California Privacy Law Targets Data Sharing - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Business & Finance
05:05 PM
Connect Directly

California Privacy Law Targets Data Sharing

The legislation, which takes effect Jan. 1, requires businesses to tell consumers what companies they share data with or provide an opt-out option.

Starting Jan. 1, companies outside the financial-services sector that do business in California, online or offline, and disclose customer information to third parties will face new compliance obligations under the state's information-sharing disclosure law, SB 27.

The law requires that, in response to customer requests, businesses must provide details about the type of personal information they share with other businesses, along with the names and addresses of companies with whom the information is being shared. Alternately, a business may provide a privacy statement that offers customers a cost-free means to opt out of a businesses' information-sharing activities. Financial-services companies aren't covered by the law because of difficulties with regulating that industry.

The law aims to give consumers more insight about companies that sell information about them and what's being sold. In practice, however, it may accomplish little more than to reinforce the need for marketers to follow fair-information practices.

"SB27 is an either/or law," says Elise Berkower, senior compliance officer at DoubleClick Inc., a service and technology provider for marketers. "Either you have to have what I call a mini-FOIA [ Freedom of Information Act] department within your retail establishment. Or you need to offer your consumers the ability to opt-out or opt-in."

The opt-out alternative to the disclosure requirement was added thanks to marketing industry lobbying, the result of concerns that implementing a disclosure system would prove costly. According to a spokesman for the Direct Marketing Association, some 95% of the organization's members already are in compliance because they offer a means for customers to opt out of marketing lists.

Berkower says DoubleClick's clients notify consumers about information-sharing activities and offer the option to opt-out. But they might be concerned about the cost of providing consumers with detailed information about the companies with whom they share data.

While the law's impact might be limited by the opt-out alternative, Alan Chapell, president of privacy and data collection consultancy Chapell & Associates, notes that it should narrow the discrepancy in data-sharing standards between the online world and mail-order marketing. Most privacy legislation on the books applies specifically to online commerce.

It also should reinforce the need to adhere to fair-information practices. "Long term, I see it as a very positive thing," Chapell says. Historically, the direct-marketing industry has lacked transparency, he says. "When people don't know what's happening with their data, they assume the worst."

That's ancient history, says Bennie Smith, chief privacy officer at DoubleClick. His clients value transparency, he says. "If data is the fuel that runs the business, then trust is the lubricant that keeps the gears moving," he says.

Ironically, businesses are beginning to assume the worst about legislation coming out of California. The actions of legislators in the world's fifth-largest economy and most-populous state in the U.S. are proving worrisome to businesses that face privacy issues.

It's gotten to the point that businesses, reflexively averse to legislation, actually welcome federal laws as a means of repairing aggressive state statutes. Jennifer Barrett, chief privacy officer at marketing-information-management company Acxiom Corp., points to the CAN-Spam Act of 2003, which came about as a result of E-mail legislation in California that she says would have been totally unworkable.

"There's a high level of frustration throughout the business community with privacy legislation initiated at the state level," she says, noting that the industry favors federal rules for the sake of simplicity. Complying with different privacy laws in a dozen or more states would be nearly impossible, she says.

"Having anything less than a national standard, especially as it applies to the online world, is very, very difficult," says a spokesman for the Direct Marketing Association. "The Internet just doesn't respect state borders or even national borders."

"California has been very active in the privacy legislation arena for the past several years," acknowledges Joanne McNabb, chief of California's Office of Privacy Protection, a government agency charged with identifying privacy problems and encouraging fair-information practices.

She contends the business community isn't left out of the loop, as some companies suggest. "We work with the business community and privacy advocates on developing some best-practice documents, in relation to some of the California privacy laws," she says, "and we're working on one on SB 27 right now."

"When an industry demands uniform federal laws, what they usually mean is they want uniformly greater freedom for themselves, and less protection for consumers," says Liz Figueroa, the California state senator who authored SB 27, in an E-mail interview.

"California continues to lead the nation in protecting consumer privacy, and I don't intend to give up our leadership role. Frankly, I wouldn't trust my own privacy, or anyone else's, to (Texas Congressman) Tom Delay and President Bush."

Even so, DoubleClick's privacy officer Smith argues that many of the problems being addressed legislatively already are illegal. "Maybe we should be talking more about enforcing the laws that are already on the books," he says, "particularly in a state like California, which probably has some of the most comprehensive consumer protection statutes."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Can Cloud Revolutionize Business and Software Architecture?
Joao-Pierre S. Ruth, Senior Writer,  1/15/2021
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
How CDOs Can Build Insight-Driven Organizations
Jessica Davis, Senior Editor, Enterprise Apps,  1/15/2021
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll