Anyone who's made a purchase -- whether in-store or online -- within the last few years knows that providing an email address has become a standard part of doing business in the United States.

Questions for Consumers

With Data Privacy Day not too far behind us, consumers should consider asking the following questions the next time they are asked for this information:

  • Why?
  • What will you do with it?
  • With whom will you share it?
  • How will your company protect it?

Chances are that most retail clerks will not have the answers to your questions on-hand. However, when doing business with a regulated entity such as a bank or financial institution, the organization is required to provide information about its privacy practices in an annual notice along with information about how it shares information with its “affiliates.” The Gramm–Leach–Bliley Act (GLBA) mandates that United States organizations explain why the information about the consumer is being collected, where it is shared, how it is used and how it is protected.

This brings us to the question -- even if you trust the company with which you are doing business, do you trust the companies they work with to get their business completed? When you provide your email address to your favorite downtown shop, online music store, or even your bank, you are entrusting them with your personal information. Do you know if they share that information with business affiliates and partners, or if they sell their mailing lists to others?

There are many benefits to providing your email address to organizations with which you do business, including enhanced shopping experiences and easing future business transactions. But before you agree, be sure you understand the risks and are prepared to react quickly if your email falls into the wrong hands. When all else fails, follow this one trusty rule of thumb: Don’t click on a link in an email if you don’t know the sender.

Questions for Businesses

Remain vigilant when designing both privacy and security protections into organizational practices. Outside of protecting systems from the “bad guys” that steal customer information, companies have an additional obligation to behave as good corporate citizens. This includes protecting the information of their customers, as well as communicating clearly with customers about how they will use, store and protect information. Just because a consumer provides access to their private information, doesn't mean that a company has the right to then take that information and use it any way they see fit.

Companies have an obligation to clearly communicate what they will do with private information provided to them -- and if they change those practices, they must notify consumers and provide them with the ability to choose to participate or opt out.

Organizations, such as government agencies, that are required to collect and maintain this sensitive information must take all steps necessary to protect it. Businesses that do not need sensitive information should absolutely reconsider how much information they need to collect from consumers -- and understand that when they collect it, they must protect it.

Take Steps

Just as you protect physical identification and credit cards by securing them in your wallet, take the same care with your identification and financial information online. Don’t have websites “remember” you unless you are confident in their privacy and security practices. Select the most protective settings in your web browser of choice.

While this may result in you having to fill out forms more than once or your items disappearing from your cart the next time you visit the site, you are taking the steps to protect your identity. If consumers make protection of their private information a priority, then the companies competing for their money and loyalties must do so as well.