I’ve written about this before (11-25-2007) and now Alec Sunders, co-founder and CEO of iotum wrote a great privacy manifesto for the web. Someday, someone will start a service on the net that will allow one to control these aspects of our privacy . This is a service I’d pay for in a heart beat. Here is what Alec sees as the 4 basic prongs of web ‘privacy’ guidelines:
- Every customer has the right to know what private information is being collected. That rules out any secret data collection schemes, as well as monitoring regimes that the customer hasn’t agreed to in advance. It also rules out any advertising scheme that relies on leaving cookies on a customer’s hard disk without the customer’s consent.
- Every customer has the right to know the purpose for which the data is being collected, in advance. Corporations must spell out their intent, in advance, and not deviate from that intent. Reasonable limits must be imposed on the collection of personal information that are consistent with the purpose for which it is being collected. Furthermore, the common practice of inserting language into privacy policies stating that the terms may be modified without notice should be banned. If the corporation collecting data wishes to change its policy then it’s incumbent upon the corporation to obtain the consent of customers in advance.
- Each customer owns his or her personal information. Corporations may not sell that information to others without the customer’s consent. Customers may ask, at any time, to review the personal information collected; to have the information corrected, if that information is in error; and to have the information removed from the corporation’s database.
- Customers have a right to expect that those collecting their personal information will store it securely. Employees and other individuals who have access to that data must treat it with the same level of care as the organization collecting it is expected to.
In many parts of the world, governments are now creating legislation embodying the four principles of this Privacy Manifesto. Citizens of those countries have responded favorably, rewarding businesses that assure their privacy, and penalizing those that don’t. In Canada, for example, personal information is protected by something known as the Personal Information Protection and Electronic Documents Act (PIPEDA) and as a result, it’s not unheard of for customers to patronize businesses that store their data locally. Many Europeans are equally sensitive.
Not only are the four principles of the Privacy Manifesto good for individuals, they’re good for business.