To put this off, analysts said, is to risk the wrath of both Uncle Sam and John Q. Customer.
Gartner research shows that the personal information many U.S. citizens have willingly surrendered for the sake of national security is being used by some private enterprises for the sake of marketing.
This valuable information might seem like a boon for businesses in their never-ending search for customers. But while people may be willing to share some of their private information with Uncle Sam, that same tolerance does not extend to marketers looking to make money. And the cost of making a mistake with private information might not be worth the temptation.
"In a climate in which the general public is greatly concerned with corporate ethics and accountability, a business that makes a significant misstep in managing its customers' private information could face a highly visible and damaging public scandal," said Walter Janowski, a research director for Gartner, which is based in Stamford, Conn.
People could feel so violated, they might ask the federal government to intervene. "If U.S. businesses don't prioritize privacy management, public outcry will motivate the U.S. Congress to mandate restrictive privacy legislation," Janowski said.
Gartner also said there's a problem with privacy management products. One is the fact that most firms aren't really interested in forking out the cash for privacy management products. The other is that vendors don't seem interested in delivering those products. The apathies feed each other.
Businesses are balking at buying solutions until they're a little meatier, and vendors are not keen on committing resources to developing those solutions until the market appears ripe and ready.
That leaves customers in the middle, wondering just how safe their personal information is, Janowski said.
So what does a company do to keep the government and its citizens happy? Gartner has recommended three steps for making sure the personal information of consumers is protected:
Implement formal processes to restrict internal access to personal customer data. Does everyone need to get their hands on that information? Probably not.
Let customers decide if they want to be solicited. Give them a choice by going the "opt-in" permission route.
- Bone up on the Healthcare Information Portability and Accountability Act (HIPAA) and the USA PATRIOT Act to get a feel for the path privacy legislation could take. The businesses that are familiar with the rules of today will be ahead of the pack should more rules come tomorrow.
FOR MORE INFORMATION: