While the rest of the country was debating the merits of Nancy Pelosi’s new look, minor shockwaves were reverberating throughout the U.S. privacy community over a truly critical issue: privacy notices.
Fred Cate, a highly regarded privacy guru at the Indiana University School of Law, had testified at a November Federal Trade Commission (FTC) hearing that privacy notices have failed us. "There’s no one in America who’s read a privacy notice who wasn’t paid to," he taunted.
Cate, usually a libertarian, said that instead of having companies provide their customers privacy notices and the chance to opt out — two bedrock principles the FTC has long promoted — the U.S. government needs to impose new restrictions on what U.S. businesses can and can’t do with customers’ information. It was the privacy world’s equivalent of Donald Rumsfeld saying that the U.S. has lost in Iraq and that France needs to take over.
So what’s the big deal? Why did this cause so much buzz across the country’s back corridors of privacy?
I think it’s this: Privacy-policy writing has become a cottage industry. Our forefathers of privacy — those luminaries who worried about database aggregation long before Al Gore invented the Internet — had long advocated that organizations publicize their privacy policies. Legislators around the world deferentially took this common-sense advice and included requirements for privacy notification in every major privacy law.
Consequently, law firms have made millions helping companies write accurate privacy policies, and audit firms have made similar millions helping companies audit their compliance against them. So, there’s big money hanging on this question.
There are also a lot of chief privacy officer careers on the line. Privacy notices and the policies they’re based on are often the main authority a CPO has for getting things done in a large organization. Take them away, and CPOs lose. And if they lose, our privacy suffers.
But Cate has a point. The perplexing secret every CPO in America knows is that one of the least-clicked links on a company’s home page is the one that says "privacy." Americans, despite the regular clamoring of privacy Pollyannas, don’t really pay attention to these tomes.