Posted by: Ben Cole
corporate privacy policies, data breaches
It’s been an eventful week in IT compliance, as the privacy policies at two high-profile companies came under the microscope.
Google Inc. agreed to settle Federal Trade Commission charges that it used “deceptive tactics and violated its own privacy promises” to consumers when it launched social network Google Buzz in 2010. The proposed settlement would require Google to implement a comprehensive privacy program and calls for regular, independent privacy audits for the next 20 years.
Also this week, BP admitted that a laptop computer containing the private information of about 13,000 individuals who filed oil-related claims after the 2010 oil spill has been lost. The names, addresses, phone numbers, birthdates and Social Security numbers for those who filed claims were stored on the laptop, which a BP spokesman said was password-protected but not encrypted. BP notified the individuals and provided them with free credit monitoring services.
So does this mean enterprises aren’t getting the message? Did Google not consider the scrutiny Facebook and other social networks face for their corporate privacy policies? Are the endless amount of rules and regulations not enough? And, really, who are the people losing these laptops? I have a work-issued laptop myself, and I’m pretty careful with it. This despite the fact that mine doesn’t include legal files and personal information for claimants in a multibillion dollar case.
But probably not. BP and Google Inc. have household names, huge customer bases and countless resources (and money). If they aren’t taking privacy seriously, it doesn’t look good for the rest.