About Us
8020Info Services
Information Lab
Newsletters
Free Subscription
Capsules
Articles
Links
Client Workspace
Using This Site
Contact Us
|
Don't Let Your Personal Privacy be a Casualty of Electronic Age By W. Peter Kissick Published Jan.27, 2001, The Kingston Whig-Standard Have you ever had this experience when shopping? After agonizing over the decision as to whether you really need a blue thingee when you already have a black one, you finally steel up the courage to take the item to the sales clerk in order to make your purchase. Proud that you have finally made up your mind, you plunk down your credit card, or debit card (or, perish the thought, cash), when the clerk asks through a hundred-watt smile: " Now Mr. (he or she pauses here in order to read your name off of your card)...may I please have your phone number/address/postal code/date of birth/ mother's maiden name/dog's favourite kibble/can we send you our monthly newsletter?" OK, perhaps I exaggerate, but it often amazes me the number of questions that can be asked of me which have absolutely nothing to do with my purchase. A trusting soul… Simply because I wanted to complete my purchase, or maybe because I was a born and bred Canadian and therefore was programmed to be polite, or else because I was a trusting soul, I confess I often used to answer these questions without thinking. I am not nearly as conforming a customer as I used to be. I can now become somewhat less than the cheery customer when I am asked these personal questions (I do stop short of being hostile – I am sure it wasn't the poor retail clerk's idea to ask me what my phone number is). My wife says it is a professional preoccupation – as a lawyer I can't help being suspicious. I'm not sure that is true (I don't want to paint all of my colleagues with the same brush). What troubles me, I think, is that someone has information about me that he/she/it really doesn't need to know; or worse, they know it so that they can benefit from knowing it. It's not that I am paranoid, or that I want a piece of its marketing revenue, but am I not already doing that retailer a favour by making my purchase from that store? From clerks to online "fields"… Actually queries from in store clerks are relatively benign – clerks are apparently trained not to aggravate a customer unduly. Their questions border on unobtrusive when compared to online purchase procedures, which often require the consumer to complete certain "fields" of an online form before the consumer is permitted to submit his order. In that milieu, you have no one to question or to complain to, and you really have no idea where the information will ultimately end up or how it will be used. (Granted an e-tailer does need my address in order to ship me the goods I have ordered, but I have my doubts that the personal data I have conveyed to them is automatically destroyed once my order has been filled.) Many electronic retailers recognize this very concern and a good number post a privacy policy directly on their Web site, which you can click on and review before making your online order. Such retailers have done this to provide comfort to worried shoppers who seem to be more skittish about privacy issues over the Internet than they do in other transactional venues. But requests for personal data are made over the telephone, or whenever we complete a form and send it through the mail or give it to a sales clerk. Consider any credit application, for instance. Indeed, several years ago, the federal government was concerned about the amount of data that banks and their subsidiaries were collecting about their customers. Fearing legislation, the Canadian Bankers Association adopted a model privacy code, which the Canadian banks adopted. New laws enacted… Ironically enough, as of January 1, 2001, the Federal Government has in fact put in place a law which now regulates how businesses (including banks – so much for voluntary compliance!) can collect and retain personal data obtained from customers. It is called the Personal Information Protection and Electronic Documents Act, and is a sweeping piece of legislation which will require businesses to adhere to 10 principles of "fair information practices" when collecting personal data through any means (although clearly the impact of the Internet seems to have been the catalyst for this law). Businesses must advise you of why they are collecting the data, obtain your consent before collecting it, obtain only as much information as is necessary, ensure the accuracy of the information they have obtained, and ensure that you have access to the information about you that has been retained. This law is modeled after a similar policy in force in Europe, and initially only applies to federally regulated businesses, but is intended to be extended to all businesses in Canada by 2004. Are the rules too demanding?… Given my earlier comments critical of the collection of consumer information, you're probably thinking, "He's gotta love this legislation." I do like its intent: if someone wants to take, retain and use something of mine as important as personal data about me (and valuable too, potentially, since it is unlikely they would want it if it couldn't lead to revenue), then I believe that they should adhere to some set of rules so that I can have confidence that my personal information will be used for a specific purpose to which I have agreed and no other. But I wonder if the feds, following Europe's lead, have used a sledgehammer when a hammer would have sufficed. Compliance with the 10 principles of data protection found in this legislation will require a significant expenditure of business and employee time and resources for most businesses, even when the collection of data in many cases is for completely innocent and non-threatening reasons. The costs of adherence will not be insubstantial, and proportionately greater on small businesses that likely do not have the personnel to monitor the data systems envisioned by this regime. I also wonder whether we will drastically alter this legislation when the United States finally unveils their privacy law, which is likely to be less intrusive on business than our law. But what causes me to worry most, I think, and why I get into a bit of a lather about personal privacy, is when I hear an executive at a large Canadian technology firm declare in a recent radio interview (and I paraphrase): it doesn't matter whether Canada has this data protection legislation or not, personal privacy no longer really exists in the electronic age, so we should just stop worrying about it. Thanks for the sentiment, but if it's all the same to you, I think I'll keep asking why the clothing store needs to know my phone number when I buy a sweater. **** Peter Kissick is a Kingston lawyer who teaches in Queen's University School of Business and practises in the fields of e-commerce and corporate law |
Copyright © 1999 - 2001, 8020Info Inc., All Rights Reserved.