Privacy Issues

People dislike being followed online or on Main Street. In a survey of both brick-and-mortar and online shopping experiences, nine out of 10 consumers rate privacy as important, but fewer than four out of 10 are satisfied with the degree of privacy they enjoy, says market research firm Yankelovich Partners, Norwalk, Conn. To address this concern a growing number of manufacturers are posting privacy policies on their Web sites. Generally they cover such areas as how information is collected and how it is used. Security measures also are described. In its privacy policy for Prozac.com, Eli Lilly & Co. the manufacturer of Prozac, promises to collect, store, and use only information that is voluntarily provided -- a form of "opt-in" or permission marketing. Similarly, Emerson Electric Co. gathers data from willing visitors to its testdriveplantweb.com Web site. But Emerson's privacy policy also admits to selling or giving away that information to third parties or "other reputable organizations whose products or services we think you may find interesting." In some companies, including Electronic Data Systems Corp., questions about storing, securing, and selling information falls to a privacy officer. At Procter & Gamble Co. Mark Schar wears the global privacy officer hat. The ideal candidate for the privacy post brings broad knowledge to the title. A chief privacy officer's rsum should include experience in technology, law, and database marketing. The significance a corporation attaches to protection of personal information shows in the chief privacy officer's ties to the CEO. "If a company is serious about privacy, it will give the title to a tough-minded individual, someone very secure in her position. She will be able to go right to the CEO when other people in the corporation complain she is mucking things up," believes Lester Lave, professor of economics at Carnegie Mellon University. Sometimes privacy posts are hastily created in response to a crisis. U.S. Bancorp, Minneapolis, which recently settled a lawsuit accusing it of selling confidential consumer data to a telemarketing firm, this summer named Patricia T. Bauer to the position of chief privacy officer. Online ad firm DoubleClick Inc. drew of the ire of privacy activists, consumers, and officials when it came out with a plan to create extremely detailed records of individuals. The scheme involved combining two sources of information: the online profiles the ad firm is well known for and data from a traditional direct-marketing company. In February, following an outcry by people worried about privacy violation, the FTC launched an inquiry into DoubleClick's data collection practices. By March the firm announced the creation of a chief privacy officer position and installed Jules Polonetsky, a former consumer affairs commissioner for New York City. It also announced that Robert Abrams, former New York state attorney general, would chair its newly created Privacy Advisory Board. (Calls to DoubleClick requesting comment were not returned.) Consumer-privacy issues are drawing the interest of federal legislators. In 1998 Congress passed its first law governing privacy online. The Children's Online Privacy Protection Act requires companies to obtain parental consent to collect data from children under 13. In July 2000 the Clinton Administration reached a privacy agreement with Internet ad agencies that urges advertisers to clearly state their privacy policies, and asks them not to use potentially damaging personal data such as details related to sexual orientation and health. A bill simultaneously introduced in the Senate would require companies to post clear privacy policies that detail what kind of personal data is collected and how it is used. Companies that ignore the law would face fines of up to $500,000.