Monday, 19 November, 2007 7:08 PM
How Businesses Can Protect Their
tougher to maintain, especially with identity theft on the rise.
With this in mind, growing numbers of Americans are making demands
on corporate America to treat their personal information with secrecy.
According to a Harris Poll sponsored by Microsoft, 60% of Americans
said they’ve decided not to support a store because of doubts
about that store’s privacy protections. What is surprising
is that it isn’t just marketers that are trying to access
personal information. The government has drafted private industry
for “data collection duty” in the war on terror.
So how can businesses
keep customers’ personal information under wraps when the
U.S. Patriot Act allows the government to collect copious amounts
of this sort of information? Jacqueline Klosek, an attorney and
author of the new book, “The War on Privacy,” advises
clients on issues related to data privacy and security. As a Certified
Information Privacy Professional, Klosek believes private industry
faces a precarious balance, trying to simultaneously maintain consumer
privacy while also complying with governmental demands for information.
"This issue is not
going to just disappear,” says Klosek. “The war on terror
has reduced privacy rights in the United States and around the world.
The bottom line is whether the feds are leaning on your company
for records or you’ve suffered a security breach by hackers,
your reputation is at stake and you’ve lost your customers’
Klosek routinely advises
businesses to follow all privacy measures required by law. In addition
to these measures, she offers her clients the following additional
1. Conduct an Internal
Audit. Before you can inform your consumers about your privacy policies
and practices, you must first understand what they are. Businesses
should conduct an internal audit to understand: what data they are
collecting, how they are using that data, with whom they are sharing
that data, how that data is being protected and related issues.
2. Develop a Privacy
Policy. Once the company’s policies and plans for collecting
and using customer information are clarified, these policies should
can be contacted in regards to information and the types of third
parties that will have access to such information. Also, be sure
to follow all laws and legal requirements in this regard.
3. Be Broad. When drafting
This will give your company greater latitude if you are forced by
the government to hand over data or are faced with other potentially
unanticipated events such as corporate restructuring, mergers and
4. Plan Ahead and Be
Prepared for the Inevitable. Anticipate the fact that your company
could face a government subpoena demanding your client’s personal
information records. By understanding that this can happen, you
can suitably prepare your policies in order to set your clients’
and customers’ expectations regarding the privacy of their
personal information. This may help you to avoid making a strong
privacy promise to consumers that governmental demands will not
allow you to keep.
5. Seek Prior Consent.
It’s a smart idea to obtain prior consent from your consumers/clients
about potential personal data transfers that could be subpoenaed
by the government. The same holds true for other types of transfers,
including transfers to business partners and service providers.
6. Conduct Due Diligence
When Outsourcing. Examine the third-party service provider’s
experience with privacy and data security. Investigate any privacy
complaints the service provider has faced and make sure you’re
complying with all U.S. and foreign laws when outsourcing.
7. Protect Your Website.
It’s good practice to implement a web monitoring program that
automatically runs privacy scans to ensure that the site hasn’t
been compromised and that privacy measures remain intact.
privacy is becoming a more cumbersome task with the advances in
technology and the war on terror. “Ironically, the erosion
of individual privacy rights here and abroad occurs under the guise
of enhancing national security,” says Klosek. “The surprising
fact is that this so-called greater protection renders private citizens
more exposed than ever before.”
Jacqueline Klosek is
a Senior Counsel in Business Law Department of Goodwin Procter LLP,
where she practices in the Intellectual Property Practice Area.
She is the author of two prior books: ‘The Legal Guide to
e-Business” and “Data Privacy in the Information Age”
as well as numerous articles.
Klosek is a Certified Information Privacy Professional. She serves
on the Advisory Board for “The Privacy Advisor” of the
International Association of Privacy Professional and is the co-chair
of the International Working Group of that organization. She is
also an active member of the American Bar Association, the International
Bar Association and the International Association of Young Lawyers.
Klosek is a graduate of the Vrije Universiteit in Brussels (LLM,
European and International Law); Benjamin N. Cardozo School of Law
(JD, Law) and New York University (BA, Psychology).
Available At: www.amazon.com,