April 06, 2001, 5:34 PM — The European Commission (EC) thinks its privacy rules for U.S. companies doing business in Europe are no big deal. "These concerns are unfounded," one EC official said last week. That's sort of like the guy who doesn't own a cell phone saying he thinks a law banning cell-phone use while driving is no big deal. He's not the one who'll have to change what he does.
In the U.S., where customer privacy is a joke, meeting tough European standards could require big changes -- especially in how IT shops handle data.
And of course, we're not allowed to get ready for it.
Getting ready would be impolitic. Most big U.S. companies are fighting the European privacy standards. Our corporate leaders insist the EC standards are impractical and expensive and maybe even a threat to our national sovereignty.
So it wouldn't look good for IT shops to be figuring out how to apply the standards to our systems, or calculating how much it'll actually cost. That might appear to run counter to the official corporate position.
Trouble is, if the political winds change and for legal or business or public relations reasons our bosses decide that customer privacy is a good idea after all, they'll want it done right now. And finding, filtering and giving customers access to all the data you hold about them is no overnight project ["Frankly Speaking," Nov. 6]. To do it right, we should be starting now.
So while politicians and bureaucrats and lobbyists and executives haggle and horse-trade over these privacy standards, we're stuck with what appears on the surface to be a very nasty choice: We can look bad today for breaking ranks, or we can look bad tomorrow for failing to think ahead.
Or we can be sneaky.
Suppose -- just suppose, mind you -- that we did a little stealth microproject to see how many foreign customers we've got, and what data we've got about them. That's just due diligence, really. In case our executive team wants to know that information on short notice.
And say we make it a point to track down where all that foreign customer data resides on our systems. That's really just good data-management practice, right? As we all found out from our Y2k projects, there's no such thing as a data inventory that's too up-to-date.
Then what if we ran a hypothetical? Something like this: How would we create a secure application so that, say, executives or sales reps on the road can access that customer information across the Web? That wouldn't be undercutting the company's official stand, would it? We're just making sure we're ready in case we want to give someone Web access to the data.
At least, that's our story -- and it's one we can stick to.