Consumer privacy
Encyclopedia
Consumer privacy laws and regulations seek to protect any individual from loss of privacy due to failures or limitations of corporate customer privacy measures. They recognize that the damage done by privacy loss is typically not measurable, nor can it be undone, and that commercial organizations have little or no interest in taking unprofitable measures to drastically increase privacy of customers - indeed, their motivation is very often quite the opposite, to share data for commercial advantage, and to fail to officially recognize it as sensitive, so as to avoid legal liability for lapses of security that may occur.
Consumer privacy concerns date back to the first commercial couriers and bankers, who in every culture took strong measures to protect customer privacy, but also in every culture tended to be subject to very harsh punitive measures for failures to keep a customer's information private. The Hippocratic Oath
includes a requirement for doctors to avoid mentioning ills of patients to others, not only to protect them, but to protect their families - the same basic idea as modern consumer privacy law and regulation, which recognizes that innocent third parties can be harmed by the loss of control of sensitive information, and that therefore there is a responsibility beyond that to the 'customer' or 'client'. Today the ethical code
s of most professions very clearly specify privacy measures beyond that for the 'consumer' of an arbitrary service. Those measures are discussed in other articles on medical privacy
, client confidentiality
and national security
- and to a degree in carceral state
(where no privacy in any form nor limits on state
oversight or data use exist).
Modern consumer privacy law in a recognizable form originated in telecom regulation, when it was recognized that a telco
, especially a monopoly
(known in most nations as a PTT
), had access to unprecedented levels of information about not only the direct customer's communications habits and correspondents, but also that of those who shared his or her household. It was also often the case that telephone operators could hear conversations, inadvertently or deliberately, and were required to dial the exact numbers.
The data gathering required for billing began to become an obvious privacy risk as well. Accordingly, strong rules on operator behavior, customer confidentiality, records keeping and destruction were enforced on telcos in every country. Typically only police and military authorities had powers to 'wiretap' or see records. Even stricter requirements emerged for banks' electronic records - in some countries financial privacy
is a major focus of the economy, and penalties for violating it are severe and criminal penalties applied. In Austria
in the 1990s mere mention of a client's name in a semi-public social setting was enough to earn a junior bank executive a stiff jail sentence.
Through the 1970s many other organizations in developed nations began to acquire sensitive data, but there were few or no regulations in place to prevent them from sharing or abusing it. Customer trust and goodwill was generally thought to be sufficient in some nations, notably the United States
, to ensure protection of truly sensitive data. 'Caveat emptor
' applied. But in the 1980s much smaller organizations began to get access to computer hardware and software, and these simply did not have the procedures or personnel or expertise, nor less the time, to take rigorous measures to protect their customers. Meanwhile, via target marketing and rewards programs, they were acquiring ever more data.
Gradually, customer privacy measures alone proved insufficient to deal with the many hazards of corporate data sharing, corporate mergers, employee turnover, theft of hard drives or other data-carrying hardware from work.
Talk began to turn to explicit regulation, especially in the European Union
, where each nation had laws that were incompatible, e.g. some restricted the collection, some the compilation, and some the dissemination of data, and it was possible to violate anyone's privacy within the EU simply by doing these things from different places in the European Common Market as it existed before 1992.
Through the 1990s the proliferation of mobile telecom (which typically bills every call), the introduction of customer relationship management
and the use of the Internet
by the public in all developed nations, brought the situation to a head, and most countries had to implement strong consumer privacy laws, usually over the objections of business.
The European Union
and New Zealand
passed particularly strong laws that were used as a template for more limited laws in Australia
and Canada
and some states of the United States
(where no federal law for consumer privacy exists, although there are requirements specific to banking and telecom privacy).
After the September 11, 2001, terrorist attacks on the United States
, privacy took a back-seat to national security
in most legislators' minds. Accordingly concerns of consumer privacy in the United States
have tended to go unheard as questions of citizen privacy versus the state, and the development of a police state
or carceral state
, have occupied advocates of strong privacy measures.
Whereas it may have appeared prior to 2002 that commercial organizations and the consumer data they gathered were of primary concern, it has appeared since then in most developed nations to be much less of a concern than political privacy
and medical privacy
, e.g. as violated by biometrics
. Indeed, people have been stopped at airports solely due to their political views recently (see No-fly list) and there appears to be little public will to stop practices of this nature. Privacy of body or habits may be 'dead', for all practical purposes, until political approaches or threats change.
measures to protect customer privacy.
However, these vary in effectiveness, and would not typically meet the much higher standards of client confidentiality
applied by ethical code
s or legal code
s in banking or law
, nor patient privacy measures in medicine, nor rigorous "national security
" measures in military and intelligence organizations.
Since they operate for-profit, commercial organizations also cannot spend an unlimited amount on precautions and remain competitive - a commercial context tends to limit privacy measures, and to motivate organizations to share data when working in partnership. This has led to many moral hazard
s and outrageous customer privacy violation incidents, and has led to consumer privacy laws in most countries, especially in the European Union
, Australia
, New Zealand
and Canada
. The United States
has no such law and relies on corporate customer privacy to ensure consumer privacy in general.
Some services, notably telecommunications including Internet
, imply collecting a vast array of information about user's activities in the course of things, and may also require consultation of these data to prepare bills. Telecom data must be kept for seven years in the US and Canada, to permit dispute and consultation about phone charges. Telecom regulation has always enforced a high level of confidentiality on these very sensitive customer communication bills and the underlying records. However, this approach has to a degree been outmoded as other industries also now gather sensitive data:
Such common commercial measures as software-based customer relationship management
, rewards programs and target market
ing tend to drastically increase the amount of information gathered (and sometimes shared). These very drastically increase privacy risks, and have accelerated the shift to regulation, rather than relying on corporate desire to preserve goodwill. Companies using coupon programs often set up coupon printers in grocery stores.
Consumer privacy concerns date back to the first commercial couriers and bankers, who in every culture took strong measures to protect customer privacy, but also in every culture tended to be subject to very harsh punitive measures for failures to keep a customer's information private. The Hippocratic Oath
Hippocratic Oath
The Hippocratic Oath is an oath historically taken by physicians and other healthcare professionals swearing to practice medicine ethically. It is widely believed to have been written by Hippocrates, often regarded as the father of western medicine, or by one of his students. The oath is written in...
includes a requirement for doctors to avoid mentioning ills of patients to others, not only to protect them, but to protect their families - the same basic idea as modern consumer privacy law and regulation, which recognizes that innocent third parties can be harmed by the loss of control of sensitive information, and that therefore there is a responsibility beyond that to the 'customer' or 'client'. Today the ethical code
Ethical code
An ethical code is adopted by an organization in an attempt to assist those in the organization called upon to make a decision understand the difference between 'right' and 'wrong' and to apply this understanding to their decision...
s of most professions very clearly specify privacy measures beyond that for the 'consumer' of an arbitrary service. Those measures are discussed in other articles on medical privacy
Medical privacy
The main subject of medical privacy or health privacy is the 'medical record' which historically has been a paper file of the entire medical history of the patient. Various electronic forms of medical records have existed in western countries, but mostly in an unintegrated fashion. This lack of...
, client confidentiality
Client confidentiality
Client confidentiality is the principle that an institution or individual should not reveal information about their clients to a third party without the consent of the client or a clear legal reason...
and national security
National security
National security is the requirement to maintain the survival of the state through the use of economic, diplomacy, power projection and political power. The concept developed mostly in the United States of America after World War II...
- and to a degree in carceral state
Carceral state
A Carceral archipelago refers to French social theorist Michel Foucault's work on surveillance systems and their technologies over modern societies and its practice of social control and discipline over its population in all areas of social life.Taken from his classic work Discipline and punish...
(where no privacy in any form nor limits on state
State (polity)
A state is an organized political community, living under a government. States may be sovereign and may enjoy a monopoly on the legal initiation of force and are not dependent on, or subject to any other power or state. Many states are federated states which participate in a federal union...
oversight or data use exist).
Modern consumer privacy law in a recognizable form originated in telecom regulation, when it was recognized that a telco
Telephone company
A telephone company is a service provider of telecommunications services such as telephony and data communications access. Many were at one time nationalized or state-regulated monopolies...
, especially a monopoly
Monopoly
A monopoly exists when a specific person or enterprise is the only supplier of a particular commodity...
(known in most nations as a PTT
PTT
PTT may refer to:Chemistry and medicine:* Partial thromboplastin time, a performance indicator in medicine for coagulation status* Photothermal Therapy, A method of using light and photosensitizers for medical treatments...
), had access to unprecedented levels of information about not only the direct customer's communications habits and correspondents, but also that of those who shared his or her household. It was also often the case that telephone operators could hear conversations, inadvertently or deliberately, and were required to dial the exact numbers.
The data gathering required for billing began to become an obvious privacy risk as well. Accordingly, strong rules on operator behavior, customer confidentiality, records keeping and destruction were enforced on telcos in every country. Typically only police and military authorities had powers to 'wiretap' or see records. Even stricter requirements emerged for banks' electronic records - in some countries financial privacy
Financial privacy
Financial Privacy is a blanket term for a multitude of privacy issues:*Financial Institutions ensuring that their customers information remains private to those outside the institution. Issues include the Patriot Act, and other debates of privacy vs...
is a major focus of the economy, and penalties for violating it are severe and criminal penalties applied. In Austria
Austria
Austria , officially the Republic of Austria , is a landlocked country of roughly 8.4 million people in Central Europe. It is bordered by the Czech Republic and Germany to the north, Slovakia and Hungary to the east, Slovenia and Italy to the south, and Switzerland and Liechtenstein to the...
in the 1990s mere mention of a client's name in a semi-public social setting was enough to earn a junior bank executive a stiff jail sentence.
Through the 1970s many other organizations in developed nations began to acquire sensitive data, but there were few or no regulations in place to prevent them from sharing or abusing it. Customer trust and goodwill was generally thought to be sufficient in some nations, notably the United States
United States
The United States of America is a federal constitutional republic comprising fifty states and a federal district...
, to ensure protection of truly sensitive data. 'Caveat emptor
Caveat emptor
Caveat emptor is Latin for "Let the buyer beware". Generally, caveat emptor is the property law doctrine that controls the sale of real property after the date of closing.- Explanation :...
' applied. But in the 1980s much smaller organizations began to get access to computer hardware and software, and these simply did not have the procedures or personnel or expertise, nor less the time, to take rigorous measures to protect their customers. Meanwhile, via target marketing and rewards programs, they were acquiring ever more data.
Gradually, customer privacy measures alone proved insufficient to deal with the many hazards of corporate data sharing, corporate mergers, employee turnover, theft of hard drives or other data-carrying hardware from work.
Talk began to turn to explicit regulation, especially in the European Union
European Union
The European Union is an economic and political union of 27 independent member states which are located primarily in Europe. The EU traces its origins from the European Coal and Steel Community and the European Economic Community , formed by six countries in 1958...
, where each nation had laws that were incompatible, e.g. some restricted the collection, some the compilation, and some the dissemination of data, and it was possible to violate anyone's privacy within the EU simply by doing these things from different places in the European Common Market as it existed before 1992.
Through the 1990s the proliferation of mobile telecom (which typically bills every call), the introduction of customer relationship management
Customer relationship management
Customer relationship management is a widely implemented strategy for managing a company’s interactions with customers, clients and sales prospects. It involves using technology to organize, automate, and synchronize business processes—principally sales activities, but also those for marketing,...
and the use of the Internet
Internet
The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite to serve billions of users worldwide...
by the public in all developed nations, brought the situation to a head, and most countries had to implement strong consumer privacy laws, usually over the objections of business.
The European Union
European Union
The European Union is an economic and political union of 27 independent member states which are located primarily in Europe. The EU traces its origins from the European Coal and Steel Community and the European Economic Community , formed by six countries in 1958...
and New Zealand
New Zealand
New Zealand is an island country in the south-western Pacific Ocean comprising two main landmasses and numerous smaller islands. The country is situated some east of Australia across the Tasman Sea, and roughly south of the Pacific island nations of New Caledonia, Fiji, and Tonga...
passed particularly strong laws that were used as a template for more limited laws in Australia
Australia
Australia , officially the Commonwealth of Australia, is a country in the Southern Hemisphere comprising the mainland of the Australian continent, the island of Tasmania, and numerous smaller islands in the Indian and Pacific Oceans. It is the world's sixth-largest country by total area...
and Canada
Canada
Canada is a North American country consisting of ten provinces and three territories. Located in the northern part of the continent, it extends from the Atlantic Ocean in the east to the Pacific Ocean in the west, and northward into the Arctic Ocean...
and some states of the United States
United States
The United States of America is a federal constitutional republic comprising fifty states and a federal district...
(where no federal law for consumer privacy exists, although there are requirements specific to banking and telecom privacy).
After the September 11, 2001, terrorist attacks on the United States
United States
The United States of America is a federal constitutional republic comprising fifty states and a federal district...
, privacy took a back-seat to national security
National security
National security is the requirement to maintain the survival of the state through the use of economic, diplomacy, power projection and political power. The concept developed mostly in the United States of America after World War II...
in most legislators' minds. Accordingly concerns of consumer privacy in the United States
United States
The United States of America is a federal constitutional republic comprising fifty states and a federal district...
have tended to go unheard as questions of citizen privacy versus the state, and the development of a police state
Police state
A police state is one in which the government exercises rigid and repressive controls over the social, economic and political life of the population...
or carceral state
Carceral state
A Carceral archipelago refers to French social theorist Michel Foucault's work on surveillance systems and their technologies over modern societies and its practice of social control and discipline over its population in all areas of social life.Taken from his classic work Discipline and punish...
, have occupied advocates of strong privacy measures.
Whereas it may have appeared prior to 2002 that commercial organizations and the consumer data they gathered were of primary concern, it has appeared since then in most developed nations to be much less of a concern than political privacy
Political privacy
Political privacy has been a concern since voting systems emerged in ancient times. The secret ballot is the simplest and most widespread measure to ensure that political views are not known to anyone other than the voter—it is nearly universal in modern democracy, and considered a basic right of...
and medical privacy
Medical privacy
The main subject of medical privacy or health privacy is the 'medical record' which historically has been a paper file of the entire medical history of the patient. Various electronic forms of medical records have existed in western countries, but mostly in an unintegrated fashion. This lack of...
, e.g. as violated by biometrics
Biometrics
Biometrics As Jain & Ross point out, "the term biometric authentication is perhaps more appropriate than biometrics since the latter has been historically used in the field of statistics to refer to the analysis of biological data [36]" . consists of methods...
. Indeed, people have been stopped at airports solely due to their political views recently (see No-fly list) and there appears to be little public will to stop practices of this nature. Privacy of body or habits may be 'dead', for all practical purposes, until political approaches or threats change.
Customer privacy
Customer privacy measures are those taken by commercial organizations to ensure that confidential customer data is not stolen or abused. Since most such organizations have a strong competitive incentive to retain an exclusive access to these data, and since customer trust is usually a high priority, most companies take some security engineeringSecurity engineering
Security engineering is a specialized field of engineering that focuses on the security aspects in the design of systems that need to be able to deal robustly with possible sources of disruption, ranging from natural disasters to malicious acts...
measures to protect customer privacy.
However, these vary in effectiveness, and would not typically meet the much higher standards of client confidentiality
Client confidentiality
Client confidentiality is the principle that an institution or individual should not reveal information about their clients to a third party without the consent of the client or a clear legal reason...
applied by ethical code
Ethical code
An ethical code is adopted by an organization in an attempt to assist those in the organization called upon to make a decision understand the difference between 'right' and 'wrong' and to apply this understanding to their decision...
s or legal code
Legal code
A legal code is a body of law written by a governmental body, such as a U.S. state, a Canadian Province or German Bundesland or a municipality...
s in banking or law
Law
Law is a system of rules and guidelines which are enforced through social institutions to govern behavior, wherever possible. It shapes politics, economics and society in numerous ways and serves as a social mediator of relations between people. Contract law regulates everything from buying a bus...
, nor patient privacy measures in medicine, nor rigorous "national security
National security
National security is the requirement to maintain the survival of the state through the use of economic, diplomacy, power projection and political power. The concept developed mostly in the United States of America after World War II...
" measures in military and intelligence organizations.
Since they operate for-profit, commercial organizations also cannot spend an unlimited amount on precautions and remain competitive - a commercial context tends to limit privacy measures, and to motivate organizations to share data when working in partnership. This has led to many moral hazard
Moral hazard
In economic theory, moral hazard refers to a situation in which a party makes a decision about how much risk to take, while another party bears the costs if things go badly, and the party insulated from risk behaves differently from how it would if it were fully exposed to the risk.Moral hazard...
s and outrageous customer privacy violation incidents, and has led to consumer privacy laws in most countries, especially in the European Union
European Union
The European Union is an economic and political union of 27 independent member states which are located primarily in Europe. The EU traces its origins from the European Coal and Steel Community and the European Economic Community , formed by six countries in 1958...
, Australia
Australia
Australia , officially the Commonwealth of Australia, is a country in the Southern Hemisphere comprising the mainland of the Australian continent, the island of Tasmania, and numerous smaller islands in the Indian and Pacific Oceans. It is the world's sixth-largest country by total area...
, New Zealand
New Zealand
New Zealand is an island country in the south-western Pacific Ocean comprising two main landmasses and numerous smaller islands. The country is situated some east of Australia across the Tasman Sea, and roughly south of the Pacific island nations of New Caledonia, Fiji, and Tonga...
and Canada
Canada
Canada is a North American country consisting of ten provinces and three territories. Located in the northern part of the continent, it extends from the Atlantic Ocean in the east to the Pacific Ocean in the west, and northward into the Arctic Ocean...
. The United States
United States
The United States of America is a federal constitutional republic comprising fifty states and a federal district...
has no such law and relies on corporate customer privacy to ensure consumer privacy in general.
Some services, notably telecommunications including Internet
Internet
The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite to serve billions of users worldwide...
, imply collecting a vast array of information about user's activities in the course of things, and may also require consultation of these data to prepare bills. Telecom data must be kept for seven years in the US and Canada, to permit dispute and consultation about phone charges. Telecom regulation has always enforced a high level of confidentiality on these very sensitive customer communication bills and the underlying records. However, this approach has to a degree been outmoded as other industries also now gather sensitive data:
Such common commercial measures as software-based customer relationship management
Customer relationship management
Customer relationship management is a widely implemented strategy for managing a company’s interactions with customers, clients and sales prospects. It involves using technology to organize, automate, and synchronize business processes—principally sales activities, but also those for marketing,...
, rewards programs and target market
Target market
A target market is a group of customers that the business has decided to aim its marketing efforts and ultimately its merchandise. A well-defined target market is the first element to a marketing strategy...
ing tend to drastically increase the amount of information gathered (and sometimes shared). These very drastically increase privacy risks, and have accelerated the shift to regulation, rather than relying on corporate desire to preserve goodwill. Companies using coupon programs often set up coupon printers in grocery stores.
See also
- information technology managementInformation technology managementIT management is the discipline whereby all of the technology resources of a firm are managed in accordance with its needs and priorities. These resources may include tangible investments like computer hardware, software, data, networks and data centre facilities, as well as the staffs who are...
- management information systems
- managementManagementManagement in all business and organizational activities is the act of getting people together to accomplish desired goals and objectives using available resources efficiently and effectively...
- marketingMarketingMarketing is the process used to determine what products or services may be of interest to customers, and the strategy to use in sales, communications and business development. It generates the strategy that underlies sales techniques, business communication, and business developments...
- customer focus
External links
- Privacy International
- Protecting Consumer Privacy in an Era of Rapid Change, FTCFTCFTC may refer to:- Organizations :* Federal Trade Commission, a US agency for consumer protection* Ferencvárosi TC, a Hungarian sports club* Financial Training Center Limited, a training institution in Tanzania...
Staff Report