I’ve blogged about this topic in the past — on an earlier, now defunct blog. But I think it is a topic that should be of interest to all of us who consider ourselves data professionals…so let’s talk about data privacy policies.
We’ve all seen them, if not read them. You know what I’m talking about… those little flimsy paper inserts that your bank, your credit card companies, your insurance company, your mutual fund company, and others slip inside your statements and bills.
We all get them. Those inserts in our bills and financial statements printed in small type and written in convoluted English. I have started collecting them – sort of like baseball cards. But I doubt they’ll ever be valuable. They are entertaining, though. And many are quite disheartening.
One thing you’ll see in just about every one of these little documents is the phrase “…unless otherwise permitted by law.” So, basically they are telling us this: “We’ll do what we say here unless we can find some law that allows us not to.” Oh great! I guess we all have to read every law on the books before we can trust this policy. I’d feel a lot better if the document had the phrase “…unless otherwise forbidden by law” in it. That way we could (hopefully) feel confident trusting the policy to be as strong as what is actually written there, if not moreso. As it is, we should feel confident that the policy is not anywhere near as strong as what is actually written there until it is proven otherwise. I guess I’m a pessimist, but I think I’m actually more of a realist given the sad state of data privacy, security, and protection these days.
It is interesting to compare the privacy policies for the same company as (if) they change each year. One trend seems to be the addition of Chief Privacy Officers. This could be a good trend. But I bet the Chief Privacy Officer is more concerned with furthering the interests of the company s/he works for than actually protecting the privacy of the company’s customers. But maybe I’m being a pessimist again?
The bottom line is that privacy is evaporating. We should try to do as much as we can to stop that evaporation. So should the companies that we do business with. And so should all data management professionals who deal with corporate data on a daily basis.