The U.S. meets offshore privacy laws

From...

By Patrick Thibodeau

(IDG) -- Information technology (IT) managers have long known that privacy rules can have a direct impact on database design and customer relationship systems.

Now, they're also learning that international privacy requirements can affect IT in ways that you wouldn't expect. Take the case of Eaton Corporation.

Eaton, a diversified manufacturing company with 52,000 employees, conducts remote periodic scans of PCs at its European offices from its headquarters to ensure its systems are operating with an accurate inventory of licensed software. It also conducts remote virus scans.

But before these scans can be conducted, European rules state that the employee who works on the PC must be notified that the system is about to be scanned, says Jack Matejka, Eaton's director of IT security.

The rules were intended to give employees notice if a company decided to review data files or a browser's cache files, but they also affect routine system maintenance. "This is one of the new issues that we have to learn about," he says.

IDG.net INFOCENTER Computerworld main page Computerworld's topic-oriented communities Computerworld's IT career center Free daily newsletters Related IDG.net Stories PC World poll highlights privacy concerns Phone number to e-mail service raises privacy concerns Congress debates security vs. civil liberties Features PC World.com Product Finder Mastering e-commerce by degrees Fast-track training puts nontechies in IT jobs Visit an IDG site Choose a site: IDG.net CIO Computerworld Darwin Dummies.com GamePro.com The Industry Standard ITWorld.com InfoWorld.com JavaWorld LinuxWorld Macworld Online Network World Fusion PC World Publish.com UnixInsider IDG.net search

And there's a lot to learn. Corporations are struggling to comply with the European Union's privacy rules as well as an emerging set of stringent data-sharing requirements in Canada.

For instance, Procter & Gamble in Cincinnati, Ohio, solved the problem of global privacy compliance by adopting a set of customer privacy rules that can meet Europe's standards -- standards that are considered the most demanding because of provisions giving customers access to data about them and allowing them to choose how that data is used.

Adopting different privacy standards for various countries "creates added cost and potential problems," says Mel Peterson, Procter & Gamble's privacy manager. But that wasn't the only reason for adopting the higher standard. Strong privacy rules also build customer trust, he says.

"If you're not giving [consumers] control, why should they have any confidence in giving information to you?" says Peterson, at the Privacy 2001 conference sponsored by the Ohio Supercomputer Center's Technology Policy Group in Columbus.

Companies operating in the United States aren't required by law to offer any specific privacy protections unless they're in a regulated industry, such as financial services and health care. But international privacy standards will affect more U.S. companies, primarily because of actions by Canada, the States' largest trading partner.

Canada has adopted a set of privacy rules similar to the European rules. The law is being phased in. Beginning this year, it applies to regulated Canadian businesses, including airlines, banks and telecommunications firms. Once it's fully implemented, the law will cover any business that collects personally identifiable information.

Giving customers choice on how information is used "is a better way to earn their loyalty," says Peter Cullen, the chief privacy officer at the Royal Bank of Canada in Quebec. "We think of this more as a business opportunity as opposed to a regulatory burden or law."