Simon Davies: Privacy's New Image

America's new rules of privacy are coming from the Old Country. Here's how Europeans like Simon Davies are getting America to rethink privacy.

By Daintry Duffy

August 01, 2003 — CSO — Where privacy is concerned, Americans distrust their government. But they'll gladly hand over their personal information to a corporation to get a deal on their groceries.

Europeans, on the other hand, will give their government extremely broad surveillance powers, but they largely forbid private enterprise from accessing any personal data without their express written consent. In the corporate security world, this has translated into an ideological disconnect: U.S. executives think Europeans are missing the marketing opportunity personal data provides, and the Europeans, by and large, see their American counterparts as fast and loose, callous even, when it comes to their citizens' privacy. Until recently these issues had settled into a quiet dÃ©tente. However, resentments churned up by recent world events have European privacy experts predicting that U.S. companies are likely to face a new hard-line approach to privacy enforcement in their business dealings on the continent.

But views on privacy have also been changing within the United States. HIPAA and a slew of post-9/11 antiterrorism legislation started the trend, and rapid technological advances that make invading one's privacy shockingly easy have drawn more attention to the privacy issue. The result is that America is looking more and more like the Old Country, at least when it comes to privacy.

The libertarian values of the founding fathers infused American culture with a live-and-let-live attitude. A majority of U.S. citizens still wrinkle their noses at any proposal that smacks of increased government regulation. The issue of privacy has consequently been handled on an industry-by-industry basiswith only high-risk sectors such as health care and financial services bending to the force of legislation. Meanwhile, most businesses have been left to carry on the collection, use and trading of personal data and information at will behind a very thin curtain of "self-regulation."

At the center of this confluence of government legislation, international pressure and the ongoing debate over security versus privacy is the CSO. He is charged withand will ultimately be held responsible fornavigating through the turbulence.

The CSO has a tremendous impact on the development, execution and effectiveness of the corporate privacy policy. Whether responsibility for privacy resides in the security group, with the legal counsel, in human resources or with a specially appointed chief privacy officer, the CSO is a critical partner in giving a privacy program life.

But it isn't an easy partnership. "You can have great security without privacy I suppose," says Peter Cullen, former chief privacy officer of Royal Bank of Canada and newly appointed chief privacy strategist for Microsoft, "but you can't have great privacy without great security."