Privacy: what every manager should know: companies can't afford to ignore the fact that consumers are increasingly concerned about how businesses use their personal information.

• Author: Haller, Susan C.

At the Core

This article:

* Lists consumer concerns about privacy issues

* Discusses how privacy has become a competitive issue

* Gives key components of effective privacy policies

Just a few years ago, information privacy issues were not even on the radar screen for most companies. More recently, however, consumers have become more aware of the issue and more concerned about the potential misuse of information about them by both government and business. Other developments that have pushed privacy issues to the forefront include technological advances, increased media coverage of companies' privacy missteps, privacy-related litigation, and an increased focus on privacy in Congress and federal regulatory agencies, as well as in state legislatures and regulatory agencies.

The business community, recognizing privacy as a competitive issue and responding to the increased consumer awareness of the issue, has made privacy a top-level issue. Many companies that obtain, maintain, use, and disclose personally identifiable information about consumers (e.g., name, address, e-mail address, telephone number, Social Security number) have:

* posted privacy policies on their Web sites

* created chief privacy officer (CPO) positions

* increased employee awareness and training about the issues

* established self-regulatory initiatives

* taken other noticeable measures to shore up their privacy policies and practices

Without a doubt, privacy is now an issue about which every company that collects and uses personally identifiable information about consumers should be concerned. Public and consumer concerns, as well as the rising volume of legislation and regulations, are such that all managers would be well advised to consider them.

What the Public Thinks

Consumers' interest in and concern about potential threats to their privacy have been measured in numerous polls and surveys. These indicate that consumers' privacy concerns have increased, especially over the past decade. In a 1999 survey conducted by the Wall Street Journal and NBC News, individuals were asked to identify the issue(s) that concern them the most about the 21st century. Remarkably, 29 percent of those participating in the poll responded that they were more concerned about threats to personal privacy than about other social issues, including overpopulation, war, and global warming.

Increased public concern about privacy has affected consumer decisions about which companies they are willing to do business with and what personal information they are willing to provide. The increased levels of concern about privacy have been attributed to two factors: distrust of institutions and fears about the misuse of technology.

Undoubtedly, the events of September 11, 2001, have had a profound effect on the public's concerns about social issues, including privacy. Since then, Americans have expressed greater support for expanded law enforcement programs (e.g., increased surveillance)--a marked change in public opinion--even if the increased law enforcement powers would affect individuals' civil liberties.

In the online world, consumer concern about privacy has had a profound impact on e-commerce. For example, an October 2001 report by Forrester Research found that $15 billion of projected 2001 e-commerce revenues could be unrealized because of consumers' concerns about their privacy. Among the key issues about online shopping identified by consumers are credit card number theft and the misuse of their personal information.

These figures demonstrate that companies cannot ignore the importance of privacy to consumers. Companies that fail to address privacy issues are likely to see an impact on their business.

The Role of the Media

Media reports about companies' privacy missteps have become not only front-page business section stories but true front-page stories as well. This media scrutiny has heightened public awareness of the privacy issue and, in some cases, resulted in legislative and regulatory activity.

For example, in 1999 the plans of a New Hampshire company, Image Data, to purchase drivers' photographs from state departments of motor vehicles and create a database of digital photographs that retailers could use to combat fraud were met with an immediate negative public reaction. Headlines, for example, raged "Your Driver's License, For Sale?" The public reacted strongly despite the fact that the law did not prohibit this practice, and Image Data offered consumers an opportunity to opt-out or have their photographs removed from the database.

Elected officials in several states acted quickly to halt the practice of allowing companies to purchase driver's license photographs. At the federal level, language was added to the FY2000 Transportation Appropriations Act to amend the 1994 Driver's Privacy Protection Act, the statute under which drivers' information had been made available for commercial purposes. Image Data ultimately changed its business plan for its database to a consent-based model where participating businesses scan the driver's licenses of consenting consumers only.

Also in 1999, the plans of Internet advertising company DoubleClick to purchase direct marketing company Abacus Direct, which housed the nation's largest catalog database, were well covered in the press. This purchase would have allowed DoubleClick to marry information about consumers' online habits (clickstream data) with Abacus' information, thereby creating personally identifiable online profiles and allowing DoubleClick's...