“We know that one of the great conundrums of e-business is that it gives enterprises a powerful new capability to capture and analyze massive amounts of customer information so they can serve individuals more effectively. Yet this very capability troubles some people, who see it as a means to disclose or exploit their personal information. These are legitimate concerns, and they must be addressed if the world of e-business is to reach its full potential. At its core, privacy is not a technology issue; it is a policy issue. And the policy framework that’s needed here must involve the technology industry, the private sector in general, and public officials.” November 2001, IBM Chairman, Louis Gerstner, Jr.1
Over the past two decades, privacy has become an increasingly important issue among individuals and governments throughout the world. A testament to this assertion is the number of pieces of legislation that have been enacted in parliaments in free and democratic countries around the globe.2 Legislators across Europe, Canada, the United States, and other nations, have given privacy issues considerable attention: specifically in the context of the way for-profit firms manage their customers’ personal information.
The argument that has spurred consumer groups and governments to take action is that technology, specifically Internet and mobile-related technologies, have made privacy, or an individual’s right to be let alone,3 more difficult to protect than ever before. In today’s high-tech climate an unassuming consumer could be the subject of an invasion of privacy through “cookies” and data mining software (used in internet technologies), tracking technologies (used in cell phones and PDAs), and transaction recording technologies (such as when a credit card is used). Hypothetically, if a cluster of organizations wanted to assemble a complete profile of a consumer by sharing information, this could be done.
This new and profound ability to collect, use, and disclose personal information about consumers has made customer relationship management, otherwise known as CRM, a topic of increasing importance in the marketing world. Today’s marketers have more avenues than before to collect, disclose, and use client information. For these reasons, Canadian public bodies, such as the Canadian Standards Association, first began discussing more thorough privacy standards as early as the 1980s when the Canadian Government supported and helped to develop an OECD Model Privacy Code.4 Later the CSA itself developed a voluntary code for ethically astute private sector organizations.5
On January 1st, 2004, however, privacy rights in Canada were extended beyond voluntary codes (and vague legal protection) and had the weight of the law placed behind an individual’s right to control flows of his or her own personal information. The Personal Information Protection and Electronic Documents Act (PIPEDA) that took force on that date outlines the treatment that all private sector organizations, irrespective of size, must give to personal information.6
1 “Privacy Guru Joins IBM”. www.crm-forum.com, November 30, 2001, p.1.
2 Laws enacted include PIPEDA in Canada, countless national laws in EU states (as mandated by an EU Parliamentary Directive), and new privacy regulations for companies in the US that engage in trade with Europe (the US Safe Harbour Agreement).
3 Samuel Warren and Louis Brandeis. “The Right to Privacy”. Harvard Law Review Vol IV Dec. 15th, 1890 No. 5.
4 OECD 1980 .“Guidelines on the Protection of Privacy and Transborder Flows of Personal Data”. Available: www1.oecd.org/publications/e-book/9302011e.pdf
5 Canadian Standards Association. “CSA Model Code Introduction” Available: www.csa.ca/standards/privacy/code/Default.asp?articleID=5285&language=English
6 The Government of Canada. Personal Information Protection and Electronic Documents Act. Schedule 1 (Section 5). Available: www.parl.gc.ca/36/2/parlbus/chambus/house/bills/government/C-6/C-6_4/sche1E.html