Keeping Pace With Privacy Issues

Much has been said about Internet privacy. Though I’m not a lawyer who can advise you on what to do, except to suggest that you follow the directives from the Direct Marketing Association, I would like to share what I have learned about aspects of privacy that are becoming an enormous concern for businesses and consumers.

First, the DMA provides great advice on privacy enlightenment, so check out for more information.

According to USA Today, more than 2 trillion pieces of junk e-mail are expected to flood the Internet this year – 100 times the amount of mail delivered by the U.S. Postal Service in 2002. I have had enough of ads for body part enhancements, Viagra substitutes, dates with Russian women and the ubiquitous ink-jet cartridges.

Spammers have realized that if they drop their e-mails at night their messages can be mass deleted, but if they deliver their spam throughout the day, then it’s embedded in business correspondence and readers have to dance around it. The settings in my browser do not filter out daily junk e-mails, no matter how I set the filters.

When you consider all the information that is being shared and spread across companies and shared among enterprises, we should all be concerned. For example, CRM and customer-care services revenue are projected to reach $101 billion in 2007, with a 2002-07 annual growth rate of 11.3 percent, according to two reports released in April by IDC.

IDC called this growth rate “moderate” and factored in a year or two of sluggish gains. In one report, “Worldwide and U.S. Customer Care Services Forecast and Analysis,” IDC predicts that customer-care services will experience turbulence over the next 12 to 18 months. This means that the ability to disseminate information about consumers may actually be much larger than predicted.

In recent years, business has lost ground with the privacy issue on many fronts, and we are rapidly moving toward a more regulated business environment. The momentum in Washington and individual states is clearly toward more and stronger legislation. The question is: What shape will these regulations take?

Here are some trends I picked up at an Acxiom customer conference that may provide answers:

· Financial privacy. Providing adequate protection for financial information is hot internationally and domestically. The problem of identification theft is occurring everywhere. Because of this, the prohibition of sharing financial information even among units of the same business is probably wise. Existing examples include the Gramm-Leach-Bliley Act and the Fair Credit Reporting Act. The FCRA expires in January. This to me is a good thing. Personally, I receive too many unsolicited credit card offers, and my sons, who have no jobs, get pre-approved credit card offers with credit to $10,000 based upon my family’s credit history. Pre-screening has done nothing to enhance my life and instead has put my family on the defensive.

· Notice, choice and security. At issue here is what constitutes adequate notice and effective choice. One recommendation from the Hunton Williams Center for Information Policy Leadership is finding favor in Washington. It creates a method of providing layered measures on each Web site requesting information that will advise the consumer of the rights of the individual and the true policies of the company.

· Increased enforcement. The Federal Trade Commission has intensified its efforts to hold prominent companies and less-well-inspected companies accountable. As a result, it’s being proved that many companies do not honor their privacy policy and that others’ Web sites are mere traps to encourage consumers to provide information.

· Emotional issues with consumers. Telemarketing and spam are causing angry responses from consumers. Aggressive and deceptive telemarketers have done much to rile people up. More than 30 states have spam regulations, but so far nothing can be done to stop off-shore spammers. A federal law to prohibit spam may put a bite into the international spammers.

· Public records. Where does the right to access of information end and the right to privacy begin? And how is it being abused? For now, anyone who wants to perform identify theft does not have to work all that hard to get date of birth and Social Security numbers from public records. But this will come to an end shortly. The Coalition for Sensible Public Records Access is in the process of putting public-record guidelines in place for large data aggregators.

· Government access to data. To what extent does the government have the right to look into personal information that may be available in private and third-party databases? This is particularly confusing when you think about how a 9/11 situation might be averted in the future.

· Global legislation. This is complicated because every country seems to have its own regulations. There are no standard world regulations to define privacy rules. This issue is likely to keep attorneys in business for years.

An Internet site that provides personal information about an alleged purveyor of mass e-mail is not harassment and does not need to be removed from the Web, so ruled a Maryland district court judge. Francis Uy, a tech specialist at Johns Hopkins University, posted such a site to expose the activities of George A. Moore Jr., owner of Maryland Internet Marketing Inc. in Linthicum. Moore, whose company sells nutritional weight-loss products including Fat-N-Emy and Extreme Colon Cleanser, has been identified by spam-tracking organizations as a leading spammer.

What about those annoying pop-ups that come with some of the biggest names like Microsoft? Get MSN Internet services and you get them.

Large companies spend $1 to $2 per user to combat spam. Yet this does not keep hundreds of spam e-mails from creeping into our boxes when we turn on our computers.

What can a company do? Ensure that with every e-contact with your constituents you offer them the chance to continue to opt in and make the opt out the default. Companies should publish their privacy policy practices or provide access to those policies everywhere possible.

Then, companies must live up to their privacy policies. Never share information, even within the same enterprise, unless the individual gives permission. In a business-to-business relationship, it is not unusual for a person to opt out for one thing and opt in for another. The rule should be to honor a person’s latest request and any previous opt-out policies.

If you find that the opt outs are not working and that a company is still sending e-mails, please report it to the DMA and to the company’s Internet service provider.

Related Posts