Previously I introduced the initiative on the part of the White House to establish a Consumer Privacy Bill of Rights with its recently published paper called, ‘Consumer Data Privacy in a Network World’. This is of course not the first time our nation has tried to establish standards to protect personal data. Some of those are:
- The Privacy Act of 1974, which governs the use of personally identifiable information about individuals that is maintained in systems by federal agencies.
- Personal Data Privacy Act of 2009, which never became law, but which was intended to set guidelines and restrictions on personal data sharing by data brokers.
- Customer Proprietary Network Information(CPNI) is the data collected by telecommunications companies about a consumers telephone calls. The Telecommunications Act of 1996, established rules about how CPNI information can be used.
These are examples of how our nation has struggled to protect and ensure our personal privacy while still enabling the free flow of information that is vital to our modern society. Privacy in a networked world is not the only concern we face. Terrorism and cybercrime have created conditions that threaten all of us. Laws such as the US Patriot Act are controversial because they walk that fine line between personal privacy and government intrusion, providing a framework that allows our government access to information that might otherwise be denied.
All of this brings us back to the subject of this discussion. Exactly what will this new Consumer Privacy Bill of Rights initiative mean for our industry? Let’s review some of its specific details.
The Consumer Privacy Bill of Rights includes these principles:
- Individual Control: Consumers have a right to exercise control over what personal data companies collect from them and how they use it.
- Transparency: Consumers have a right to easily understandable and accessible information about privacy and security practices.
- Respect for Context: Consumers have a right to expect that companies will collect, use, and disclose personal data in ways that are consistent with the context in which consumers provide the data.
- Security: Consumers have a right to secure and responsible handling of personal data.
- Access and Accuracy: Consumers have a right to access and correct personal data in usable formats, in a manner that is appropriate to the sensitivity of the data and the risk of adverse consequences to consumers if the data is inaccurate.
- Focused Collection: Consumers have a right to reasonable limits on the personal data that companies collect and retain.
- Accountability: Consumers have a right to have personal data handled by companies with appropriate measures in place to assure they adhere to the Consumer Privacy Bill of Rights.
These principles appear to parallel those defined by the European Union. They espouse concepts of transparency, accuracy, appropriate use and individual control. At the same time, they employ language such as ‘reasonable’ and ‘appropriate’, which implies that there will be a need to define and understand what ‘reasonable’ and ‘appropriate’ mean.
The question therefore is, ‘How will this impact individuals and businesses’? I have been doing some reading. Everyone agrees that changes will be coming. For companies that depend on user data (Google, Facebook and others) the effect could be significant. For consumers, there will be new and welcome features such as ‘Do Not Track’. For contact centers and providers of contact service technologies such as inContact, it will no doubt require us to reassess our policies, processes and products.
The Trust Office at inContact will be watching to see what form of legislation this initiative will ultimately take. Fortunately, our early decision that our products should be designed to address both the functional and security requirements of our customers will ensure that inContact and its customers will be well positioned to address both the personal and business needs of our customers and their users.