This article has multiple issues. Please help talk page. (Learn how and when to remove these template messages) or discuss these issues on the(Learn how and when to remove this template message)
Consumer privacy is the use of laws and regulations to protect individuals from privacy loss due to the failures and/or limitations of corporate customer privacy measures. The damage done by privacy loss is not measurable, nor can it be undone, and commercial organizations have little or no interest in taking unprofitable measures to drastically increase privacy of customers. Corporations may be inclined to share data for commercial advantage and fail to officially recognize it as sensitive to avoid legal liability in the chance that lapses of security may occur.
Consumer privacy concerns date back to the first commercial couriers and bankers who enforced strong measures to protect customer privacy. Harsh punitive measures were passed as the result of failing to keep a customer's information private. Compared to the Hippocratic Oath- which includes a requirement for doctors to avoid mentioning the ills of patients to others, not only to protect them, but to protect their families - modern consumer privacy law and regulation consists of the same mission, which recognizes that innocent third parties can be harmed by the loss of control of sensitive information. Today, the ethical codes of most professions very clearly specify privacy measures beyond that for the 'consumer' of any service. Those measures are discussed in other articles on medical privacy, client confidentiality and national security - and to a degree in carceral state (where no privacy in any form nor limits on state oversight or data use exist).
Modern consumer privacy law originated from telecom regulation when it was recognized that a telephone company, especially a monopoly (known in most nations as a PTT), had access to unprecedented levels of information: the direct customer's communication habits and correspondents and the data of those who shared his or her household. Telephone operators could frequently hear conversations, inadvertently or deliberately, and there job required them to dial the exact numbers.
The data gathering required for the process of billing began to become a privacy risk as well. Accordingly, strong rules on operator behavior, customer confidentiality, records keeping and destruction were enforced on telephone companies in every country. Typically only police and military authorities had legal powers to 'wiretap' or see records. Even stricter requirements emerged for various banks' electronic records - in some countries, financial privacy is a major focus of the economy and penalties for violating it are severe and criminal penalties applied.
In Austria around the 1990s, the mere mention of a client's name in a semi-public social setting was enough to earn a junior bank executive a stiff jail sentence.
Through the 1970s many other organizations in developed nations began to acquire sensitive data, but there were few or no regulations in place to prevent them from sharing or abusing the data. Customer trust and goodwill were generally thought to be sufficient in first-world countries, notably the United States, to ensure protection of truly sensitive data. 'Caveat emptor' was applied in these situations. But in the 1980s, smaller organizations also began to get access to computer hardware and software, and these simply did not have the procedures or personnel or expertise, nor less the time, to take rigorous measures to protect their customers. Meanwhile, via target marketing and rewards programs, they were acquiring ever more data.
Gradually, customer privacy measures alone proved insufficient to deal with the many hazards of corporate data sharing, corporate mergers, employee turnover, and theft of hard drives or other data-carrying hardware from work.
Talk began to turn to explicit regulation, especially in the European Union, where each nation had laws that were incompatible, e.g. some restricted the collection, some the compilation, and some the dissemination of data. It was possible to violate anyone's privacy within the EU simply by doing these things from different places in the European Common Market as it existed before 1992.
Through the 1990s, the proliferation of mobile telecom, the introduction of customer relationship management, and the use of the Internet in developed nations brought the situation to the forefront, and most countries had to implement strong consumer privacy laws, usually over the objections of business.
The European Union and New Zealand passed particularly strong laws that were used as a template for more limited laws in Australia and Canada and some states of the United States (where no federal law for consumer privacy exists, although there are requirements specific to banking and telecom privacy).
After the terrorist attacks against the United States on September 11, 2001, privacy took a back-seat to national security in legislators' minds. Accordingly, concerns of consumer privacy in the United States have tended to go unheard of as questions of citizen privacy versus the state, and the development of a police state or carceral state, have occupied advocates of strong privacy measures.
Whereas it may have appeared prior to 2002 that commercial organizations and the consumer data they gathered were of primary concern, it has appeared since then in most developed nations to be much less of a concern than political privacy and medical privacy, e.g. as violated by biometrics. Indeed, people have recently been stopped at airports solely due to their political views (see No-fly list), and there appears to be minimal public will to stop practices of this nature. Privacy of body or habits may be 'dead', for all practical purposes, until political approaches or threats change.
Customer privacy measures are those taken by commercial organizations to ensure that confidential customer data is not stolen or abused. Since most organizations have a strong competitive incentive to retain an exclusive access to these data, and since customer trust is usually a high priority, most companies take some security engineering measures to protect customer privacy.
However, these vary in effectiveness, and would not typically meet the much higher standards of client confidentiality applied by ethical codes or legal codes in banking or law, nor patient privacy measures in medicine, nor rigorous "national security" measures in military and intelligence organizations.
Since they operate for-profit, commercial organizations also cannot spend an unlimited amount on precautions and remain competitive - a commercial context tends to limit privacy measures, and to motivate organizations to share data when working in partnership. This has led to many moral hazards and outrageous customer privacy violation incidents, and has led to consumer privacy laws in most countries, especially in the European Union, Australia, New Zealand and Canada. The United States has no such law and relies on corporate customer privacy to ensure consumer privacy in general.
Some services, notably telecommunications including Internet, imply collecting a vast array of information about users' activities in the course of things, and may also require consultation of these data to prepare bills. Telecom data must be kept for seven years in the US and Canada, to permit dispute and consultation about phone charges. Telecom regulation has always enforced a high level of confidentiality on these very sensitive customer communication bills and the underlying records. However, this approach has, to a degree, been outmoded as other industries also gather sensitive data:
Such common commercial measures as software-based customer relationship management, rewards programs and target marketing tend to drastically increase the amount of information gathered (and sometimes shared). These very drastically increase privacy risks, and have accelerated the shift to regulation, rather than relying on corporate desire to preserve goodwill. Companies using coupon programs often set up coupon printers in grocery stores.
|Personal Data Ecosystem|
Manage research, learning and skills at defaultLogic. Create an account using LinkedIn or facebook to manage and organize your IT knowledge. defaultLogic works like a shopping cart for information -- helping you to save, discuss and share.