North American Corporate Privacy Comparison

Scooter[AMMO] writes "The Toronto Star has published an article on a study comparing the way companies protect the privacy of their customers, which is surely a topic of interest to most /.'ers. Choice quote: 'The study, the first to compare the corporate privacy practices of comparable Canadian and U.S. firms, found that Canadian businesses see their privacy practices as an opportunity to improve relations with customers, while their U.S. counterparts viewed privacy measures more as a way of complying with legislation and avoiding civil lawsuits.'"

Because

Most American companies are too thick to treat the consumer with respect as a route to profit, rather than squeeze them for all they have.

It's an attitude thing, OK maybe not geo-specific, but it's prevailant in a profit driven world.

Re:Because

[BigBir3d]

I think it is geo-specific. Fuck the customer in every way possible, and make sure they don't find out. That is the US corporate mantra nowadays.

If you need examples, go car or house shopping.

And the best part is the employees are finally seeing that it is not just the customer getting fucked, but everyone below the CEO in the company as well. Unfortunately, most are adapting the "that is just the way it is, so I have to cover my own ass" attitude, which of course takes away from their ability to do a good job.

Re:Because

[Paulrothrock]

Unfortunately, that's the way it's got to be. Because corporations won't do the right thing, they have to be regulated so that it's unprofitable to do the wrong thing. Unfortunately, people are so against regulation that they never get changed, so the people who run the corporations and get caught doing the wrong thing simply treat fines as costs of doing business. And anyone who thinks they should be regulated so that they act in the best interests of the public *and* their shareholders is an unpatriotic communist who should move back to Russia.

Meet the new boss, same as the old boss.

Re:Because

[homer_ca]

"Because corporations won't do the right thing, they have to be regulated so that it's unprofitable to do the wrong thing."

There's another reason behind it. Customers don't punish companies in the marketplace for violating their privacy. Some theories I have are:

- Customers don't make the connection between companies handing over their private info and the results like junk mail and telemarketing.
- Some privacy violations have abstract and not concrete results like your data going into some giant government database, e.g. TIA, CAPPS II. So either customers don't know about it, don't care because it doesn't affect their everyday lives, or don't make the connection back to the company that handed over their data.
- Customer have no choice. We assume everybody will sell your data to telemarketers given the chance.

Re:Because

[JWW]

I've just been thinking about this lately with respect to world events.

Everyone is claiming that the President should have know about the prisoner abuse in Iraq. Well, thats all fine and good, but what does that mean when its applied to you and your job? Does the president/CEO of your company need to know everything thats going on at your company? If you answered yes to that question, then the inverse of that is; do you have any decisionmaking ability whatsoever in your job?

I find it disturbing how many people in the media and people in general expect full and absolute accountability from top levels of companies and the government, yet fail to realize that this means there will end up being no responsibility or care for the customer at the bottom if those people have no power or influence. Of course in the corporate (and I'm sure government too) world, there is also a lot of higher ups blaming their powerless workers for problems created from the top as well.

The power and the responsibility need to be at the same level, or things get broken fast.

Re:Because

[E_elven]

Good question. On the other hand, try and beat up one of your customers when you go to work today. See if anyone takes notice.

Re:Because

[Paulrothrock]

Those are excellent points, but I'm not just talking about privacy issues. Walmart comes into a town and undersells every mom and pop establishment out. Mom and Pop then start shopping at Wal Mart, because they've lost their choice. It's not that they want to, it's that they have to, because Wal Mart's the only game in town.

Case-in-point: If I wanted to shop at a supermarket that didn't have a "rewards" card I would have to drive 15 miles from my home and pay almost twice as much for my groceries. Right now, I can't afford that. So I'm forced to give money to a corporation that buys land and leaves it vacant so their competitors can't move in.

For someone in a large market, it's easy to say "well just don't shop there," but most of America is in very minor markets. (For example, my town, the capital of Pennsylvania, got its very first Starbucks in March 2004.) There isn't another game in town. And since any entrepreneurs are either prevented from going to market by large start-up costs or bought out as soon as they become successful, we have no choice but to do business with the companies we loathe.

Re:Because

[arkanes]

It's not so much knowing every little detail of what happens - thats obviously impossible. However, good leaders should be (at least) aware of general policy decisions. They should also be accountable, whether or not they had knowledge - they're in charge, and it's thier responsibility to make sure that the people they're in charge of are following policy. If someone is breaking the rules, then they'r responsible (directly or indirectly) for finding that out and for correcting the situation.

Accountability, after all, is why (supposedly) we pay CEOs all that money. You're the ultimate go-to guy at a corporation and all responsibility and accountability ultimately rests with you. It's the same with the commander-in-chief - it's not just about being able to tell the Army to go kill people, there is responsibility involved as well. After all, you're the voice of the military to the public, and you're expected to have satisfying answers when stuff like this ends up in the public eye. Trying to pass the buck when you're the guy in charge is a sign of weakness and poor leadership, imo.

Re:Because

[JWW]

I agree that accountability is important, but what you see in some of these cases is a feedback loop working against it. For example, customer support problems could be a result of bad procedures and processes. If the people working on the "front lines" in customer support could change things to improve service, service may well improve.

But, in most cases, the management likes to measure things that are supposed to make customer service better and then make their decisions. But they can't handle all that raw data for each case so they come up with measurements like call times, and # incidents closed and others that if you really looked hard at them have no bearing on improving customer serivce, but in fact can be very significant in making it worse.

Re:Because

[RobinH]

Does the president/CEO of your company need to know everything thats going on at your company? If you answered yes to that question, then the inverse of that is; do you have any decisionmaking ability whatsoever in your job?

Speaking as a project manager, the answers to those questions are YES/YES. As a manager, I have the power to delegate my decision making authority to those who report to me, and those people become responsible for their actions only to me. I'm still responsible to the person who gave me the job in the first place.

You can delegate your authority, but not your responsibility (though many managers seem to get away with it).

Re:Because

[Zoshnell]

Coming out of working at a call center for B C&G Wireless(Name mispelled to protect the "innocent") This was precisely the case. We all busted ass working with constricting rules(calls had to be under 5 minutes and still result in x number of contract renewals, you couldn't say to the customer the truth about outages in both the wireless network and the systems[everything was was always "Updating"],jackhole policies each month[like sticking a Regulatory Programs Fee while still fighting Line Number Portability and then screwing that up], and last but not least, wonderful employee policies[we got a bonus every quarter and a value share bonus every year, and if you weren't actually employed on the day they give out the bonus, you are screwed.) I'm glad I did get out of there and now I try to warn away potential customers so they won't have to deal with the crap I had to shovel on people. Plus, alot of reps took the easy way out and just started lying(like most of the High Scoring Call Centers did.) Just my two cents.

Re:Because

[GOD_ALMIGHTY]

You assume that the individuals who actually carried out the dirty work acted alone. I've yet to see anyone assail a CEO or government leader because they lacked the ability to be omnipresent or see into the future. What I have seen is criticism that the policies that those leaders or CEO's put in place and the culture they created, led to individuals acting criminally as part of their duties in an organization.

In this sense, the CEO/President is directly to blame. If it's one customer service rep/private trying to screw you, it's a bad apple. If it's a couple of CSR/privates trying to screw you, it's bad management. If all of the CSR/privates are trying to screw you, then it's probably company policy.

When people wear their inhumanity or greed as a badge, then it's a sign of a corrupting influence on the culture. In a healthy culture, such behavior would be shunned and cause one to hide their misdeeds due to shame. If your friend is a salesperson, and gloats about how he screwed his customer, expect the same if you do business with him.

Leaders have a much larger say in the culture of an organization. The more sway they hold, the more responsibility they have to create a culture that is not detrimental to society. The blame is assigned when they fail to live up to that responsibility.

Although I must say, I agree with you're main point that power and responsibility go hand in hand.

Re:Because

[NateTech]

Call centers are the knowledge worker equivalent of sweatshops. The only advice anyone should give about call centers is "get out while you're still young".

Hmmm

[Plaeroma]

In the United States, "It's all about complying with the law, which may or may not have any bearing to people," said Ponemon. "In Canada, I got the sense that they thought it was just the right thing to do."

Isn't that exactly why we have laws in the first place, to set up penalties for not doing the 'right thing?'

Re:Hmmm

[pwackerly]

In truth, we have laws passed by a congressional body that is heavily influenced by corporate lobbyists and corporate spending, and a congressional body that is slow to change and update exisitng laws, especially in terms of handling technolgy. On this issue, I think consumers on a whole have far more power than Congress to effect business practices, though our choice in patronizing companies or not.

Re:Hmmm

[Tackhead]

> > In the United States, "It's all about complying with the law, which may or may not have any bearing to people," said Ponemon. "In Canada, I got the sense that they thought it was just the right thing to do."
>
> Isn't that exactly why we have laws in the first place, to set up penalties for not doing the 'right thing?'

When there's no law, there are market incentives to Do The Right Thing. (If you fail to Do The Right Thing, your customers get pissed off and leave.)

The instant anything is codified into law - whether it's the Right Thing To Do or not - the penalty for failing to comply with the law means you get sued, go to jail, or both.

Oddly enough, as soon as this happens, complying with the law suddenly becomes more important than even thinking about what the Right Thing might be, and Doing The Right Thing falls completely off the radar. Funny, that.

Privacy: It's dead. You have none. Get over it.

Re:Hmmm

[amnesty]

Isn't that exactly why we have laws in the first place, to set up penalties for not doing the 'right thing?'

Not really. Laws are in place to have penalties for doing the wrong thing. That's not the same as 'not doing the right thing'.

Laws don't make you do the 'right thing'. You could simply just do nothing.

Re:Hmmm

[Lee+Horrocks]

Oddly enough, as soon as this happens, complying with the law suddenly becomes more important than even thinking about what the Right Thing might be, and Doing The Right Thing falls completely off the radar. Funny, that.

Privacy: It's dead. You have none. Get over it.

In America.

As it points out in the article, in Canada we have a privacy act that does define legally what the private can and cannot do regarding personal data.

And yet, contrary to your theory, the Canadian companies surveyed are the ones doing the right thing, and the US ones are the ones who are worried about what they can get sued for.

So I guess we are just nicer up here :)

Re:Hmmm

[garcia]

Privacy: It's dead. You have none. Get over it.

and unfortunately that is exactly the reason that privacy is dead. For some reason people have fallen into the trap that "oh well they say we have none so we don't."

I say tell the companies to fuck off and don't give out any information without requesting, in writing, what they plan on doing with it. Don't give any real information to any company that doesn't need it and certainly don't believe what anyone else tells you about your own privacy.

Re:Hmmm

[gid13]

While I see your point about law stopping people from considering right and wrong, I take issue with the claim that there are market incentives to Do The Right Thing in the absence of law.

I think there are market incentives to get your market hooked and charge them repeatedly for no real reason. To form monopolies, and gouge customers for all the money you can.

Consider Microsoft. Not that I think the antitrust situation has been all that hard on them, but would they really be a pinnacle of morality if they didn't have anything to face up to? Consider Walmart. Last I checked, it wasn't a legal requirement to undercut everybody's prices until you're the only business in town. As such, it's probably market incentives that made them do it. Repeatedly.

While customers probably SHOULD get pissed off and leave companies that do this, customers are frequently far too short-sighted to look past the lowest current price, if they're even aware enough to look at it.

Re:Hmmm

[Cecil]

When there's no law, there are market incentives to Do The Right Thing. (If you fail to Do The Right Thing, your customers get pissed off and leave.)

This free-marketeer argument gets trotted out anytime there is a endemic failure within a capitalist market, but it's never quite that simple is it?

Even if it were that simple, the tone of your message says "Oh, whatever, just don't worry about it, stop whining", which is entirely counterproductive.

For the free market to operate properly, people need to care about companies doing bad things. They need to be passionate about it. Every person with a defeatist attitude like that is one more person the companies who do bad things don't have to worry about anymore, who they can abuse at will. When that group of apathetic people reaches critical mass (I'd argue it already did many, many years ago) look out.

Still, all of this assumes that free-market capitalism works as well in practice as it does in theory. That is also up for debate.

Laws are intended to keep the system in check. Neither are perfect, but we make do with what we have.

Re:Hmmm

[Plaeroma]

When there's no law, there are market incentives to Do The Right Thing. (If you fail to Do The Right Thing, your customers get pissed off and leave.)

Ideally, yes. However, this assumes that the consumer cares or is even informed enough to make a judgement call about caring. A lot of times, this just isn't the case. Ideally again, laws help shore this up. But as you pointed out, law is far from being perfect. However, it DOES add another check point, and a very important one at that. I would trust the elaborate system of checks and balances for the law over the assumption that people will do the right thing.

Re:Hmmm

[Martin+Blank]

People do care, but they feel helpless about it. What can one person do?

Answer: A lot, if they know it can be done.

However, sometimes change does come from within. Google's mantra of "Do no harm" may well resonate with people once they start opening up a bit. When one can trust a company out of the gate, it becomes a powerful incentive to be a customer of that company than some other company that can't (or won't) show you what it does with your information. I'm hoping that Google will become a runaway success story so that other companies can follow suit.

Privacy and outsourcing

[GeckoFood]

The privacy issue of customers and employees alike takes an interesting spin when you factor in outsourcing. Suddenly, all of your personal data is in someone's database overseas. That's ok, until there's a political problem. When you have a government who doesn't give a rat's butt about privacy laws in other countries, and someone decides to sell your data, you're screwed.

Re:Privacy and outsourcing

[DrEldarion]

There was actually a Slashdot discussion about that very thing a while ago.

Re:Privacy and outsourcing

[pvt_medic]

this is a huige concern right now in the medical field where there is a trend to outsource your patient records. Transcriptionist in other countries work with your chart and most of your data is stored in a mixture of here and there (really hard to say where anything really is thanks to the internet). But the challenge is if there becomes an issue about privacy or good old HIPPA. Well the hospital subcontracted out this job, to a company who subsequently subcontracted it out, so who is responsible. Not only does american companies only have privacy practices they do everything in their power to make it so they can blame someone else if there is a problem.

Re:Privacy and outsourcing

[tuxette]

One thing problematic (at least to me) about outsourcing to countries that have no privacy laws, is that a lot of European personal data is transferred to these countries, due to the personal data having been transferred from Europe to the United States.

According to the EU Personal Data Directive article 25, personal data cannot be transferred to "third countries" that don't provide an adequate level of protection of personal data (via legislation); the United States is one of these countries. Unfortunately, in article 26, you find a lot of exceptions. And even if the original European and American parties have an agreement about how personal data is to be treated, the American company contracts, and subcontracts, and subsubcontracts the work until finally, well, the work ends up in a country like India or Pakistan where an opportunistic worker can profit from databases full of sensitive personal data, without any chance of seeing a day in court.

People just don't care.

[DrEldarion]

Indeed, 61 per cent of surveyed Canadian companies linked "good privacy practices" to customer trust and brand loyalty, compared to only 17 per cent of U.S. companies.

Maybe it's different in Canada, but there's a reason only 17% of US companies think that - because people around here just don't care! Sure, we complain about spam and junk mail, but how many people do you know (that don't read Slashdot!) actually care about their privacy at all? I'd say less than 10%. Look at how people react to invasions of privacy by the government ("It's for our protection!") and by companies ("Hey, if I use this card who cares if they track my purchases, I saved $2!"). They just don't give a damn!

Is it possible that Canadian citizens care more about privacy, making it make more sense for Canadian corporations to value privacy more?

Re:People just don't care.

[Kenja]

I have two Safeway Club cards. One has the wrong user information on it, so they can't track squat. The other has my real data on it, but its only used when I buy condoms and sour cream.

Re:People just don't care.

[Surt]

Well, in my area there aren't any alternatives. Every grocery chain requires you to have a tracking card to get reasonable prices. Nearly everything I buy is at a 50% or higher discount now. I can't afford not to use a discount card.

Personally, I just try to trade discount cards with like minded people on a regular basis.

Re:People just don't care.

[twbecker]

I'd love to shop at a store that doesn't require discount cards, care to tell me where there is one? I'll admit it, I have cards for 2 grocery stores. And I use them, because I don't want to be ripped off any more than I already am. Like many, I am pretty much against the concept, but unfortunately money has to come first.

Re:People just don't care.

[Laxitive]

The thing is, the government here is actually pretty pro-active here when it comes to enforcing privacy rules (and a lot of other rules that are good for us, but might be ignored if simply left to the masses to enforce by "voting with their dollars"). So it doesn't matter if most people don't care - the government cares enough to ensure that it is done. And that way, I get my privacy even though most others may or may not care.

But that's COMMUNISM! We can't have that! The government meddling in private affairs.. that's the PATH OF EVIL!

Bah. I love this country, and I love what it does for its people. I'm an immigrant that came to the US in 1990. I lived for 9 years in the US, in many different areas (California, Ohio, Louisiana, Washington), and 5 years in Canada. There's a reason I became a Canadian citizen, and never attempted US citizenship.

-Laxitive

Re:People just don't care.

[mahdi13]

what kind of privacy is lost by using a discount card?

The police could use it to verify that he bought that bottle of JD and went for a swerving drive down the interstate at 100mph...

The FBI can verify when/where he bought the needed supplies to start a home making bomb 'project'

His wife can find out that he bought a 12 pack of condoms at the time he was suppose to be at work...and she never saw these

These are things that should not be tracked, ever! We don't want someone going to jail over such 'evidence'!
MY privacy has been compromised! They know that I'm a drunken explosives expert adulterer!! The humanity!!

Re:People just don't care.

[That's+Unpossible!]

Look at how people react to invasions of privacy by the government ("It's for our protection!")

Who is 'they'? I know no one that would react to an honest-to-god "invasion of privacy by the government" in the manner you describe. So either you made up this reaction, or what you consider an invasion of privacy differs from most.

and by companies ("Hey, if I use this card who cares if they track my purchases, I saved $2!"). They just don't give a damn!

OK, I see it was the latter... you just have a different definition of "invasion of privacy."

If a company wants to offer someone discounts in exchange for tracking what groceries they buy, that is not an invasion of privacy, that is a business arrangement. Therefore I am not going to dismiss those people as "not giving a damn." They do give a damn -- they value discounts over the privacy of their grocery purchases.

Perhaps they, like I, don't give a shit if the local grocer knows that someone at my address buys cereal and milk twice a month.

If the tinfoil crowd would save their privacy rage for things that actually matter (such as financial institutions sharing your information), then maybe some of the boneheaded companies would Do The Right Thing.

As it is, there are plenty of American companies out there that are good citizens. However, the tinfoil crowd, and the Candians, are not going to focus on them because it doesn't sell papers.

Re:People just don't care.

[Short+Circuit]

Personally, I just try to trade discount cards with like minded people on a regular basis.

So getting hanged on evidence based on someone else's behavior is better than getting hanged on evidence based on your own behavior? That's like trading firearms with someone so that their murder is traced to a weapon registered to you.

Re:People just don't care.

[BigGerman]

it takes time.
Imagine scenario when some outsourced personal data will surface on a website in some 3rd world country. It is only matter of time before it happens. Public outcry will be enormous.

Can't deny it..

[beldraen]

As a student and part of business school is learning about ethical/privacy concerns. I go to a private, Catholic university that's good about ethics and doesn't over do the religion, so they very good about posing ethical/moral decisions on students. Part of the studies is to recognize international/other nation's attitudes and expectations. On what I've seen, Europe is a far more private and "American" than the U.S. The U.S. business attitude is "ok, we have to comply, but how far can we push this?" Not Europe's, "hmm, is this good for our consumers?"

Sad, really.

Re:Can't deny it..

[Aneurysm9]

I'm not sure that European companies are any more driven by customer concern than American companies, but the laws with which they must comply have been writing with the consumer in mind much more than the hodgepodge of American privacy laws. The European concept is more akin to a property right that can be non-transferrably licensed whereas the US view is that the corporation has a property right in whatever information they obtain and can do with it what they will.

Security Issue Too...

[MisanthropicProgram]

When your medical/financial records are sent to god knows where for whatever reason, your: Name, DOB, SSN, and address are sent along with it. Everything a crook/terrorist needs to steal your identity and cause havoc.
There was this study that most identity thefts are an inside job. Mostly from financial and medical firms. Identity Theft

Good Article

[unixbugs]

This is a classic example of where laws regarding corporations are only abided by because breaking them is illegal, not because they feel compelled to be honest like most hard working people.

Canada has laws against using aluminum to distribute consumable products like FOOD. Aluminum pans are not used in Canda. This is all due to research done years ago linking the build up of aluminum in the human brain to neurological problems like Alzheimers.

But then again, Canadians benefit from socialized medecine. It just doesnt make sense for their government to allow companies to distribute aluminum with food because they will only have to pay for the medical bills and medications of those adversly affected in the long run. Or is it because they are nice?

No laws like that here. Hell you buy enough different kinds of food that comes in aluminum containers to last you a lifetime if thats all you ate. You'd probably be a blithering idiot by the time you were 45, but who cares? Just get someone to stand in line for you at the medicare office, and take up a part time job at McDonalds to pay for the rest of the expenses.

Something is really really wrong with this picture. In a day and age where corporate rule and well being in "the greatest country in the world" is held is such high regard over the well being of the general populace, its a small wonder that nothing short of apathy sweeps the minds of those who stumble upon someone so informed and opinionated.

"I cant change this by myself and all I want to do is make a good life for my family and live another day.." is by and large the mantra of working heads of households. But this is under the guise that tomorrow there will be the right to do what you can for your families. Slowly but surely everything from what you eat and how you eat it to where you live and what you see on the internet is under less and less of your own control.

Welcome to America, take a number and sit the fuck down.

Extremely understandable...

Given the US's past (present and future) trend towards rampant, unbridled, unhindered, wanton capitalism, it should be entirely obvious why this is the case. Legislation that serves the public interest scarcely serves the corporate interest. Now, this would not be a problem if it weren't for one deciding factor that turns a capitalist into a member of the capitalistas: the stock market.

The stock market has corrupted the entire concept of free market and free trade, not supported it. It's a legalization of sleaze. Where else can somebody take an ethically deplorable action, such as firing thousands to inflate quarterly profits, and be rewarded with unimaginable riches by the shareholders?

Capitalism is great, but this neo-fascist capitalist-inspired plutocracy has got to go.

Re:Extremely understandable...

[Hiro+Antagonist]

Don't blame the market; blame the idiot shareholders, who actively work against corporate boards looking long-term. American investors have a very short-term attitude towards profits, and react very negatively towards companies that are willing to sacrifice tomorrow's profits for even greater profits throughout all of next year.

Moral of the story...

[mahdi13]

So Canadian Companies have privacy options to keep the customer happy and the United Stated has it to keep from being sued!

Democracy in action! Only in America you can get sued for knowing someone's name and address!

Off-topic (slightly), Karma whoring (obviously)

[The-Bus]

This is from a packet I got on the credit bureaus. You know all those "You're Pre-Approved for a $50 Discover Card!" mailers you get? It apparently can be removed...

To request that your name be removed from pre-approved credit solicitations developed through credit reporting agencies, you can call 1-888-567-8688 or write the agencies below. Include your name, address, and Social Security number.

Experian
Consumer Opt Out
901 West Bond
Lincoln, NE 68521

Equifax Inc.
Options
P.O. Box 740123
Atlanta, GA 30374-0123

Trans Union LLC
Name Removal Option
P.O. Box 97328
Jackson, MS 39288-7328

I just tried to call the number and it was busy. Certainly feel free to verify any information regarding this. (Google cache of State of NJ website listing this and other methods). I only wish that I could end "CAR RT SORT" mail from getting to me. All I do is toss out dozens of circulars per week. A waste of paper and time.

Re:Off-topic (slightly), Karma whoring (obviously)

[wfberg]

junkbusters has an interesting mention of something called a prohibitory order.

If you fill out USPS form 1500 against any non-governmental organization, they MUST stop sending you mail. It was originally meant to stop pornographic junk mail, but since one man's porn is another man's art, it's now up to you to determine whether you find), let's say, mortgage offers arousing and/or patently offensive.

American vs. ???

[cdrguru]

I suspect this sort of comparison would be even more interesting if it was done with some other areas of the world. Europe vs. Japan, for instance.

I do not believe the average American consumer believes any company is going to "do the right thing" without some sort of legal force behind it. And even then, it will be a question of risk vs. benefit.

So the Canadian company that believes having some extensive privacy statement and following it closely will net them better customer relations is deluding themselves. Similarly, an American company that does not have as extensive a committment to privacy - and perhaps actually does not provide as much "real privacy" to customers is likely operating in an environment where spending more dollars on "improving privacy" is a waste of time and money. In either case, the majority is likely to assume whatever they say, they are lying. What ever they claim to be doing, they are doing whatever they need to do. Period.

Now, it would be nice if there was some organization that actually investigated privacy practices and reported on them. Unfortunately, what we have is membership-based organizations where you pay a fee and get to put a logo on your web page. Does this come with any follow through, education, training or publicity? No. You have a logo on your web page. This pretty much tells the consumer nothing but it does look nice.

Doing the right thing

[pubjames]

I'm afraid that my experience of American companies means that I don't trust them any more. Sorry, but that's the case. Three times now I've been involved in deals with American companies where the American company has betrayed one of their European partners, just to make a fast buck, including one case which financially ruined one of my clients.

You should do the right thing just because it is the right thing to do, not because it's the law or so you don't lose customers.

Re:Doing the right thing

[pubjames]

Three whole times. Out of all the American companies in existence. Wow, thats a meaningful statistic.

Three times American companies have done things that have been duplicitous and harmful to my business. Compared to zero times that I've had a European company stab me or business partners in the back. That's pretty meaningful to me.

My story..

[MisanthropicProgram]

I wsa in a meeting with some marketing people about designing our ecommerce site. To make a long story short, the marketing guy says "We need to collect personal information from our customers."
Me: "Why? We're not doing any marketing studies."
Marketing guy: "Someday, we may need it."
A lot of this has do with the magical thinking that collecting as much information on your customers leads to better business decisions. Most of the time, I see these folks collecting so much data that they don't have a clue what to do with it.

Re:My story..

[skifreak87]

I know for a fact that amazon.com has so much data that they don't even know what to do w/ it. they track so much info, that it's almost useless because they (as of a couple months ago) have no way to process it and gain anything valuable from it.

It's very typical in the do-not-fail nature of many US corps (IMHO), just make sure you don't fuck up, cover your ass so anything that goes wrong can be blamed on someone/something else. This way, if 3 yrs from now someone realizes how marketing data could be useful to your company, the marketing guy doesn't get yelled at for not having the foresight that no one else had.

Last comment, American companies are NOT going to start respecting the consumer's privacy/the consumer until this lack of respect results in less profit which means until consumer's start caring about this enough to pay more for a competing product/service.

Re:My story..

[Destoo]

Somehow, I can find a similarity with most P2P.
Hours and hours of media, apps and games we'll never see or use.
"Someday, I may need a piece of software to alter the plans of my future house". HA!

When I had two toys, I played them all the times.
Now I have 500, and I don't play with any of them.

(dang.. another nostalgic post. Note to self: change that signature asap)

Canada is in its infancy...

[kuwan]

Canada is just in its infancy concerning privacy laws. At one point I'm sure US companies thought it was just the right thing to do, but all it takes is one or two companies to sell out their customers' privacy and then the laws are needed. Then when there's more abuse, even more laws and stiffer penalties come in to the point that companies no longer care about the right thing to do, but they are concerned about protecting their own asses 'cuz they don't want to get sued or fined again.

Then come the opportunistic lawyers that look for ways in which companies are violating the law so they can trump up some frivolous privacy lawsuit and rake in the dough.

Yes Canada, enjoy it while you can. Soon you will grow up, just like your Brother, the US. ;)

Re:In other news

[Paulrothrock]

Is there ever anything good to say about this country?

Yes. It borders Canada.

Too Kind to U.S.

[linuxwrangler]

The article's conclusion seems too nice to US companies. Compare the article:

"It could be that (U.S. companies) feel what they're doing is more than adequate and just as protective of the customer."

with this passage from a MetLife insurance application (printed entirely in bold in the original, emphasis mine):

We may use what we know about you in order to offer you our other products and services. We may disclose this information (other than consumer reports and health information) to our affiliates so that they can offer their products and services, or ours, to you. By law, we don't have to let you prevent these disclosures. Our affiliates include life, car and home insurers, securities firms, broker-dealers, a bank, a legal plans company and financial advisors. In the future we may have affiliates in other businesses.

Is privacy violation worth it?

[91degrees]

I'm sure most people's main privacy concern is companies selling their information (primarily just name and number) to telesales firms. I have to wonder why they do this. Look at the numbers;

There are very few monthly services that cost less than $10 per month. Usually that's over a minimum 12 month term, so that means that for each customer,the company will make $120.

In addition to this, they can sell the customer information for about 1 cent per name. They might even be able to find 100 companies to sell it to. Is that dollar really worth it? Wouldn't a promise never to sell a customer's details be worth more to the customer?

Re:Is privacy violation worth it?

[tuxette]

A lot of companies promise to never sell or otherwise transfer your details to a third party, and then do so anyways. Remember the Toysmart case? They're one of the few that got caught.

Bad Science

[cdrguru]

I know of no respected study that links Aluminum with Alzheimers or any other neurological problems. I know of lots of web pages filled with scary stories about how cooking with Aluminum pans made their aunt, uncle, father, brother or whatever have problems.

No science plus lots of anecdotal evidence leads people to very, very wrong conclusions. And, in places where the "Greens" have more political clout you get laws passed that codify bad science into rules that people think are grounded in something. In nearly all cases this is made-up nonsense from purely anecdotal hearsay.

Re:Bad Science

[Colazar]

You are absolutely right, there are no studies showing a link between eating food cooked with aluminum and Alzheimers, but this isn't something that was made up by loony people either. There was a time when the best available science suggested that there might be a link.

As they studied the brains of people who had Alzheimers, they discovered that they had a lot of placques (sp?) in their brains, and that there was a lot of aluminum in these placques. The discoverers theorized that these might have formed from an excess of aluminium in the body and that this might have come about from a dietary source. They probably suggested many other possibilities, too, since at this point they still didn't know if these placques were a cause of brain damage or an effect of brain damage, or hae any notion of how they might have formed. But the dietary aluminum link is what the press picked up and ran with. And once you get a meme like that out into the public, you start getting all the anecdotal evidence you could want.

As an aside, it always annoys me that here in America we are so obsessed with food that we always want everything to have a dietary cause. For example, cholesterol. When they discovered cholesterol pockets clogging areteries, the first conclusion jumped to was that they came from eating too much cholesterol. However, as the long-term studies roll in, they're finding that that's not really the case. There is a week linkage between dietary cholesterol and blood cvholesterol levels, but there are many other factors that are more important. But since we Americans like to feel guilty about our food, we don't like to hear that.

legal requirements indeed

I work in a library. It took me 2-3 months of constant bugging to get our privacy practices posted on the web. The first reponse we got back from legal council was that, and I quote, "The policy is somewhat that we don't post notices about the law." (the USA PATRIOT Act being the law in question)

Oh well, next up is getting us to admit to the public that we have video cameras installed....

Re:Strange

[ergo98]

I find this very strange coming out of an essentially socialist country.

Isn't it nice when you can box up complex democracies and give them simple, clear-cut black and white titles?

Definitions

Capitalism (AKA the USA): Citizens are forced, through an extremely heavy handed beauracracy (the IRS) of an overbearing government, to hand over a good part of their paycheque to subsidize farmers who can't make ends meet, steel makers that are uncompetitive, a wood industry that just can't cut it, pardon the pun, among a vast and endless array of special interests. Every citizen is forced to support a massive military, whether they like it or not, as well as a massive social structure (primarily for the poor and elderly). Every single citizen who can afford it opts into healthcare through a private insurer.

Socialism (AKA Canada): Oh, they have universal healthcare like the rest of the world. SOCIALIST!

Example:

[hummassa]

If you buy (or not) something during a strike (at Wal-Mart for instance), and the shop (or tracking card) sells this information with a prospective employer, it will know the strength of your position IRT unions etc.

Re:Here we go again United States vs. Canada

[Txiasaeia]

Not to start a flame war (honestly), but I think you've got it a bit backwards. Canadians aren't trying to be more like Europe, we're trying to be less like the US. We get your local news stations here on cable and satellite, and it ain't pretty, so we do anything we can do to make it so that we don't have to sit through five or six gun-related news stories per night.

Why do Canadians do things to distance ourselves from the US? We just don't agree all the time. That's acceptable, right? We didn't want to go to war, you guys did, so we each did our own thing. In Canada, the emphasis is on the community, not the individual - the greater group decided that we didn't want to go to war, so we didn't as a group. In the US, everything is geared towards individuals, so the people that wanted to go to war (i.e. politicans, soldiers) did, whereas the ones who didn't (i.e. Michael Moore ;) ) protested. They're just different systems, that's all. This is a gross generalistion, of course, but it gives you a basic idea.

Disclaimer: I am not a troll. Promise!

Canadians

As a Canadian I would like to help debunk the myth of Canadians as so much "nicer" than Americans.

We have a habitual need to publish smarmy, self-serving articles about our superiority to our chums down south. We pollute less (wrong), we're more environmentally aware (wrong), there's no racism (wrong), we don't have crime (wrong), we're clean (wrong - come to Toronto sometime and sample one of our many fine street corner garbage tornados, sewer reeks and impromptu construction debris dumps), our health care is great (wrong) , our brains are bigger, our dicks are smaller but they're magical so it doesn't matter, the sun shines out of our arseholes to warm the entire world, blah blah blah.

OK, with the context firmly in place, I've worked in two places since the recent privacy acts have some into force and I'm sorry, it's just a bogus bogus bogus self-serving, lie to state that Canadian companies are motivated more by a desire to have "better customer relationships" than by a desire to avoid litigation. Don't make a mistake, this is an opportunitiy for lawyers to scare companies into paying them consultant fees and that is exactly what is happening. Where I've worked (insurance industry) it's been jumping cats trying to avoid doing anything with personal info that could cause lawsuits. Shredders are working overtime. Policy and procedure documents are sprouting like mushrooms. All inititatives are led by lawyers and all the executives have to say is "don't get us sued". Not "we find this a tremendous opportunity to serve our beloved clients" but "We abuse our customers and they hate us. We can't give them a chance to sue us because they will. For god's sake, don't get us sued!!! Please!!!"

Just like in the US, the successful businesses in Canada are those which lie, cheat, and abuse their customers.

Re:In other news

[mahdi13]

America, but is there ever anything good to say about this country?

#1 porn exporter?

It's because people don't care

[vijayiyer]

The reason American companies don't care about customer privacy is because consumers don't care. And consumers don't care because they expect the government to protect them from everything. If people wake up, realize that they need to make decisions rather than legislating everything and criticizing "evil big business", maybe businesses would actually have an opportunity to improve the bottom line by improving privacy standards. As of right now, that's a fallacy in the minds of the average slashdotter.

Re:It's because people don't care

[maximilln]

-----
because consumers don't care
-----
Consumers care about privacy but what can they do? This isn't a game of choosing a different local supermarket because all of the shippers and distributors are tied to the same company. This isn't a game of choosing a different banking institution because they're all tied to the same insurance companies and stock traders. This isn't a game of choosing a different credit card provider because they're all tied to the same three credit reporting agencies.

-----
And consumers don't care because they expect the government to protect them from everything
-----
I agree with this marginally. There is an overwhelming vocal minority, who also happen to be extraordinarily wealthy, who will browbeat the remaining population with "think of the children", or "what if your neighbor is a stalker", or "we need to keep track of you for your own protection". Half the voting is indirectly rigged by the enormous influence of purchasing power in media time so the vocal, powerful minority can easily skirt their issues into office. The rest of us can do approximately what about this?

-----
If people wake up, realize that they need to make decisions rather than legislating everything and criticizing "evil big business"
-----
The overwhelming vocal, powerful minority which controls the politics also controls the largest business transactions. Once again, the rest of us can do approximately what about this? Consumers are kept in a bondage, of sorts, by a tax rate which ensures that the largest percentage of the population is just barely making their bill payments each month with only a trifle left for a paltry savings.

-----
maybe businesses would actually have an opportunity to improve the bottom line by improving privacy standards
-----
Maybe, or maybe not. Businesses are, for the most part, immune from any real impact of wrongdoing. Certainly, now and again, there's a token poster child who gets a large privacy settlement. Once in a while there's a token scapegoat company which gets ransacked. These are little more than a gambling casino methodology. The goal of the overwhelming, vocal, powerful controlling minority is to hand out just enough to keep most of the public pacified and keep the debt strings wrapped tightly around the necks of the remainder.

Slavery is alive and well. It's not that we don't care, it's because we would drive ourselves crazy if we did care because there's nothing we can do about it. Year after year the political dog and pony show goes on and the consumers are always the paying loser.

The difference

[Fearless+Freep]

"Europeans think 100 miles is a long distance
Americans think 100 years is a long time"

OK, what would a REAL privacy policy look like?

[Walter+Wart]

The company I work for is making privacy a big part of its marketing appeal. "Take back your data." "Your information is yours." The Powers That Be want people to be sure that we won't misuse their information. What would a good model privacy policy be for a company that wants its customers to feel warm and fuzzy about their data privacy?

I already talked to EPIC and EFF. For fire-breathing privacy advocates they weren't terribly helpful. They said, more or less, "Nobody has ever asked us this. We're more interested in government policy than what corporations are doing."

Re:Here we go again United States vs. Canada

[oogoliegoogolie]

I noticed Americans have been distancing themselves from Canadians since Canada said "No" to participating in the ousting of Saddam. Kinda like the way they felt about France, but not to the same degree.

We're all Americans.
When Canadians say 'we're not Americans', it's not that we are saying that we're not "North Americans", but instead we're saying we're not United States AMERICANS. Not sure why, but Canadians have always made great effort to distance themselves from being American. Canadians take pride in not being Americans.

I was watching the Just for Laughs comedy festival in Montreal and some American comic came on stage. His skit was mainly comparing Canadians to Americans (Canadians love when Americans talk about us ;), and one of the first things he said was "No other country takes so much pride in not being American as Canada does." ;)

No perceived risk == no action

[at_kernel_99]

Most companies aren't going to do anything about guarding privacy until they get bitten.

A former employer is in the data management business. The data consists of a global set of individuals & certain information about them, including, for some US individuals, their social security number, as well as address info. When I left we were not yet collecting credit card data, but the possibility of doing so in the future existed.

At a corporate level, and as far as clients know, data security / privacy is contractually guaranteed. But the reality is that servers & desktops with all their data are unsecured (physically). Sure, the production machines are all in a secure location, but the data also exists in testing databases, test plans (i.e. documentation), developer databases, developer hard drives, etc. There was absolutely no effort whatsoever to protect the privacy of the individuals' data. We had no visibility to what level of confidentiality our clients' promised their customers, so we made no effort to meet their privacy requirements - which I would presume to be more strict than ours, as some clients were non-US companies.

At one point, a potential client sent a security audit team to our facilities to verify that we met their requirements. For that day, we locked the door to the server room, but otherwise left it open for maximum airflow. (too many systems in a closet designed to house a phone system) In any case, all their data was on the harddrive in my development box anyway, a system sitting on the floor about 8 feet from the back door to the office. A setup that I imagine would hardly have passed their audit, had they asked. That hard drive contains hundreds of thousands of individuals, their addresses and clear-text user ids & passwords to some websites. Since we all know that most users are lazy and use the same password for multiple purposes, the information on that system could be extremely valuable to certain people.

In the face of all this, management expressed essentially no concern for privacy of those individuals, or the potential liability associated with the lack of security.

The logic of capitalism.

[aussersterne]

Of course they care about privacy. They just care about buying power a great deal more.

1) Customers want low prices from the companies with whom they do business. They vote with their feet and dollars by going to the companies who have the lowest prices--subsidized by the sale of customers' private information.

2) Customers want high wages (and thus, by extrapolation, maximum profitability) from their own company. They won't put pressure management not to exploit customers' private information because it would lead to a net loss in revenue.

Thus, the American public votes continuously, day in and day out, that they'd rather have bigger buying power (higher wages, lower prices) than protect their privacy.

The same calculation regrettably applies to protecting the environment, supporting fair labor practices, or having access to quality (read: long lasting) goods.

The forces of Privacy are surrounding the US

[BritGeek]

Of course, one of the interesting things about Privacy (and the lack of data privacy rights for US citizens and residents), is that this whole debate is slowly becoming irrelevant.

I work for a large multi-national financial services company, and we have long been aware how much more stringent the laws are in other jurisdictions. (This is not exactly news.) However, the interesting thing is that there has been a clear trend over the last few years towards increasingly stringent regulations in other countries too. So, the net effect is that the US is slowly being surrounded by laws that are more privacy friendly than those in the US. (Hard to be *less* privacy friendly than the US, generally speaking.)

As companies like mine get more and more forced to adopt practices that conform to the most restrictive of these various bits of legislation, we are tending more and more to say "To Hell with what you can do in the US, we'll just go with something much more like Germany's". Of course, this tendency is only exerting leverage on multi-nationals, but that is a significant chunk of the companies that we all do business with, so who knows?...

What about inadvertant disclosure?

[JohnnyComeLately]

One of the things that struck me about my transition from a large company to a small was the attention to some of the smaller details. At the large company (Sprint) they had policies in place to ensure the small issues like this were taken care of.

TO be specific, at Sprint all sensitive data was put in a "Shred Bin". This meant anything from customer address, phone numbers and info to detailed network drawings with server names, IP addresses and such. Going to a small company, we have invoices dating back a half dozen years with credit card numbers in an unlocked filing cabinet. How many small companies expose their customers' data through oversights like this? I would suspect the number is staggering. Most businesses really just don't think about it because they think, 'Well its been OK for years'. Kinda like leaving the front door unlocked. You may be OK for a dozen years but all it takes is one felon escapee jiggling your front door to change your world.

Now the small company I work for has policies in place. We shred sensitive data, lock up dead-tree with customer info, etc.

Just a different prespective I haven't seen someone post yet.
John