Two International Privacy Conferences
The first conference was sponsored by Zero Knowledge Systems and took place outside of Montreal, Quebec. The title of the conference, Privacy by Design, was well-chosen. Privacy *must* become a design element, a key component embedded into a company's business practices and culture.
Fortunately, as the ZKS conference proved, "Privacy by Design" is no mere slogan. The legal and regulatory consequences of privacy and data protection laws in EU and Canada have resulted in an abundance of resources to help businesses comply with the new regulatory climate. The "revolving door" phenomenon for which Washington is notorious seems to be playing out in Canada and Europe as well: former government officials (and their minions) are setting up consulting practices in which they help companies deal with the data protection commissions.
Since Canadian and European businesses have been dealing with privacy issues for years, there is a substantial infrastructure -- in both the public sector and the private sector -- surrounding compliance. The *meaning* of privacy is well developed and spelled out. Practical guidance abounds; the bureaucracies responsible for administering data protection laws are doing everything possible to simplify compliance.
It should be no surprise that financial institutions are at the front lines of dealing with privacy issues. They realized that privacy was a fundamental concern for their customers. Rather than treat this as a burden, however, they set about using it as an opportunity to revitalize their customer relations. Banks followed a strategy that had proven successful in the US time and time again: Give the Customer What He Wants.
And what customers want is privacy, not just at financial institutions, but throughout their online *and* offline lives. Fortuitously, meeting this need is good for business in a number of ways. Aside from the obvious benefits of meeting demands of the market, there are benefits arising from the discipline imposed by running a business based on "privacy by design".
The excitement at the ZKS conference was palpable. Everyone sensed we were on the threshold of a new era, but there was also a strong sense of confidence and competence. The challenges of compliance were large, but they could be managed. The excitement at the Privacy & American Business Conference was also palpable, but it was a more nervous energy than the confidence prevalent at the ZKS conference. American businesses by and large have been caught short by the "sudden" interest in privacy issues. They are now scrambling to get up the learning curve the Canadians and Europeans have been traversing for years, and
Even though the P&AB conference took place in Washington DC only four blocks away from the Capitol Building, it was just as much an international privacy conference as the one in Quebec. American business is acutely aware of the European and Canadian privacy laws, and they are concerned about protecting their markets and their employees abroad.
An unexpected case in point: administrative and staffing expenses of American businesses with offices in EU countries. The EU privacy laws are so strict that even the transfer of expense reports to the home office in the US invokes application of the data protection laws. Consequently, even though businesses thought they could ignore the legal situation in Canada and Europe, they are suddenly finding that they cannot.even pay the payroll in foreign offices, or transmit sales and marketing data to the states without taking steps to comply.
Hence the great deal of attention paid to "Safe Harbor". Safe Harbor is an arrangement the US Department of Commerce reached with the EU data protection commissioners. Safe Harbor sets out a plan for US companies to be deemed in compliance with EU data protection regulations so long as they follow a simple series of four steps. *Any* US company making transfers *any* personal data of an EU citizen is obligated to comply with Safe Harbor; otherwise they will be required to follow the far more burdensome requirements of each of the 15 EU data protection commissions.
Again, the financial services companies such as American Express have made the most progress in dealing with privacy issues. They are particularly strong in employee training programs, some of which are quite slick with professionally produced videos and training binders.
Key themes I would like identify by way of summary.
 The ten core principles of fair information practices are:
 It is estimated that there are approximately 75 chief privacy officers in the US currently. It is also estimated that, by the end of this decade, *every* company that handles personal information will have a CPO.
[Published in CPSR PING! 1:4, p. 11. May, 2001]
Please use the links below to reach other areas of this site:
Last revised: June 5, 2015.