The Roots of Privacy

Here’s a guiding philosophy many leaders would agree with, “It’s easier to ask for forgiveness than to beg for permission.” This is how we get things done. We see something that needs doing and do it. No running around checking with everyone to ensure it’s the ‘right’ thing to do. We act and, if necessary, make our apologies later.

We’re even proud of this behaviour, but it’s easy to push the concept beyond an ill-defined boundary, to where it becomes unethical. When we do things we know we’ll have to apologize for later, then we’ve crossed that fuzzy line.

Why this concern with the ethics of crossing fuzzy lines? Because sometimes it’s possible for someone to shift those ‘ethical’ boundaries until traditional business practices are called into question. An example of this is Canada’s Personal Information Protection and Electronic Documents Act.

Ten Guiding Principles

The Act was put together by business, consumers, academics and government under the guidance of the Canadian Standards Association. It contains ten guiding principles for the fair management of personal information. The Act’s worthy objective is to give individuals control over how their personal information is used in the private sector.

One of these ten principles deals with the issue of consent. Part of it reads, businesses must “Obtain the individual’s consent before, or at the time of collection, as well as when a new use is identified.” The act goes further and includes a Grandfather clause to cover data you’ve already collected before the Act became a reality… “Since it has already been collected, you don’t need to recollect it. However, in order to continue to use or disclose this information, you now require consent.” [ ]

So much for apologizing after the fact. To demonstrate the slippery ethical slope, let’s use a simple example of some basic information not even covered by the Act: name, title, business address or telephone number. Over the years, I’ve collected tens of thousands of business cards and e-mail addresses. When do I cross the ‘ethical’ boundary? When I mail out brochures advertising my consulting services? When I send out an e-mail announcing a new speaking topic? When I sell my list to a third party? To remain ethical must I send these people an e-mail to get their permission to send them an e-mail?

The Act is well intentioned. Privacy is a legitimate concern shared by all citizens. The ten guiding principles of: ‘Accountability’, ‘Identifying purpose’, ‘Consent’, ‘Limiting collection’, ‘Limiting use, disclosure, and retention’, ‘Accuracy’, ‘Safeguards’, ‘Openness’, ‘Individual access’, ‘Challenging compliance.’ are all necessary, but the real solution to the issue of privacy doesn’t reside in the text of the Act.

A Word from the .Privacy Commissioner

George Radwanski, the Privacy Commissioner of Canada, in his introductory

message on the Privacy site, makes the following observation, “I’m hopeful that,

for most businesses, the administration of the Act will feel more like self-regulation than government regulation. …the privacy principles and fair information practices set out in the Act are not difficult to understand: they are good business practice, and they make good sense.” Self-regulation is the key to compliance, and being a good corporate citizen.

The basic concept underlying ‘Privacy’ is that individuals own their personal information and should have control over how it is used. How that gets interpreted in the corporate world depends more on the ethical philosophy of the company than on the legal interpretation of a Government regulation.

Of course, getting everyone to dance to the same ethical drum is going to take some doing. Even in the simplest of ethical debates, it’s not uncommon to encounter widely differing opinions. This is fine as long as the scenario under discussion is some hypothetical situation with no corporate impact. It’s another thing entirely if it’s about customer relationships.

The ten principles of the Act are a good place to start. Who in your organization makes decisions regarding either customer contact or the use of customer information? Should they spend some time discussing/debating the ten principles? The more they’re aware of the new rules, the less likely they’ll step over the fuzzy lines.

Personal rules of behavior that worked well in the past will get us into some interesting trouble in the future unless we take the time to see where the ethical lines have shifted.

Peter de Jager is a speaker and consultant on management issues relating to Man-

aging the Future. Contact him at