Thank you for sharing!

Your article was successfully shared with the contacts you provided.
In today’s information-laden environment, the ability to collect, collate and distribute vast quantities of information with the click of a mouse is increasingly driving economies across the globe. But the very techniques that have spurred the growth of global trade have also given rise to a paradox — even as it becomes easier to obtain information, more and more individuals and regulatory agencies are calling for stricter limits on the collection and dissemination of personal data. But instead of seeing this development as a threat, leading businesses view privacy protection as a way to enhance shareholder trust and build their brand name, as well as to avoid costs, mitigate risks, improve customer satisfaction and, potentially, to generate new sources of revenues. RELUCTANCE For example, while 35 million Americans spent about $45 billion online in 2000, researchers estimate that U.S. companies lost out on at least another $12.4 billion because consumers were reluctant to share personal information over the Internet. Perhaps a first step is balancing a customer’s right to privacy with a company’s interest in using customer information to identify marketing opportunities. All too often, until something happens to place them at risk, many organizations simply do not know how much or what kind of information they have, who has access to it, to what extent its use may be regulated, and, what penalties they may face for mishandling it. U.S. bank paid millions of dollars to settle a complaint alleging that it sold customer data, including account numbers and balance, Social Security numbers, and home phone numbers, to telemarketers. And an online advertising agency’s share price tumbled after it was informed that it would be charged with violating consumer privacy if it merged anonymous user names with data from a company it had acquired. But the lines are not always so clear-cut. A large manufacturer, for example, may have to comply with federal privacy laws if it issues credit cards, while a large retailer may be affected by medical privacy regulations if its stores contain pharmacies. Moreover, multinational organizations may face complex, conflicting regulations and customs. How can companies prevent problems from occurring, or even more proactively, how can they benefit strategically from a focus on the protection of privacy? Initially, business leaders should consider how to adapt their business models to recognize investment in privacy protection as an investment in an asset, instead of a cost of doing business. This process begins with the recognition that privacy is a strategic issue — not solely a technology or e-business issue. An effective privacy risk management program will meet a business’s needs while satisfying regulatory requirements and marketplace expectations. Among other characteristics, it should: disclose privacy principles; address the collection, use and retention of customer information; identify how customer privacy is maintained in business relationships with affiliated and non-affiliated third parties including vendors and alliance partners; periodically test for compliance with organization policies and compliance requirements; and monitor and evaluate the business implications of possible changes in laws and attitudes toward privacy. To accomplish these goals, companies may want to consider appointing a Chief Privacy Officer (CPO) or a Privacy Team that will be held accountable for implementing the process. However, an effective privacy risk management effort may require the collective expertise of a variety of departments and specialists, including professionals with knowledge, insight and experience in information risk management, business process and analysis and redesign, and with regulatory and industry-specific requirements. Once implemented, separate privacy and security audits can help to ensure compliance with laws and regulations, and can help demonstrate to customers, stakeholders and other parties the company’s commitment to privacy management. Tangible evidence of a successful audit may include a Web seal that demonstrates a company has fulfilled certain criteria in various areas of business, information security, information privacy practices, and transaction integrity or a Privacy Seal, which shows they are carrying out their promises about privacy to customers. In the final analysis, a privacy risk management endeavor program can help an organization build its brand, address significant challenges and, in the bargain, help to create a new, lasting covenant with customers, and other stakeholders and others. Jack Miller is a vice chairman and Tamara Mathis is an assurance partner in KPMG’s Stamford, Conn., office.

This content has been archived. It is available exclusively through our partner LexisNexis®.

To view this content, please continue to Lexis Advance®.

Not a Lexis Advance® Subscriber? Subscribe Now

Why am I seeing this?

LexisNexis® is now the exclusive third party online distributor of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® customers will be able to access and use ALM's content by subscribing to the LexisNexis® services via Lexis Advance®. This includes content from the National Law Journal®, The American Lawyer®, Law Technology News®, The New York Law Journal® and Corporate Counsel®, as well as ALM's other newspapers, directories, legal treatises, published and unpublished court opinions, and other sources of legal information.

ALM's content plays a significant role in your work and research, and now through this alliance LexisNexis® will bring you access to an even more comprehensive collection of legal content.

For questions call 1-877-256-2472 or contact us at [email protected]


ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2020 ALM Media Properties, LLC. All Rights Reserved.