Protection of Consumer Privacy
The development of new information and communication technologies has had a tremendous impact on individual privacy as well as security. Although previously confined to paper records, personal information ranging from name, address, and telephone number data to sensitive financial, medical, and behavioral information, now exists in electronic form.
Individuals routinely provide their personal details to businesses and employers online or through electronic transactions. In turn, companies use this information for analytics or marketing, and entities share the same information with a wide range of third parties (Horvath et al., 2009).
The ease with which personal information is collected, used, and shared has significant benefits for consumers and businesses. This free flow of information increases convenience, facilitates transactions, enables sophisticated and targeted marketing and assists law enforcement.
These benefits, however, are accompanied with challenges including the potential for a decrease in individual privacy, the possible spread of inaccurate or incomplete information, and the risk of identity theft among other crimes (Pitofsky et al., 1999). Advances in technology have also affected privacy and security in other ways. In particular, the Internet has made personal computers a gateway to an entire world of information.
Key Developments in Privacy Protection
The primary catalyst leading to policy discussions about information privacy protection has been technological change (Rule & Greenleaf, 2008).
From the computerization of large data sets in the 1960s to computerized processing of all records in the 1970s to computerized searching of record systems in the 1980s to the online linkages and searching capabilities of the 1990s, information and communication technologies have provided the foundation for concerns about consumer privacy protection.
However, this is not to say that other factors, most notably political events, interest groups, policy ideas, political climate, constitutional issues, and transnational activities have not played important roles in the development of consumer privacy protection.
However, the initial trigger placing information privacy on the policy agenda has been and is likely to continue to be, technological change. Once on the agenda, privacy issues generally occupy a relatively low position until other forces or events help to elevate public interest (Rule & Greenleaf, 2008).
Implementation
In general, federal and state laws require entities to gather personal information about consumers to provide notice about how they collect, use, disclose, provide access to, and protect that information. Apparently, privacy policies are the most common vehicles for providing such notice.
Many laws exist that require entities collecting personal information to post privacy policies in certain contexts. Most notably, California law requires any commercial Web site that collects information through the Internet to conspicuously post a privacy policy statement that meets several criteria (Pitofsky et al., 1999). Federal law on the other hand requires financial institutions to have privacy policies on their Web sites.
Under California law, the privacy policy itself or a hyperlink to the privacy policy must be visible on the home page of a Web site. If a hyperlink is used, it must be prominently displayed. Text links to the privacy policy should be displayed in a manner that a reasonable person would easily notice. In short, the format and content of the privacy policy generally should be easy for a reasonable consumer to understand.
Privacy policies should disclose what personal information is collected from consumers. California law requires Web site operators to identify the categories of personal information that the operator should collect. Other countries have similar requirements, suggesting that the failure to notify consumers about the collection of personal information is an unfair or deceptive trade practice.
For example, in 2002, Amazon entered into an agreement that required it to amend its privacy policy. Bound by the agreement Amazon was to specify to consumers exactly what personal information was to be gathered (Rule & Greenleaf, 2008).
References
Horvath, A., Horvath, A., Calkins, S., Villafranco, J., & Calkins, S. (2009).Consumer Protection Law Developments. Chicago, IL: American Bar Association.
Pitofsky, R., Anthony, S., Thompson, M. W., Swindle, O., & Leary, T. B. (1999). Protecting Consumers Online: A Federal Trade Commission Report on the First Five Years of Its Internet Law Enforcement Program. Darby, PA: DIANE Publishing.
Rule, J. B., & Greenleaf, G. W. (2008). Global Privacy Protection: The First Generation. Northampton, MA: Edward Elgar Publishing.