“You close the door when you go to the bathroom not because you’re doing something bad in there, but because others might not care to share the experience.” – Judith Martin, aka Miss Manners.
Month: September 2000
What privacy means (first appeared in InfoWorld)
Can we give the president some privacy? Zippergate, which was a trivial scandal compared to its recent presidential predecessors, pretty much ended it.
Not that the current crop of candidates helps anything by parading their religiosity on their sleeves. It goes beyond poor fashion sense. The presidency already resembles an episode of Big Brother. Why worsen the situation by making yet another private matter public?
Presidential privacy may be both an oxymoron and a hopeless issue, but the issue of customer privacy is very much alive. Consumer advocates thunder (as always) that it’s important, industry (as always) whines that it should be self-policing, and Congress (as always) holds hearings on the subject.
But what’s the subject? “Privacy” is more slippery than a presidential candidate. But since IT helps formulate and implement privacy policies, you need to understand it. And it’s complicated.
For example: Does automated identification violate privacy? Yes! Consumer advocates yell, but does it really? As stated here last week, the Internet has properties of place — your activities in cyberspace happen there, not in your home. The right to anonymity isn’t absolute in actual reality; why should it be in virtual reality?
Everyone knew Norm’s name at Cheers and that didn’t violate his privacy. Presumably, when Norm first began to patronize Cheers he introduced himself to Sam. Sam’s remembering his name was an act of courtesy, not a privacy violation. On the other hand, total strangers can’t just grab your wallet and read your driver’s license, just because they want to. Nor, for that matter, can the police, unless they’re investigating a crime.
This gives you a pretty good guideline. A customer’s right to anonymity isn’t absolute, nor solely a matter of permission, but it also isn’t waived just because they enter your web site, any more than they waive it by entering a department store. Which means your company’s identification process should be explicit and overt … a login process, or a request for permission to set a cookie.
Does privacy mean your company shouldn’t track and predict customers’ buying preferences once you’ve legitimately identified them? Woody knew what kind of beer Norm liked, and that didn’t violate Norm’s privacy — presumably, Norm would have been offended had it been otherwise.
If you tell me something, I don’t violate your privacy by remembering it. If you buy something, pay with a credit card, and provide a shipping address, the seller doesn’t violate your privacy by recording the transaction and using the information.
Until it sells the information to another company. It’s fine for Sam to know whatever Norm tells him about Vera; it isn’t fine for Sam to sell Vera’s name, address, telephone number, and size to the lingerie shop down the street.
But what if your company owns both Cheers and the lingerie company? That’s a bit fuzzier. So in your privacy policy, list the companies and brands that share customer information. If you state the policy and your customers agree to it, there’s no privacy violation; if they don’t agree to it they can take their business elsewhere. It’s a matter of mutual consent, as it should be. (If you have no policy, caveat emptor, but shame on you.)
As for companies like Doubleclick, that surreptitiously follow you from site to site, in real space, we call that “stalking”, and we arrest people for it.
Why should cyberspace be any different?