Privacy
By law, majority of business institutions are required to provide their customers with information regarding their privacy policies on an annual basis. Business institutions are prohibited from sharing nonpublic personally identifiable customer information with non- affiliated third parties, unless consumers are clearly provided with an opportunity to opt-out. However, there have been concerns among people, as the opt-out process is time consuming for many individuals and in some cases privacy notices have been found too difficult to understand. Customers also indicate that current privacy notices are too long, contain too much legal jargon, or are too hard to read.
The privacy notices that business firms traditionally send to their customers are not new, however, with the growing explosion of the information systems and the Internet, the federal agencies have begun to question whether the traditional types of the privacy notices are adequate or there is a need to revamp the notices given to the consumers. But executives at banks, thrifts, and credit unions argue that their institutions have already invested time and money in creating notices that comply with the law and therefore changing the format of privacy notices now would render that work irrelevant and add cost to the consumers. They argue that change in the privacy notice would be a waste of time and money.
Examples of Privacy Notices
State agencies generally regulate rules on privacy law. Because of the different kinds of privacy notices that are delivered to consumers, there has been a push toward the uniformity. Presently, the complaint is that most of the privacy notices are long and require the customer to fill the form or call a telephone number for opting out. This has created too many variations in the privacy notices. Toward this end, state agencies are claiming that uniformity in the notices makes it easier to compare and monitor privacy policies. State agencies have suggested three formats: first, the use a simple format in which a business would list a data-sharing practice and indicate with a "yes" or "no" whether it engages in that practice. A second suggestion relies on the use of a template, in which a bank could describe its practices and specify what information is collected and how it is shared, and how a consumer can contact the department that oversees privacy. The third model tells consumers that they can ask their companies not to share their data with other companies and would offer them two "opt-out" options: One would bar the organization from sharing information with outside companies, and another would bar it from sharing with affiliates. However, many consumer advocates argue that each of the suggestions has a fatal flaw: They encourage customers to opt out. And this is a big shortcoming, because majority of consumers do not pay any attention to privacy notices, and even if they read, they forget to contact their companies because often the number provided by these companies are either busy or none is available to record their choice on the opt out (Linder, 2004).
Though the Financial Services Modernization Act, also known as the Gramm-Leach-Bliley Act of 1999, opened the door for financial services companies to merge and create partnerships with each other and other types of businesses. In response to consumer criticism and numerous lawsuits alleging serious privacy violations, the act included a provision aimed at protecting consumer privacy. This provision was supposed to allow consumers to bar these companies from sharing their names, addresses, social security numbers, account balances and other personal information (Lee, 2002).
Certainly, companies are working hard to comply with a bewildering array of fast-changing regulations that are under the preview of state, federal, international and industry-specific privacy rules. Writing a standard privacy notice that summarizes all regulatory and legal requirements can be a huge challenge for the companies. Privacy notices, which are required in every state, spell out clearly company's policies for handling personal data. Several laws require companies to clearly articulate what they can or can't do with confidential information. But differing requirements make it hard to draft a standard policy. For instance, many states still use privacy provisions from a 1982 information practice act that requires insurance companies to use specific phrases -- relating to how information might be shared for law enforcement purposes. Some other states require that companies include opt-in policies in their privacy statements. Opt-in policies require companies to seek and receive a user's permission to collect and use personal data.
To comply with private data, companies are required to establish a detailed inventory of all sensitive data everywhere in the corporation,...
Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.
Get Started Now