Few US companies meet EU data protection requirements

WM Circle Logo

By: Wise Marketer Staff |

Posted on August 16, 2001

The privacy of consumers' personal data is ever more topical � more in some countries than in others. While some recent research reveals that most customers are quite willing to provide this data in exchange for some tangible benefit (see news article "Consumers understand give and take of loyalty programmes"), if companies push the issue too far there is a risk of a significant backlash. Most countries legislate on the data which can be collected and the uses to which it can be put, but the severity of the legislation varies considerably.

Global standards
Now, a new study from professional services firm, Andersen, reveals that few US companies have made significant progress in adopting and implementing global standards for ensuring the privacy of individuals' personal data.

According to Russ Gates, managing partner of Andersen's risk consulting services, "The reality of today's global economy, especially the use of the Internet as a channel for conducting business, has amplified the need to focus on individual privacy. It is a strategic necessity for today's businesses to find acceptable solutions to address the privacy requirements of their customers. Companies doing business internationally must pay particular attention to the privacy requirements in the places they do business."

Safe Harbour
The "Safe Harbour" principles (general guidelines developed  jointly between the US and the European Union and agreed in July 2000) were used by Andersen to benchmark the companies in the study. These guidelines meet the EU Directive on Data Protection's requirements for an "adequate level of protection".

The EU has applied the Directive with discretion so far, but it is expected that, from the middle of 2001, it will look increasingly closely at the policies of US companies.

Block transfer?
According to Kerry Shackelford, an Andersen Principal who focuses on providing privacy services: "Disruption to the conduct of business is a very real risk. The EU.could block data transfer to US companies that don't meet the Directive's requirements. US companies that take the lead in embracing privacy standards will safeguard customer loyalty, enhance reputation and image, and enjoy the freedom to structure business operations unrestricted by data protection laws."

The survey assessed 75 fortune 500 and medium-sized well-known US companies. None of them completely met the six principles. Two companies passed five  principles. At the other end of the scale, eight companies only passed one.

There is undoubtedly a clear opportunity  for companies to distinguish themselves competitively in a global economy by improving privacy practices.

Meanwhile, another industry source has told The Wise Marketer that he estimates that up to eighty percent of data handling on the internet worldwide does not conform to EU data protection requirements. There is clearly lots of work still to be done.

More Info: