| Power Lunch and ... |
a Power Lunch*
and a feature story
- on you - in Backbone
and an iPhone or a BlackBerry
To enter...
Fill out a readership survey
(confidential)
*with Dave Chalk, technology expert and our editor, Peter Wolchak |
|
|
| Mandatory privacy is on the way |
September 4, 2001 |
By Eve Lazarus
Stephanie Perrin was the first chief privacy officer (CPO) in Canada. There was nothing surprising about the appointment, which occurred at Zero-Knowledge Systems of Montreal in April 2000. Privacy is the company’s business and Perrin, the former director of privacy policy for Industry Canada and the architect behind the government’s Personal Information Protection and Electronic Documents Act, was qualified for the task.
What may startle some, however, is that the above piece of privacy legislation, which came into force last January, will soon have a profound effect on almost every company in Canada. In less than three years, companies must have a CPO, or at least a staff member accountable for privacy. The CPO or equivalent will be charged with figuring out what personal information the company holds, who has access to it and what has been done to it. Most importantly, the company must obtain consent from every individual on which it has collected information and must be willing and able to divulge this data on request.
The act also requires the company ensure its processes and systems support its policies protecting personal information. And such information is far-reaching, as companies often collect data on age, name, blood type, loan, credit and medical records, as well as employee files complete with employer comments and opinions.
To make the situation more complex, back-end systems often weren’t set up with privacy concerns in mind. "There are many companies that are already subject to the law and who do not know it yet," Perrin said.
Banks, airlines and other federally regulated companies, as well as list marketers, must already comply with the requirements of the act, but by January 2004 almost every company, no matter the size or nature of its business, will have to as well.
This issue has a tangible bottom-line effect, Perrin said. "The public is not going to (extensively) use electronic commerce until the trust level goes up."
Gathering the facts
Companies have always gathered information about their employees and customers, but with the Internet’s ability to track customers click by click, and the race to find high-value customers and form relationships with them, consumers have every right to be concerned about privacy. And, while companies may believe that getting to know customers is in their own best interest, public outrage is increasing at the idea that marketers may sell or trade information about their favourite brand of toilet paper (loyalty cards), their long distance calling habits (telephone bills) or the size and make of their jeans (clothing retailers).
The fact is, in a virtual world, collecting personal data is simpler, faster and easier than ever.
Within legal limits
Philippa Lawson, counsel for the Ottawa-based Public Interest Advocacy Centre, believes the new law is long overdue.
"We have moved from a situation where individual privacy was protected by default, just by reason of our technological primitiveness, to a situation where some people say we have no privacy anymore," she said. "The technology and market practices have developed way beyond our laws or social and ethical principals; we haven’t had a chance as a society to make a determination as to how much privacy we want as individuals because the technology and the business just went ahead and invaded it."
Peter Cullen, CPO of the Royal Bank in Toronto, said companies who ignore this legislation do so at their peril.
A rash of class action suits has occurred in the U.S. and Cullen estimates settlements totalled about US$50 million in privacy lawsuits in the first four months of the year. Companies such as RealNetworks, Toys "R" Us and Microsoft have been caught up with various consumer privacy violations.
"DoubleClick [the New York-based Internet advertising company] is a marvelous example of the penalties," Cullen said. "They have experienced a 70 per cent drop in market capitalization as a result of being linked to a privacy issue. That was some three years ago and to this day they cannot escape that."
A leg up on the competition
In Canada, the law does not financially penalize companies for non-compliance, but many feel that privacy has become a customer expectation and say some will use it as another marketing tool to differentiate themselves from the competition.
Kelli Gayford, a senior associate at the Vancouver office of Korn/Ferry International, an executive search firm with offices across Canada, said it has yet to get a request for a CPO, but expects this to change as 2004 nears.
"Boards and CEOs will have to weigh the addition of a new layer with a senior management team appointment, along with the cost. But I guess if it saves you a lawsuit, what is the cost?"
As of July 1, there was a handful of CPOs in Canada and a total of 150 in North America. Estimates by the newly-formed Association of Corporate Privacy Officers (ACPO) out of Hackensack, N.J., are that by 2003 this number will be in the hundreds of thousands. ACPO estimates a typical CPO earns between US$125,000 and US$145,000 and reports to either the CEO or to the board of directors.
CPOs come from different backgrounds; some are lawyers, others from compliance. In Cullen’s case, he spent time in Royal Bank’s branch network, worked in human relations and managed customer loyalty programs.
"The simplest way to describe it in our organization is to use the analogy of a stool: there are three legs to it, one is the legal and regulatory requirement, the other is the technology—the e-world—and the other is what the customer expects and needs. My job is to make sure that all three of those things converge," Cullen said.
He reports to both the head of marketing and the head of e-business and places his job in the top one per cent of the organization.
Few guiding hands
One problem with the privacy law is there is little in the way of guidelines and training courses to teach a CPO the ropes. However, a cottage industry of privacy consultants is springing up, and companies such as Zero-Knowledge are coming out with software to help CPOs manage privacy issues.
"The worst nightmare for a CPO is to think that your organization is doing one thing and discover it’s doing another," Perrin said. "If you go to a CPO gathering there are a lot of people who are new in the job who look like deer in the headlights. They have discovered that they have personal data and they haven’t a clue where it is and how they are going to rein it in and get it back in the corral."
|
|
|
| Top 300 Issue |
 
|
| Gadget of the Week (Canadian) |
|
Where did I put that darn headset?
Cardo S-800
Bluetooth headsets are very useful - until you misplace them. When you lose the attractive little S-800, you use your phone to signal the headset to start buzzing.
more>>
|
| Gadget of the Week (Japanese) |
Sounds of Japan
Why record just the visual when you can capture the sounds as well.
more>> |
| Backblog RSS feed |
Click to subscribe  |
|
sponsored by 
