THE ISSUES INVOLVED FOR U.S. COMPANIES
The Global Business Privacy Project focuses on the intersection of seven major developments of importance for U.S. businesses handling personally-identifying data worldwide.
1. The EU Privacy Directive -- poses new challenges for U.S. businesses handling personal data of customers, prospects, and employees in Europe. There may be functions already “adequate” under the Directive. How business identifies options and deals with the Directive is a critical issue with significant bottom-line implications.
2. The Move to Canadian Standards for the Private Sector and the Start of an International Privacy Standards Process -- The Canadian Standards Association (CSA) has developed a Model Code for the Protection of Personal Information. Canadian leaders and U.S. advocates are calling for a national legal framework to guide how the business sector handles personal data. This standard is being offered as a model worldwide, with the International Standards Association (ISO) considering international Technical/Policy Standards for Privacy.
3. New National and Global Information Flows -- Dramatic expansion of consumer-based business activities online and the explosion of information and communication on the Internet requires handling of transactional personal data for e-commerce that transcends national boundaries. Important software solutions offer possibilities that enhance privacy choices in all these operations. New multinational alliances of telecommunications and information-service companies now being developed to market these services have experts and advocates calling for new multinational standards and policies that rein-in their development.
4. Information Superhighway Initiatives -- Government and regulatory agencies are working on privacy-protection requirements for the Information Superhighway. These efforts include U.S. FTC and DOC hearings, and open discussions about creating industry-sector standards and guidelines for consumer protection and privacy on the Internet and in other online services.
5. Model Business Principles for Worldwide Operations -- The U.S. Departments of Commerce and State, at the urging of the Clinton Administration, are pressing firms and associations to adopt self-regulatory approaches and Model Codes and Principles, to guide their operations outside the U.S. The UN is also leading efforts to add privacy to worldwide business ethical standards. Without significant business actions, regulation has been promised.
6. New Information-Technology Applications -- Many powerful new information-technology applications for handling customer personal information are emerging -- ranging from electronic money, smart cards, and biometric identifiers to new home interactive information services -- with a proliferation of personal communication devices. At the same time, potent new data protection software is being developed and improved on.
7. New Global Interest in Fashioning Consumer Data Protection Laws -- There is a rising tide of nations in Latin America, Eastern Europe, and along the Pacific Rim now addressing consumer privacy and data protection issues, and the EU Directive is the only available model. There is a need to develop alternative model data protection laws that take into account new technological advances, and to shape new legislative and regulatory approaches that will ensure growth of e-commerce worldwide.
Expertise at the Top
The Global Business Privacy Project, an activity of Privacy and American Business, is headed by Columbia University Professor Emeritus Alan F. Westin, widely considered the Dean of U.S. business privacy experts worldwide. Assisting P&AB in this Global Project are leading legal, corporate, industry, and academic experts, drawn together because they are most able to offer timely and authoritative information on any one of the Project's many aspects.
• P&AB Experts include: Dr. Westin; Robert Belair (Mullenholz, Brimsek and Belair); Russell Pipe (Global Information Infrastructure Commission); Scott Blackmer (Wilmer, Cutler, & Pickering); Ron Plesser (Piper & Marbury); Charles Prescott (United States Council for International Business and DMA); Alastair Tempest, Director General of the Federation of European Direct Marketing Associations (FEDMA); and other recognized experts, such as Peter Swire who is now point-man for the Clinton Administration's privacy activities.
• The Global Project Business Steering Committee is comprised of all project members from all the major industry sectors that rely on personal data. Selected because of their pro-active role in developing and implementing good privacy policies, the Committee actively shapes the Global Project. In 1998 the Committee initiated the "Model Contracts Project" to address contractual responses to EU and international data protection laws; most members are active participants who benefit from that project as well. Preparation of memoranda, resources and working materials for the Global Project is done by the P&AB Project Staff.
THE 1999 PROGRAM
The 1999 Global Business Privacy Project has been greatly expanded by the inclusion of the "New Models for Data Protection Contracts and Law 1999” Project and participation in a new EU/HR Data Consortium. The program for the 1999-2000 year includes the following:
1. Global Project Steering Committee Spring Meeting The Business Steering Committee will meet this spring to assess and identify key issues; discuss “adequacy” of the U.S. privacy system and how empirical evidence about this condition might be researched and developed; review the latest Internet research agenda; and plan the Project's further research programs. The meeting will also include an update on U.S. Government activity in the privacy arena.
2. Corporate Privacy Leadership Program June Washington Briefing Members of the Global Project may attend this Washington Briefing, which focuses on domestic policy and legislation in a back-to-back session with the Global Steering Committee meeting. A small, informal meeting puts guest speakers from Congress and the Clinton Administration in contact with the member companies for free ranging discussion and input.
4. P&AB's Sixth Annual National Conference -- November 9-10, Hyatt Regency Crystal City Hotel
" Day One focuses on domestic U.S. privacy issues addressed by the central business leaders, and the architects of Congressional and Executive Branch legislation and policies. Another key focus is on global issues that affect successful continued operations in Europe under the EU Directive.
" Day Two will home in on online systems, the Internet, e-commerce and other new technology areas, the possibilities for worldwide data privacy and security standards, and the development by U.S. firms of company global privacy principles.
5. Participation in EU/HR Data Consortium Conference. The Consortium will make the case that U.S. employers' handling of HR data is now "adequate" under the Directive and should be treated separately from consumer data.
6. Publications Program -- Over the course of the year, the Project will publish a series of high-value resources for the business, government, and academic communities concerned with global and cyberspace privacy issues, to be distributed at the Sixth Annual Conference. Members of the Global Project receive confidential sponsor alerts on rising issues, in addition to receiving 10 complimentary subscriptions to Privacy & American Business sent anywhere within their organizations.
7. Continued Research and Data Collection
The Project will develop positive and negative case studies of actual U.S. company experiences with national European data protection laws; analysis of national public opinion privacy surveys that map similarities and differences in developing multinational approaches; and examples of worldwide privacy standards by U.S. companies (e.g. IBM's global employee privacy standards; American Express' worldwide Consumer Privacy Principles). It will investigate new approaches to creating a counter Model to the EU Directive, for use by countries seeking to adopt new data protection laws.
Along with the benefits listed above, Project members receive a one-year membership in Privacy & American Business' Corporate Privacy Leadership Program. This combines a series of Confidential Special Reports, Corporate Case Studies, the Steering Committee Peer Workshop, the Model Contracts Project, the EU/HR Data Protection Consortium, and the Washington Privacy Briefing in a comprehensive program designed to provide corporate managers and policymakers with high-value information and techniques about customer and employee privacy challenges throughout the key decision-making groups in your business organization. We understand that different business units in a single organization may need to divide the costs of Global membership on account of budgetary dynamics. We also try to be certain to accommodate them all in sharing out the benefits too.
The 1998 members of The Global Project Business Steering Committee included the following companies and industry associations: America Online, American Express, Bell Atlantic, Chrysler Corporation, Citicorp, Compaq Computers, CyberCash, the Direct Marketing Association, Dun & Bradstreet, Equifax, Experian, First USA Bank, Household International, IBM, IMS America, Internet Alliance, LEXIS-NEXIS, KPMG, MediaOne Group, MCI, MasterCard, Microsoft, NationsBank, Nationwide Insurance, Pacific Telesis, Pricewaterhouse Coopers LLP, Privaseek, State Farm Insurance, TransUnion, US WEST, VISA USA.
For more information about the Global Business Privacy Project, please contact:
Lorrie Sherwood, Executive Director
2 University Plaza, Suite 414
Hackensack, NJ 07601
Tel: 201-996-1154 Fax: 201-996-1883