The privacy legacy of Edith Marcus

Edith Marcus passed away recently. You may never have heard of Edith; she was a private person in the best sense of the phrase. While Edith did make use of technology, she was keenly aware of the personal information she shared, who she shared It with, and what others did with the information. For privacy professionals, that is her legacy.

Who was Edith Marcus?

In full disclosure, Edith Marcus was my cousin and was 92 when she passed. She lived an amazing life from her escape from Nazi Germany as a child with her mother and grandmother to learning English by going to the movies while attending New York City schools to taking part in the birth of the state of Israel to being part of the introduction of computers to a Big 8 accounting firm.

Edith limited her use of technology. She was particularly concerned about technology that caused her to share her personal information or that might monitor her activities.

• Edith had a mobile phone…a flip phone. She never saw the benefits a smart phone could offer her daily life;
• Edith had an Amazon kindle…which I bought for her and registered it to an email address someone else watched for her;
• Edith did have digital cable tv and a security system for her home, but she viewed these as necessities for which she was willing to share limited personal information.

Edith never used the Internet. She never had an email account (aside for the one for her Kindle). She could not use a browser and she never had a computer for her personal use.

Is technology required for your business’s customers?

When I discuss customer communications with many organizations, the answers tend to be to send an email or post something on a website. These are quick, inexpensive, and effective mechanisms to get a message to your customer base. In Edith’s case, she would never see the message.

“Do my customers need to be minimally technology savvy to do business with us?” is the question this raises for an organization. In the case of a Kindle, “Yes” is a proper answer. In the case of a brick-and-mortar retailer, a utility company, or a financial services organization, for example, “No” might be a better response. For privacy professionals, the answer to this question may cause a change in perspective.

Many privacy notices, for example, are available on company websites. If being technology savvy is not a customer requirement, a privacy team should consider how to provide the notice without the use of a website. Hardcopies or posting of the notice in a retail location or the ability to send a copy of the notice through postal mail are potential solutions.

The customer service operation should be able to respond to requests about privacy practices without requiring technology. A support center, for example, should be able to access a knowledgebase and discuss privacy practices when a curious customer calls.

Are you transparent enough?

I spent time with Edith researching products for her use that required sharing personal information. As she became interested in certain products, she was always asking how the company uses her personal information.

Diving into the company’s privacy notice, we would read the policy together. The consultant in me would kick in and I would explain what the legalese (in many cases) meant. A response of “Why don’t they just say that?” was not unusual.

It was also not unusual for Edith to reject a product because the privacy notice was unclear or a company had too many alternate uses for data without the opportunity to opt-out.

For example, we discussed the use of smart home technology so Edith could use voice commands for her television or her lights. Several articles appeared around that time discussing how these products were always listening. Even though a privacy notice may give an explanation that the product isn’t really doing this, the notice is in a product’s box (or on the website) which, for Edith, was inaccessible before a purchase is made.

For Edith, privacy was a product differentiator.

The legacy

Edith was not a technophobe. Edith was not a Luddite. Edith was a private person who used technology when it helped the life she chose to lead.

For privacy professionals, Edith’s legacy reminds us that our work within our organizations to assure that proper collection, use, and protection of personal information can have an impact on the revenue for our organizations. It should give us incentive to embrace and champion the principles contained within Privacy by Design. It should make us realize that what we do does make a difference.

For executives, Edith’s legacy is a reminder that you need to understand your customers and that they use your products and services at their pleasure. If you cannot fit into the customer’s lifestyle, cannot meet their privacy needs, or easily explain how you use and protect personal information, maybe a competitor will.