Among North American and European companies, Canadian firms have the strongest and most consistent privacy policies, according to a recent Forrester Research report. Canadian and European privacy laws tend to be more holistic, while the United States is stronger in healthcare and financial services.
“I know European countries like Germany and the United Kingdom have strong privacy laws in place, but I was surprised to see how consistently better Canada was doing,” says Jennifer Mulligan, analyst and lead report author.
A major difference is employee training, she says. Many privacy issues are really personnel issues, and many privacy mistakes are made by individuals. “People can make mistakes with [social networking] sites like Facebook, or they can take data home with them.” With strong privacy policies, “people are shown how they need to handle information. Then firms ensure they are handling it right.”
Outside the United States, people also tend to have greater control over their private information. In Europe, many privacy laws and policies are based on Organization for Economic Cooperation and Development codes. A major principle is that a person’s information belongs to him or her alone, says Mulligan. People are more enlightened about how companies use their information; they also have easier access to information that is held on them and more power to ask companies to alter or delete that information. As an example, Mulligan cites recent efforts by the U.K. information commissioner to ensure that Facebook and other social networking sites completely delete a customer’s information on request.
European companies are also more protective of their employees’ information. “The U.S., in comparison, is just getting around to protecting employee data such as Social Security and payroll information,” says Mulligan.
American laws tend to side with corporations. Companies have more freedom to sell their customers’ information. Customers more frequently have an “opt out” choice when it comes to information sharing, compared to an “opt in” choice abroad. “In the U.S., we look at customer data as a rich source of information for marketing purposes,” says Susan Jayson, executive director of the Ponemon Institute, a privacy research center.
One benefit of the American model is that it can allow for more creativity and innovation, says Mulligan. For example, “We see a lot of businesses like Google making money with the information people have given them. In the U.S., there’s more innovation but a greater risk companies will overstep their bounds.”
One privacy area in which the United States leads is data breach notification, says Jayson. The state of California has been setting a good example, she says. U.S. companies are also more likely to encrypt sensitive data.