In Depth

Privacy Policies: Serving Up Your Customers

The privacy debate is nothing new. But it will heat up as the lines between security and privacy blur.

By Meg Mitchell Moore

Page 3

Consumers have good reason to worry about where their data ends up. In September, the Federal Trade Commission released the results of a survey reporting that 27.3 million Americans have been victims of some form of identity theft within the past five years. In the year preceding the survey alone, 9.9 million people had their identities stolen, resulting in $5 billion of out-of-pocket expenses for consumers. So it's no wonder that many consumers are more vigilant than ever about protecting their personal information from prying eyes, whether those eyes belong to the government or potential criminals. "I think that average citizens are beginning to realize that their own personal information has value and can be abused," says Scannell. "Wrapping yourself in the American flag is not a valid security argument. It's pure bluster."

The lesson to Scannell is clear: Customers still expect a company's allegiance to their privacy polices to come before any other considerations.

To some, though, the privacy debate raises questions. Consumers can be a wishy-washy bunch, vacillating between feeling wronged and feeling apathetic about where their information goes, and that makes it difficult for companies to decide which lines to draw and where. According to Steve Hunt, vice president and research director for security at Forrester Research, a general sense of anxiety about protecting customer information pervades many conversations he has with companies. "The litigious nature of most consumers will lead customers to take legal action, which, more often than not, will result in bad press," he says. Indeed, a quick Google search reveals plenty of irate JetBlue customers willing to vent online.

It can be a quick jump from online complaints to business losses, but experts disagree about how abruptly the former can turn into the latter. "Violations of privacy policies can be fatal depending on the business," argues Hunt.

But according to IDC's Gaw, tales like JetBlue's become problematic only when they start to cost a business money. And while JetBlue says it can offer no specifics on how its privacy gaffe affected sales or profits, in October, its third-quarter results revealed a net income of $29 million, compared with $12.2 million in the same quarter the previous year. The number represents the company's 11th consecutive quarter of profitability. If large numbers of JetBlue's customers are turned off by what happened, they're hiding their dissatisfaction pretty well.

"People say they're concerned about privacy, but do people make flying decisions based on that?" asks Gaw.Put Your Money Where Your Mouth IsFor every person who cares desperately about what happens to his personal information once it lands in a company database, there is probably another who simply doesn't care all that much and still another who is willing to sacrifice privacy for protection, convenience or cost savings. "Some people are happy to fly naked if they think that will make them safer," says Scannell. (For more about this phenomenon, see "With Liberty and Surveillance for All," Page 38.)