Privacy is a
complicated issue for businesses
With
identity theft surfacing as a major problem worldwide and businesses being
warned that they could be liable if personal information is not protected,
California state government has emerged as one of the leaders in privacy
protection.
The
goal is not only to protect California’s databases from identity theft, but
also to help residents learn how to protect themselves.
Beginning
Jan. 1, California merged its Office of Privacy Protection with the state’s
Information Security Office to form the Office of Information Security and
Privacy Protection, which is headed by Joanne McNabb, who has been with the
Office of Privacy Protection since 2001. Her new job focuses on combating
electronic identity theft and helping businesses learn about the latest
protection technology available.
One
of McNabb’s principal contacts to achieve this goal has been Beth Givens,
director of the Privacy Rights Clearinghouse, a non-profit agency based in San
Diego. In fact, McNabb calls Givens her “most inspirational person.”
Givens
has been working in the consumer-protection industry since 1992 and thinks the
new state agency has “tremendous potential” as long as it works to protect
privacy as well as information.
Since
2003, California has led other states on issues concerning data privacy and
businesses.
Financial
institutions are required to contact consumers if personal information is
compromised under a law that applies to all firms that do business with
residents of California. Since then, other states have passed similar laws.
Last
October, Gov. Arnold Schwarzenegger vetoed a bill that would have made
merchants responsible for reissuing credit cards if there were privacy issues
with consumers. The new state agency, however, should be a better solution for
the growing problem, Givens said.
In
an effort to help businesses protect consumers’ privacy, Givens has written or
co-authored several books, including “The Privacy Rights Handbook: How to Take
Control of Your Personal Information,” published in 1997 by Avon, and “Privacy
Piracy: A Guide to Protecting Yourself from Identity Theft,” released in 1999.
She
also maintains a website, www.privacyrights.org, which McNabb’s office uses on
a regular basis. Givens also has traveled to Sacramento to brief McNabb on
privacy issues.
Givens
provides consumer help and information for business owners online as well as
through personal consultation.
Because
privacy extends to the international market, some business owners need to know
applications that affect their dealings in other countries.
Along
this line, a book recently released with information about international
business and privacy is “The War on Privacy,” by attorney Jacqueline Klosek. Published in 2007 by Praeger Publishers, a division of Greenwood Publishing
Group of Westport, Conn., the book details privacy problems on several levels
from a business perspective.
The
book also identifies problems individuals and businesses face with the passage
of the USAPATRIOT Act, which allows government agencies to collect information
that might pertain to the international war on terror.
Klosek explained that private industry faces
a precarious balance trying to maintain consumer privacy while complying with
government demands for information.
“This
issue is not going to just disappear,” said Klosek.
“The war on terror has reduced privacy rights in the United States and around
the world. The bottom line is whether the feds are leaning on your company for
records or you’ve suffered a security breach by hackers, your reputation is at
stake and you’ve lost your customers’ trust.”
In
addition to advising businesses to follow all privacy measures required by law,
Klosek offers other tips, such as:
1.
Conduct an internal audit – decide on your business’ privacy policies, then
what data should be collected, what can be shared and what needs to be
protected;
2.
Develop a privacy policy – a company privacy policy needs to clearly state how
the company can be contacted if there are concerns;
3.
Be broad – this gives greater latitude if there is a
need to hand over data or the business faces corporate restructuring, mergers
and acquisitions;
4.
Plan ahead – avoid making a strong privacy promise to consumers that
governmental demands will not allow;
5.
Seek prior consent – this allows potential personal data transfers that could
be subpoenaed by the government; and
6.
Protect the business website – implement a web monitoring program that
automatically scans data to ensure that privacy measures remain intact.
Because
of California’s focus on privacy issues, both locally and on an international
level, the International Association of Privacy Professionals awarded the
state’s Office of Privacy Protection a certificate last December for its
contribution to consumer privacy.
“The
California privacy office is a truly innovative approach to consumer protection
and business outreach,” remarked an Innovation Award judge.
“There
is no other state with the same level of outreach, experience and resources
aligned to this topic. A business may not always like a particular
privacy-related law, but the level of guidance and support given is unmatched,”
the judge said.
Responding
to the achievement, McNabb said, “We are honored to receive this award and
proud to be contributing to California’s leadership role in protecting consumer
privacy.”
In
an continuing effort to assist leaders from business, government, law
enforcement, education and community groups, McNabb’s office has scheduled a
two-day conference Mar. 4-5 at the Marriott Hotel and Convention Center at the
Burbank Airport on cyber safety, privacy and identity theft, co-sponsored by
the California Department of Consumer Affairs, the California Office of Privacy
Protection and the State and Consumer Services Agency.
The
program includes panel discussions and workshops.
Topics at the workshops include protecting card data,
privacy breach response, Internet safety, computer viruses, safe social
networking practices, and medical identity theft. To attend or read about the
event, visit www.cybersafety.ca.gov.