Many small businesses handle other people’s personal information on a daily basis – such information can be vital to e-commerce. New laws have been passed recently regarding the handling of such information, especially on an international scale. Yet concern is growing that the new ways of communication brought about by the internet are spawning careless attitudes towards privacy.
Legislation just passed by New Zealand’s Parliament ensures that personal data sent to New Zealand from overseas is subject to New Zealand’s privacy protection. The Privacy (Cross-border Information) Amendment Act enables individuals and businesses to assure their trade partners that New Zealand law protects their privacy.
The law allows the Privacy Commissioner to prohibit data received from overseas being transferred outside New Zealand to a jurisdiction without adequate privacy protection. This previously required special contractual arrangements, which were costly and regarded as a disincentive for overseas entities thinking about doing business in New Zealand.
However, one area where personal information can flow freely – sometimes without regard for the consequences – is now under scrutiny, with suggestions that regulation may be required.
Social networking is now a major marketing tool for businesses. A page on Facebook or LinkedIn is a cheap and quick method of boosting a company’s profile, and keeping customers or clients up to date with new developments. But technology analyst Ovum is suggesting that the use of social media by organisations when dealing with the public needs regulation to protect sensitive information from being divulged by blundering staff. Ovum also believes that peer to peer support conducted via social media should be monitored, to ensure that customers do not unintentionally pass on incorrect information.
"While social media should still allow customers to interact and express themselves, we believe that they need to be protected from having sensitive information spread on the internet by staff who may not understand how to treat such inquiries,” said Ovum analyst Aphrodite Brinsmead. "For these reasons, we believe regulations are a necessary evil.”
Brinsmead also believes businesses need to stop "experimenting” with social media and put formal strategies in place. That view is partly shared by New Zealand’s Assistant Privacy Commissioner, Catrine Evans. She says companies that maintain social network pages should make this the responsibility of one person, and they should also have a clear policy on posting information that is read and understood by all staff. Evans is reluctant, however, to back the notion of specific laws on social media.
"Any form of regulation needs to be carefully managed,” she says. "You don’t want your regulatory rules to effectively require greater intrusion into privacy.
Regulation should be appropriate to the problem and adequate to fix it. "Regulation might in certain fields be able to give you certainty, but the regulation has its own costs for businesses as well,” Evans says. "So I think we’re at a crossroads to be honest – we’ve got to get the balance right. Regulation and regulators may have a part to play, but so does the market. Users need to say what they’re prepared to accept, but if users don’t know what’s going on they can’t make that calculation, so companies themselves need to be much more open about what they’re doing and it’s how best to achieve that.”
The Law Commission is currently reviewing our privacy laws, and the Privacy Commission will soon produce some simple checklists enabling people to identify privacy issues. They’ll be published on its website (www.privacy.org.nz). The aim is to make people more aware of what they’re giving up to public view when they post information on social networks. Businesses need to take more care too – then hopefully we won’t need more regulations.