Information Privacy Forum
by Paula J. Hane
With Gen. Colin Powell, Bill Clinton, and Tom Peters headlining
the event, who wouldn't jump at the chance to attend the 5th Annual Information
Privacy Forum? Sponsored by OneSource Information Services and The Donnelley
Group of infoUSA, the forum was held July 7–10 in Aspen,
Colo. The annual event drew a diverse group of key company customers; some
industry analysts, experts, and press; and business and world leaders.
This year's forum, which consisted of approximately 160 people, provided
a series of six panel discussions and continuous opportunities for audience
questions and comments in addition to stellar keynote addresses. Since Donnelley
companies serve the needs of marketers, the question of how businesses can
meet the challenges of marketing in an age of consumer rights' legislation
was emphasized. But, there were also insights into how to strike a balance
between consumers' rights to privacy and marketers' rights to transact trade
as well as discussions on using technology to protect privacy, the role of
leadership, and the impact of outsourcing on American businesses.
Hosting the invitation-only event was Ray Butkus, president of The Donnelley
Group. He set the stage for discussion by commenting on the unfortunate rash
of database thefts of private information. "What was on the minds of a few
database professionals 5 years ago is now the stuff of the evening news and USA
Today." Marketers are obviously worried about the negative effects this
might have on consumer buying behavior. This fact was reinforced by the July
4 issue of Newsweek I brought on the trip: Its cover story was "The
Scary New World of Identity Theft; 40 million hacked credit cards: are you
Butkus said the Federal Trade Commission (FTC) reported that, for the fifth
consecutive year, identity theft topped the list of complaints, accounting
for 39 percent of the 635,173 consumer fraud complaints filed with the agency
in 2004. He said 2005 appeared to be the year of "personal data protection."
In fact, the Personal Data Privacy and Security Act, introduced by Sens.
Patrick Leahy, D-Vt., and Arlen Specter, R-Pa., is under consideration in Congress
as I write this. And Sen. Gordon Smith, R-Ore., recently introduced the Identity
Theft Protection Act (http:
//www.congress.gov/cgi-bin/query/z?c109:S.1408:). It was the 10th
identity theft bill introduced this session.
Security Is a Process
The first panel addressed whether identity theft was a "ticking time bomb." Jim
Harper, director of information policy studies at the CATO Institute (http://www.cato.org),
said it's not really an explosive problem. "It's more of a rolling compost
pile." He said there's a difference between security breaches and "identity
fraud"which he said is the correct name for the problem, not "identity
theft." Just as it's not good practice to have a single key to all one's properties
(house, cars, safe, etc.), he feels it's not good to have a single identifier
key (such as a national ID card) to all financial and personal dealings. (The
CATO Institute is a nonprofit research foundation that "seeks to broaden the
parameters of public policy debate to allow consideration of the traditional
American principles of limited government, individual liberty, free markets,
Howard Beales III, associate professor of strategic management and public
policy at George Washington University, said that information is valuable and
that thieves will continue to go after it. Beales, who was director of consumer
protection at the FTC from 2001 to 2004, stressed that security is an ongoing
process. Just having a regulatory requirement won't fix the problem. The recent
data breaches occurred in publicly regulated companies.
The consensus among the experts was that data security problems will continue
and, in fact, may worsen. Evan Hendricks, editor and publisher of Privacy
Times, said criminals realize this is a low-risk, high-potential crime.
He feels that the credit report is at the center of the problemit facilitates
the theft and then becomes the source of an individual's problems after the
theft. Our national policy tilts toward the prerogatives of large organizations,
in his estimation, and he predicted that we will have to move the interests
of individuals higher. We need to provide individuals with the opportunity
to access personal records and the ability to correct the information.
Jerry Cerasale, senior vice president of government affairs at the Direct
Marketing Association, echoed these sentiments and said that notification is
the major key. He said an individual's access to and ability to correct data
should apply not just to marketing or credit databases, but to all databases,
such as employee files. He said at least six committees in Congress are currently
grappling with proposed notification legislation. He thinks nothing will pass
in 2005, but it may be approved in 2006.
Though Cerasale said nothing is foolproof, he gave the following advice to
Have a security policy in placein writing.
Train your employees.
Supervise your security.
Use the latest technologythe bad guys will.
Review and update procedures constantly.
Esther Dyson, editor of Release 1.0 and former chairman of the Electronic
Frontier Foundation (EFF), said she loves technology and what it makes possibleespecially
the empowered consumer. But, she argued that we can and should use technology
in more creative ways. The challenge for companies in the marketing industry
is how to explain themselves to consumers. "Forty percent of consumers are
removing ‘cookies' [from their PCs] because they don't understand the
benefits and are paranoid." She mentioned Safecount.org, a recently formed
industry coalition of research and marketing professionals that advocates safe
some positive developments in identifying spyware and in authenticating senders
Campbell Tucker, director of the privacy office of Wachovia Corp., works
companywide to ensure that use of customer information is in compliance with
privacy laws and regulations. Also key, he said, is consistency with customer
expectations. "It's important to ask consumers what they want and how they
want to be communicated toand make sure you respond to their complaints."
Leaders Set the Tone
Business guru Tom Peters, author of a string of bestsellers (In Search
of Excellence, A Passion for Excellence, Liberation Management,
etc.), talked about what companies can do to survive in an age of "discontinuities." In
particular, he addressed the need to "re-imagine" marketing and the notion
that customer-centric should be equal to privacy-centric. Echoing themes
from his 2003 book Re-imagine!: Business Excellence in a Disruptive Age,
Peters said, "It's a dangerous world, and it's going to become more dangerous."
He continued: "It's not your father's world anymore. ... We're in a Dell-WalMart-eBay-Google
world." His guiding tenets for companies trying to navigate in this challenging
Innovate (don't imitate)
Peters is transfixed by what is going on in Chinathe size and rapidity
of change stuns him. "I will never again wear a baseball cap that is not made
in China, and I will never take a new drug that has not been researched and
developed in China." Only innovative, disruptive, and "freaky" thinking will
enable companies to succeed, in his estimation. He feels that outsourcing is
inevitable but called on companies to do "best-sourcing," by which he means, "Work
only with the best on earth."
Powell's Sage Advice
The importance of leadershipwithin companies and within Americawas
the thrust of Gen. Colin Powell's inspiring speech. While denouncing the terrorist
attacks in London and agreeing that all countries must do what is necessary
to protect themselves, he urged caution: "As we protect ourselves, we must
be sure not to shut ourselves down. America must be seen as a friendly,
welcoming place." And, despite the ongoing challenges in Afghanistan, Iraq,
and elsewhere, he continued to urge diplomacy and said it's important to understand
where we've been successful to see what to do next. "The world will continue
to look to America for leadership," he said.
Not surprisingly, the notion of leadership for this retired four-star general
is one of selfless service. "Take care of your people," he said. "Communicate
to your followers a sense of mission and purpose. And, give people the
training and tools to do their jobs." He continued: "People want leaders who
can convince and convey to each person in the organization the value of what
each does within that organization."
While he didn't address information privacy issues directly, his amusing
anecdotes about dealing with problemsfrom information technology challenges
at the U.S. State Department to mediating between leaders of other countriescontained
insight about rational problem solving and the power of having a value-based
sense of mission. Maybe we should urge Powell to tackle our privacy and data
security issues, now that he's retired (for the second time). I'll bet he'd
get those Congressional committees moving toward a good compromise while securing
cooperation from the credit agencies and businesses that collect personal data.
In wrapping up, Butkus shared three themes that he heard recur through the
Privacy protection mattersno matter what the company or size.
Customer "closeness" matters (but use the term "close" carefully).
Companies should ask: What are we helping customers fix, accomplish, or avoid?
Leadership matters, both on a company and personal basis. Personal
leadership translates into how a company communicates to the marketplace.
A perspective that clearly emerged from the forum was that we can't just
throw technology at our problems, whatever they arecustomer relations,
privacy, or identity fraud. People and the company culture play a major role
in the success of any solutions.
Paula J. Hane is Information Today, Inc.'s news bureau chief and editor of
NewsBreaks. Her e-mail address is firstname.lastname@example.org.
Send your comments about this article to email@example.com.