In Depth

Privacy Policies: Serving Up Your Customers

The privacy debate is nothing new. But it will heat up as the lines between security and privacy blur.

By Meg Mitchell Moore

January 01, 2004 — CSO — Customers of JetBlue, the 4-year-old New York City-based airline, get a few extras when they fly. Among them: comfortable leather seats and individual television screens equipped with DirecTV. But in the summer of 2002, customers got something they hadn't signed up for: the release by JetBlue of their personal data to Torch Concepts, a contractor for the Department of Defense, which sought the names, addresses, phone numbers and flight information of millions of JetBlue customers for a project concerning military base security. When news of this came out in September 2003, it didn't take long for JetBlue to go from being the little airline that could to being the little airline that could screw up.

Following a public outcry regarding the corporate ethics behind giving third-party access to personal information about customers, JetBlue released a public relations statement that acknowledged the incident as falling-depending on whom you ask-somewhere between a small problem and an utter disaster. Finally, an apologetic e-mail went out to customers from company CEO David Neeleman, who reaffirmed JetBlue's dedication to protecting its customers' privacy. "We remain as firmly committed as ever to the goal of making our nation and its skies more secure; however, in hindsight we realize that we made a mistake," wrote Neeleman.

What makes the JetBlue case particularly vexing to privacy watchers is not just the release of the data in principle, but the fact that JetBlue's actions directly violated the company's own privacy policy. The airline, for its part, says it's still flying high, but the blunder highlights data privacy questions that may become a lot more prevalent as businesses reassess their responsibility to protect customers' privacy. "[JetBlue] made a big mistake, one that I think occurs much more frequently than we know about,"

says Jonathan Gaw, a research manager at IDC (a sister company to CSO's publisher).

Meanwhile, businesses and customers alike are asking themselves if what happened with JetBlue is a cautionary tale for businesses or a harbinger of what's to come for consumers. Who owns the data? And should businesses ever expect customers to sacrifice privacy in the name of protection? Helping or Hurting? In answer to the last question, Jim Harper offers an emphatic no. He is the editor of Privacilla.org, a Web-based think tank devoted to privacy. According to Harper, companies that think they're likely to help the government by being willing to share customer data are just plain wrong.

"A lot of the national security debate got off on the wrong foot in the beginning," Harper contends. Many security problems, he says, spring from "lack of human intelligence, not a failure of the federal government to be monitoring our every movement." Letting customers believe the latter is doing them a great disservice.