Www.ipc.on.ca The Privacy Payoff: Build Your Business By Building Customer Trust Ann Cavoukian,...
Transcript of Www.ipc.on.ca The Privacy Payoff: Build Your Business By Building Customer Trust Ann Cavoukian,...
www.ipc.on.ca
The Privacy Payoff:The Privacy Payoff:Build Your Business By Build Your Business By
Building Customer TrustBuilding Customer Trust
Ann Cavoukian, Ph.D.Ann Cavoukian, Ph.D.Information & Privacy Commissioner/Ontario
Coast Software
Privacy Best Practices Web Seminar Series
November 8, 2004
www.ipc.on.cawww.ipc.on.ca Slide 2
Impetus for Change
Growth of Privacy as a Global Issue
EU Directive on Data Protection
Increasing amounts of personal data collected, consolidated, aggregated
Consumer Backlash; heightened consumer expectations
www.ipc.on.cawww.ipc.on.ca Slide 3
Importance of Consumer Trust
In the post-9/11 world:• Consumers either as concerned or more concerned about online
privacy• Concerns focused on the business use of personal information, not
new government surveillance powers
If consumers have confidence in a company’s privacy practices, consumers are more likely to:• Increase volume of business with company…….... 91%• Increase frequency of business……………….…... 90%• Stop doing business with company if PI misused…83%
Harris/Westin Poll, Nov. 2001 & Feb. 2002
www.ipc.on.cawww.ipc.on.ca Slide 4
Information Privacy Defined
Information Privacy: Data Protection
• Freedom of choice; control; informational self-determination
• Personal control over the collection, use and disclosure of any recorded information about an identifiable individual
www.ipc.on.cawww.ipc.on.ca Slide 5
What Privacy is Not
Security Privacy
www.ipc.on.cawww.ipc.on.ca Slide 6
AuthenticationData IntegrityConfidentialityNon-repudiation
Privacy; Data ProtectionFair Information Practices
Privacy and Security: The Difference
Security: Organizational control
of information through information systems
www.ipc.on.cawww.ipc.on.ca Slide 7
Fair Information Practices:A Brief History
OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data
EU Directive on Data Protection
CSA Model Code for the Protection of Personal Information
Canada Personal Information Protection and Electronic Documents Act (PIPEDA)
www.ipc.on.cawww.ipc.on.ca Slide 8
Summary of Fair Information Practices
AccountabilityIdentifying PurposesConsentLimiting CollectionLimiting Use,
Disclosure, RetentionAccuracy
SafeguardsOpennessIndividual AccessChallenging
Compliance
www.ipc.on.cawww.ipc.on.ca Slide 9
Extension of PIPEDA
As of January 1, 2004, the Personal Information Protection and Electronic Documents Act has extended to:
all personal information collected, used or disclosed in the course of commercial activities by provincially regulated organizations
unless a substantially similar provincial privacy law is in force
www.ipc.on.cawww.ipc.on.ca Slide 10
Provincial Private-Sector Privacy Laws
Québec: Act respecting the protection of personal information in the private sector
B.C.: Personal Information Protection Act
Alberta: Personal Information Protection Act
Ontario: draft Privacy of Personal Information Act, 2002 – not introduced…so PIPEDA applies
www.ipc.on.cawww.ipc.on.ca Slide 11
Ontario: Health Information Protection Act, 2003 (PHIPA)
Ontario government introduced health privacy bill (Bill 31) on December 17, 2003
Law comes into effect on November 1, 2004
Establishes privacy rules for personal health information that is collected, used or disclosed by health information custodians
www.ipc.on.cawww.ipc.on.ca Slide 12
The Bottom Line
Privacy should be viewed as a business issue, not a
compliance issue
www.ipc.on.cawww.ipc.on.ca Slide 13
The Promise
Electronic Commerce projected to reach $220 billion by 2001 WTO, 1998
Electronic Commerce projected to reach $133 billion by 2004Wharton Forum on E-Commerce, 1999
Estimates revised downward to reflect lower expectations
www.ipc.on.cawww.ipc.on.ca Slide 14
Privacy is affecting E-Commerce
United States: e-commerce sales were only 1.6% of total sales -- $54.9 billion in 2003
-U.S. Dept. of Commerce Census Bureau, February 2004
Canada: Online sales were only 0.6% of total revenues -- $13.7 billion in 2002
Statistics Canada, April 2003
www.ipc.on.cawww.ipc.on.ca Slide 15
Lack of Privacy = Lack of Sales
“Consumer privacy apprehensions continue to plague the Web. These fears will hold back roughly $15 billion in e-commerce revenue.”
Forrester Research, September 2001
“Privacy and security concerns could cost online sellers almost $25 billion by 2006.”
Jupiter Research, May 2002
www.ipc.on.cawww.ipc.on.ca Slide 16
The Business Case
“Our research shows that 80% of our customers would walk away if we mishandled their personal information.”
CPO, Royal Bank of Canada, 2003
Nearly 90% of online consumers want the right to control how their personal information is used after it is collected.
www.ipc.on.cawww.ipc.on.ca Slide 17
ISF Highlights Damage done by Privacy Breaches
The Information Security Forum reported that a company’s privacy breaches can cause major damage to brand and reputation:• 25% of companies surveyed experienced some
adverse publicity due to privacy• 1 in 10 had experienced civil litigation, lost
business or broken contracts• Robust privacy policies and staff training were
viewed as keys to avoiding privacy problems
The Information Security Forum, July 7, 2004
www.ipc.on.cawww.ipc.on.ca Slide 18
How The Public Divides on Privacy
26
64
10
0 20 40 60 80
Feb 2003(%)
PrivacyUnconcerned
PrivacyPragmatists
PrivacyFundamentalists
The “Privacy Dynamic” - Battle Dr. Alan Westinfor the minds of the pragmatists
www.ipc.on.cawww.ipc.on.ca Slide 19
It’s all about Trust
“Trust is more important than ever online … Price does not rule the Web …
Trust does.”
Frederick F. Reichheld, Loyalty Rules:
How Today’s Leaders Build Lasting Relationships
www.ipc.on.cawww.ipc.on.ca Slide 20
The High Road
“When customers DO trust an online vendor, they are much more likely to share personal information. This information then enables the company to form a more intimate relationship with its customers.”
Frederick F. Reichheld, Loyalty Rules: How Today’s Leaders
Build Lasting Relationships
www.ipc.on.cawww.ipc.on.ca Slide 21
Lack of Trust on the Web
“In 70% of instances where Internet users were asked to provide information in order to access an online informational resource, those users did not pursue the resource because they thought their privacy would be compromised.”
Narrowline Study, 1997
www.ipc.on.cawww.ipc.on.ca Slide 22
Trust and Privacy Policies
Fully 50% of online users said they would leave a Web site if they were unhappy with a company’s privacy policy.
Customer Respect Group, February 2004 survey
www.ipc.on.cawww.ipc.on.ca Slide 23
Falsifying Information on the Web
“42.1% have falsified information at one time or another when asked to register at a Web site.”
10th WWW User Survey, October 1998
www.ipc.on.cawww.ipc.on.ca Slide 24
Make Privacy a Corporate Priority
An effective privacy program needs to be integrated into the corporate culture
It is essential that privacy protection become a corporate priority throughout all levels of the organization
Senior Management and Board of Directors’ commitment is critical
www.ipc.on.cawww.ipc.on.ca Slide 25
Good Governance & Privacy
“Privacy and Boards of Directors: What You Don’t Know Can Hurt You”
• Guidance to corporate directors faced with increasing responsibilities and expectation of openness and transparency
• Privacy among the key issues that Boards of Directors must address
• Potential risks if Directors ignore privacy• Great benefits to be reaped if privacy included in a
company’s business plan
www.ipc.on.cawww.ipc.on.ca Slide 26
Privacy Diagnostic Tool
Simple, plain-language tool (paper and e-versions)
Free & self-administered
CSA model code to examine an organization’s privacy management practices
www.ipc.on.ca/PDT
www.ipc.on.cawww.ipc.on.ca Slide 27
Final Thought
“Anyone today who thinks the privacy issue has peaked is greatly mistaken…we are in the early stages of a sweeping change in attitudes that will fuel political battles and put once-routine business practices under the microscope.”
Forrester Research, March 5, 2001
www.ipc.on.ca
How to Contact UsHow to Contact Us
Commissioner Ann CavoukianCommissioner Ann CavoukianInformation & Privacy Commissioner/Ontario
2 Bloor Street East, Suite 1400
Toronto, Ontario M4W 1A8
Phone: (416) 326-3333
Web: www.ipc.on.ca
E-mail: [email protected]