corporate mergers, employee turnover, theft of hard drives or other data-carrying hardware from work.

Talk began to turn to explicit regulation, especially in the European Union, where each nation had laws that were incompatible, e.g. some restricted the collection, some the compilation, and some the dissemination of data, and it was possible to violate anyone's privacy within the EU simply by doing these things from different places in the European Common Market as it existed before 1992.

Through the 1990s the proliferation of mobile telecom (which typically bills every call), the introduction of customer relationship management and the use of the Internet by the public in all developed nations, brought the situation to a head, and most countries had to implement strong consumer privacy laws, usually over the objections of business.

The European Union and New Zealand passed particularly strong laws that were used as a template for more limited laws in Australia and Canada and some states of the United States (where no federal law for consumer privacy exists, although there are requirements specific to banking and telecom privacy).

After the September 11, 2001, terrorist attacks on the United States, privacy took a back-seat to national security in most legislators' minds. Accordingly concerns of consumer privacy in the United States have tended to go unheard as questions of citizen privacy versus the state, and the development of a police state or carceral state, have occupied advocates of strong privacy measures.

Whereas it may have appeared prior to 2002 that commercial organizations and the consumer data they gathered were of primary concern, it has appeared since then in most developed nations to be much less of a concern than political privacy and medical privacy, e.g. as violated by biometrics. Indeed, people have been stopped at airports solely due to their political views recently (see No-fly list) and there appears to be little public will to stop practices of this nature. Privacy of body or habits may be 'dead', for all practical purposes, until political approaches or threats change.

Customer privacy

Customer privacy measures are those taken by commercial organizations to ensure that confidential customer data is not stolen or abused. Since most such organizations have a strong competitive incentive to retain an exclusive access to these data, and since customer trust is usually a high priority, most companies take some security engineering measures to protect customer privacy.

However, these vary in effectiveness, and would not typically meet the much higher standards of client confidentiality applied by ethical codes or legal codes in banking or law, nor patient privacy measures in medicine, nor rigorous "national security" measures in military and intelligence organizations.

Since they operate for-profit, commercial organizations also cannot spend an unlimited amount on precautions and remain competitive - a commercial context tends to limit privacy measures, and to motivate organizations to share data when working in partnership. This has led to many moral hazards and outrageous customer privacy violation incidents, and has led to consumer privacy laws in most countries, especially in the European Union, Australia, New Zealand and Canada. The United States has no such law and relies on corporate customer privacy to ensure consumer privacy in general.

Some services, notably telecommunications including Internet, imply collecting a vast array of information about user's activities in the course of things, and may also require consultation of these data to prepare bills. Telecom data must be kept for seven years in the US and Canada, to permit dispute and consultation about phone charges. Telecom regulation has always enforced a high level of confidentiality on these very sensitive customer communication bills and the underlying records. However, this approach has to a degree been outmoded as other industries also now gather sensitive data:

Such common commercial measures as software-based customer relationship management, rewards programs and target marketing tend to drastically increase the amount of information gathered (and sometimes shared). These very drastically increase privacy risks, and have accelerated the shift to regulation, rather than relying on corporate desire to preserve goodwill. Companies using coupon programs often set up coupon printers in grocery stores.

See also

External images
Personal Data Ecosystem

External links

Wikimedia Foundation. 2010.

Look at other dictionaries:

  • consumer privacy ombudsman — A person appointed by the court to protect the privacy of a consumer debtor in the event the trustee sells or leases the debtor s property, if it contains personal information on consumers. (Bernstein s Dictionary of Bankruptcy Terminology)… …   Glossary of Bankruptcy

  • Consumer Action — Formation 1971 Location San Francisco, Los Angeles, Washington, DC, OR, United States; Exec. Dir. Ken McEldowney Website www.consumer Con …   Wikipedia

  • Privacy — For other uses, see Privacy (disambiguation). Privacy (from Latin: privatus separated from the rest, deprived of something, esp. office, participation in the government , from privo to deprive ) is the ability of an individual or group to seclude …   Wikipedia

  • Consumer Data Industry Association — The Consumer Data Industry Association is the trade association for the various consumer reporting companies in the USA. It represents around 200 consumer data companies that provide fraud prevention and risk management products, credit and… …   Wikipedia

  • Privacy Rights Clearinghouse — (PRC) is a project of the [ Utility Consumers Action Network] (UCAN), an American 501(c)(3) non profit consumer advocacy organization. The Privacy Rights Clearinghouse is devoted to upholding the right to privacy and… …   Wikipedia

  • Consumer protection — laws designed to ensure fair trade competition and the free flow of truthful information in the marketplace. The laws are designed to prevent businesses that engage in fraud or specified unfair practices from gaining an advantage over competitors …   Wikipedia

  • Privacy law — is the area of law concerning the protection and preservation of the privacy rights of individuals. By definition, most countries treat privacy as the rights of individuals and not institutions. The governments and other organizations collect… …   Wikipedia

  • Privacy-invasive software — is a category of computer software that ignores users’ privacy and that is distributed with a specific intent, often of a commercial nature. Three typical examples of privacy invasive software are adware, spyware and content hijacking programs.… …   Wikipedia

  • privacy — UK US /ˈprɪvəsi/ US  /ˈpraɪvəsi/ noun [U] ► the right that someone has to keep their personal life or personal information secret or known only to a small group of people: »Among the three industries studied, concerns about privacy and security… …   Financial and business terms

  • Consumer Watchdog — This article is about the consumer advocacy organization based in the United States. For the Botswanan organization of the same name, see Consumer Watchdog (Botswana). For other uses, see Consumer watchdog (disambiguation). Consumer Watchdog… …   Wikipedia