Defining Privacy

Defining Privacy

Privacy can be defined as freedom from the intrusion of others in one s personal life or affairs. Within your enterprise, ensuring privacy will mean complying with the wishes of a person or organization when it comes to their privacy preferences. This can include protecting sensitive information and activities. For example, online shoppers want their credit card information protected as well as the type of purchases they are making. While many individuals will want to protect their personal information, many companies will want to protect their intellectual property.

Sensitive information is any information about a person that could be used to embarrass or discriminate against him or her. Examples of sensitive information include a person s race, age, sex, sexual orientation, religion, ethnicity, national origin, political stance, medical history, and professional or social associations.

As mentioned earlier, you will probably store personal information for individuals and organizations that have different types of relationships with your company. You also may store confidential information about your own company, such as the number of widgets the company has sold. Your company needs to have a strategy in place for ensuring the privacy of sensitive information no matter where it originates. Once you have this strategy in place, you will be on the road to building better customer trust.

Privacy vs. Security

These are the simplified definitions of security and privacy with regard to protecting sensitive information:

• Security

  The protection of sensitive information from individuals that do not have the appropriate level of access

• Privacy

  Complying with the preferences of a person or organization when handling their data

Access to sensitive information should not simply be viewed as allowed or disallowed. Even Read, Write, and Delete access to data should not be applied in a blanket fashion. For example, if you are storing customer contact information and you have a staff of people who spend all their time calling customers, you do not need to give that staff access to your customers e-mail and home addresses. Your company should consider implementing task-based or role-based security that not only restricts the records to which your employees have access but the fields within those records.

The practice of complying with a person s privacy is more complex than you might think. For instance, suppose that you have a business relationship with some customers and you have agreed to send them e-mail messages to keep them updated on certain products. Does that mean that other members of your department can send those customers e-mail messages too? Can you send those customers e-mail messages about product plans that fall outside the parameters of your business relationship? Can you include those customers in your e-mail marketing campaigns? Can you call them on the phone at their home or office unexpectedly? Are you allowed to share their information with other departments in your company or outside business partners?

You should understand your customers preferences for each of these situations and ensure that your employees understand your company s policy for respecting these preferences. Your customers should also be clear about how you will use their personal information. By not taking these factors into account, you risk ruining your company s image and affecting its overall success.

Protecting Consumers from Inappropriate Contact and Tracking

Privacy is often viewed as safeguarding how personally identifiable information is handled. However, privacy does not end there. A person s privacy has to do with more than how you use his data it includes how you interact with him. For instance, inappropriate contact and tracking can be viewed as an invasion of privacy.

Inappropriate Contact

Consider the random spam you receive every day in your Inbox and the telemarketing calls you receive in the evening when you get home from work. These disruptions can be irritating. However, if the contact is expected or welcome, you usually will not be bothered by it.

If during your initial contact with a customer be it in person or via a Web form you inform her that you want to send a short e-mail once a month to update her on a product or service special and you give her the opportunity to agree to or decline this contact, your future e-mails will rarely be viewed as an irritant. Future phone contact can be set up the same way. Construct a contact agreement with your customers and stick to it. This type of policy should be included in your corporate privacy strategy and adopted by all your employees.

Inappropriate Tracking

If you have a Web site that uses cookies or some other mechanism to track visitors browsing habits, this should be clearly stated in your privacy policy. Your company should not track users in a unique fashion without their consent. Furthermore, you should not force your site s visitors to accept cookies unless doing so benefits them in some way. Cookies can help visitors by remembering preferences and selections making it easier for them to navigate your Web site. Anonymous or aggregate tracking of visitors to your Web site is OK. Tracking users to complete their online transactions is also fine, but even then, you should notify users about what you are doing.

Why is tracking the browsing habits of your users more harmful than you might think? Suppose that you visit New York City and as you walk around Manhattan, you notice someone following you and taking notes. You confront the person and he tells you he wants to ensure that you find the items you need easily while shopping in Manhattan. You ask the person to stop following you, but he either ignores you or asks you to leave Manhattan. How would that make you feel? Tracking a user on your Web site is similar to having a stranger look over your shoulder while you surf the Web.