In the last few weeks, much attention has been directed to the degree of responsibility consumers bear for their level of privacy awareness as it pertains to their chosen vendors. Some argue that, in spite of woefully low click-through with online privacy notices, their availability means individuals bear the responsibility of ensuring they are appropriately aware of how their data may be collected and used by an organization. Others argue that woefully low click-through rates mean companies have an even greater responsibility to make the consumer aware of how they intend to collect and use information.
A number of companies have taken innovative steps to raise levels of privacy awareness among their customers in order to enhance transparency and build a better relationship with the public. We examine two such companies this month-AOL and Google-and talk with a number of privacy experts to get a sense of whether these programs represent a trend, or if there are better ways to address this issue.
We've also posted an open letter to the world's privacy regulators encouraging them to look to the United States for lessons learned on the issue of compulsory privacy breach notice. Governments in Canada, the EU, Australia and New Zealand are among those considering new laws that would require organizations to make notification following a data breach event. While there have traditionally been differing philosophies between the U.S. and these governments on how to approach the issue of privacy protection, our three years of experience dealing with notice offers many valuable lessons that should not be ignored.
After reading our open letter, we're curious to hear what you think-especially our international readers. Have privacy breach notification laws in the U.S. worked, or do you believe there's room for improvement? Write to us and let us know.
J. Trevor Hughes, CIPP
Executive Director, IAPP