• United States




The privacy legacy of Edith Marcus

Jun 16, 20175 mins
Application SecurityData and Information SecurityPrivacy

Edith reminds us that privacy can be used to differentiate products and services to a consumer. If your organization cannot explain your use and protection of personal information, maybe your competitor can.

customer loyalty ts
Credit: Thinkstock

Edith Marcus passed away recently. You may never have heard of Edith; she was a private person in the best sense of the phrase. While Edith did make use of technology, she was keenly aware of the personal information she shared, who she shared It with, and what others did with the information. For privacy professionals, that is her legacy.

Who was Edith Marcus?

In full disclosure, Edith Marcus was my cousin and was 92 when she passed. She lived an amazing life from her escape from Nazi Germany as a child with her mother and grandmother to learning English by going to the movies while attending New York City schools to taking part in the birth of the state of Israel to being part of the introduction of computers to a Big 8 accounting firm.

Edith limited her use of technology. She was particularly concerned about technology that caused her to share her personal information or that might monitor her activities.

  • Edith had a mobile phone…a flip phone. She never saw the benefits a smart phone could offer her daily life;
  • Edith had an Amazon kindle…which I bought for her and registered it to an email address someone else watched for her;
  • Edith did have digital cable tv and a security system for her home, but she viewed these as necessities for which she was willing to share limited personal information.

Edith never used the Internet. She never had an email account (aside for the one for her Kindle). She could not use a browser and she never had a computer for her personal use.

Is technology required for your business’s customers?

When I discuss customer communications with many organizations, the answers tend to be to send an email or post something on a website. These are quick, inexpensive, and effective mechanisms to get a message to your customer base. In Edith’s case, she would never see the message.

“Do my customers need to be minimally technology savvy to do business with us?” is the question this raises for an organization. In the case of a Kindle, “Yes” is a proper answer. In the case of a brick-and-mortar retailer, a utility company, or a financial services organization, for example, “No” might be a better response. For privacy professionals, the answer to this question may cause a change in perspective.

Many privacy notices, for example, are available on company websites. If being technology savvy is not a customer requirement, a privacy team should consider how to provide the notice without the use of a website. Hardcopies or posting of the notice in a retail location or the ability to send a copy of the notice through postal mail are potential solutions.

The customer service operation should be able to respond to requests about privacy practices without requiring technology. A support center, for example, should be able to access a knowledgebase and discuss privacy practices when a curious customer calls.

Are you transparent enough?

I spent time with Edith researching products for her use that required sharing personal information. As she became interested in certain products, she was always asking how the company uses her personal information.

Diving into the company’s privacy notice, we would read the policy together. The consultant in me would kick in and I would explain what the legalese (in many cases) meant. A response of “Why don’t they just say that?” was not unusual.

It was also not unusual for Edith to reject a product because the privacy notice was unclear or a company had too many alternate uses for data without the opportunity to opt-out.

For example, we discussed the use of smart home technology so Edith could use voice commands for her television or her lights. Several articles appeared around that time discussing how these products were always listening. Even though a privacy notice may give an explanation that the product isn’t really doing this, the notice is in a product’s box (or on the website) which, for Edith, was inaccessible before a purchase is made.

For Edith, privacy was a product differentiator.

The legacy

Edith was not a technophobe. Edith was not a Luddite. Edith was a private person who used technology when it helped the life she chose to lead.

For privacy professionals, Edith’s legacy reminds us that our work within our organizations to assure that proper collection, use, and protection of personal information can have an impact on the revenue for our organizations. It should give us incentive to embrace and champion the principles contained within Privacy by Design. It should make us realize that what we do does make a difference.

For executives, Edith’s legacy is a reminder that you need to understand your customers and that they use your products and services at their pleasure. If you cannot fit into the customer’s lifestyle, cannot meet their privacy needs, or easily explain how you use and protect personal information, maybe a competitor will.


Bob Siegel has extensive professional experience in the development of privacy policies and procedures, the definition of performance metrics to evaluate privacy maturity, and the evaluation of compliance. He has extensive experience with PCI DSS and Safe Harbor and has deep subject matter knowledge surrounding key laws and regulations regarding consumer privacy and information security.

Throughout his career Bob has worked with computer applications and business practices that guard personal information. In addition to developing these systems, he trained employees to use them properly and efficiently. As the collection of personal information has increased, he has developed new approaches to help his organizations protect their sensitive data (both electronic and paper-based).

Bob is a Certified Information Privacy Professional, awarded from the International Association of Privacy Professionals, with concentrations in US Law (CIPP/US), European Law (CIPP/E), and Canadian Law (CIPP/C). He is also a Certified Information Privacy Manager (CIPM) and a Certified Information Privacy Technologist (CIPT). He is a member of the IAPP faculty and has served on the Certification Advisory Board for its Certified Information Privacy Manager (CIPM) program as well as the Publications Advisory Board. He was also recently awarded as a “Fellow of Information Privacy” by the IAPP.

Most recently, Bob served as senior manager of Worldwide Privacy and Compliance for Staples, Inc., where his responsibilities included development, awareness, and compliance of global privacy-related policies and procedures for more than 60 business units in 26 countries.

A seasoned program management expert, Bob has a long record of accomplishments in business planning, information privacy, sales support, customer support, application development, and product management. He has helped executive teams convert strategic plans into programs with well defined, measurable outcomes. He also has created realistic program schedules and budgets, resolved critical path issues, managed risks and delivered results consistently on time and within budget.

Bob can be reached at

The opinions expressed in this blog are those of Bob Siegel and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.