In Depth
Privacy Policies: Serving Up Your Customers
The privacy debate is nothing new. But it will heat up as the lines between security and privacy blur.
By Meg Mitchell Moore
Too often, however, privacy policies are complicated, and customers either don't understand the language or they don't read the fine print. "Most privacy policies are too cumbersome," says says RSA Security's Worrall. "They're written in two-point type in ways that only lawyers can understand." The solution: Make it simple. Let customers know what they're signing, and make it easy for them to opt in or out of it. "A combination of good policy and good technology will prevent misuse of data and angry customers," says Worrall (see "Read It or Weep," Page 34).
Sabett agrees, and adds, "It's not enough for the CSO to create a privacy policy and toss it over the wall." Sabett recommends that the CSO form an information security "Tiger Team" made up of executives from the legal, technical and business side of things-and even bring a representative from PR into it if they can. "You need to make sure that the CSO is not an island," he says. "If the team meets proactively every couple of months or so, they'll be better prepared to react to a situation if they need to."
Finally, make sure your policy states that no one person can make the decision by themselves to release customer data. "It's really an issue of sound business practices," says Worrall. "You need to have sufficient checks and balances in place."
That advice might have saved JetBlue any injury to its reputation as a great new airline. "They'll work at it, undoubtedly," says Privacilla's Harper, "and certainly they will never make a mistake like this again."
Even if JetBlue doesn't, it's a safe bet that someone else will. The privacy debate is going to get more complicated as the lines between security and privacy inch closer together. And as they do, it will be every consumer-not just the ones flying in JetBlue's leather seats, glued to DirecTV and munching the company's signature blue potato chips-who will be wondering, Who knows what about me? And why?
privacy policies
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
