E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants

Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


Source: Toronto Star

Posted on May 25, 2004

      Canadian and U.S. companies have vastly different attitudes and motivations when it comes to protecting the privacy of their customers, according to a cross-national study to be released this week.

      The study, the first to compare the corporate privacy practices of comparable Canadian and U.S. firms, found that Canadian businesses see their privacy practices as an opportunity to improve relations with customers, while their U.S. counterparts viewed privacy measures more as a way of complying with legislation and avoiding civil lawsuits.

      Indeed, 61 per cent of surveyed Canadian companies linked "good privacy practices" to customer trust and brand loyalty, compared to only 17 per cent of U.S. companies.

      "Canadian privacy leaders seem to understand and respect the need for compliance with federal and provincial laws," states the study, which was commissioned by the Ontario Information and Privacy Commissioner.

      "However, they rarely see compliance as the single goal or mission of privacy management (and) are more likely to hold the view or belief that their role is inextricably tied to information ethics rather than obedience to the law."

      The study -- based on in-depth interviews with 36 large companies, equally divided between Canada and the United States and spanning a number of industries -- was conducted by The Ponemon Institute, a Tucson, Ariz.-based privacy think tank. Many of the Canadian participants were subsidiaries of U.S. parent companies.

      "When we decided to do this study I thought there would be some differences, but I didn't realize the differences would be as stark," said Larry Ponemon, chairman of The Ponemon Institute and an adjunct professor at Carnegie Mellon University.

      In the United States, "It's all about complying with the law, which may or may not have any bearing to people," said Ponemon. "In Canada, I got the sense that they thought it was just the right thing to do."

      The study also found that Canadian companies were more likely to have dedicated privacy officers, resources, and training programs.

      Only 50 per cent of U.S. companies in the survey had privacy-training programs and 43 per cent had privacy-awareness activities for new employees, compared to 82 per cent and 71 per cent, respectively, in Canada.

      About three-quarters of Canadian companies assigned a senior executive as their privacy officer, compared to half of U.S. companies. In Canada, those officers were about twice as likely to be assigned on a full-time basis and to have enough company resources to do the job properly. Canadian privacy officers are also more likely to report directly to a company's chief executive officer or chairman.

      With respect to protecting customer data, the study found that Canadian companies are more concerned with insider misuse of data and making sure third-party partners and suppliers respect privacy policies, whereas U.S. companies appear more focused on protecting data from outsiders, such as hackers.

      "I think it shows that the U.S. view of privacy is more a security-centric view, while in Canada we have a more European view that says we need to protect against abuse from authorized users," said Peter Hope-Tindall, a privacy consultant in Toronto.

      "We (in Canada) need to audit and review everyone's use, even if they're insiders and have authorization to access and view data."

      Hope-Tindall said he finds the results of the study "very reassuring" and suggests that it may have to do with the fact Canada -- again, following the European model and established fair information practices -- has provincial and federal privacy commissioners who oversee the rules and help educate consumers and industry about privacy issues.

      Canada also has a national private-sector privacy law, the Personal Information Protection and Electronic Documents Act, which went into full force at the beginning of the year. No such law exists in the United States, which tends to create rules that are specific to certain industries or issues.

      Last Thursday, two U.S. congressmen introduced a bill that would establish America's first federal chief privacy officer, as well as similar positions for every federal department and agency. However, even if the bill passes into law, a U.S. privacy czar would not have sway over the private sector.

      Ann Cavoukian, Ontario's privacy commissioner, attributes some of the differences between Canadian and U.S. companies to the Canadian Marketing Association, which has been instrumental in pushing for privacy rules and for setting the tone.

      "Canadian marketers take a decidedly different view of privacy," said Cavoukian. "They don't just automatically view it as an impediment to marketing, but as an advantage, as long as they can earn their customers' respect and trust."

      Cavoukian was also encouraged that Canadian companies, according to the study, don't throw the job of privacy solely into their legal departments.

      "That just narrows it to compliance with legislation," she said. "I say put it in your marketing department, your human resources department, somewhere other than legal. You'll have a much broader perspective."

      Among the study's other findings:

      - Privacy preferences of customers are captured by 79 per cent of Canadian companies, compared to 53 per cent of U.S. companies.

      - U.S. companies were far more likely to use firewalls to protect customer and employee data, as well as software that detect intruders into computer systems that contain sensitive data.

      - Nearly 70 per cent of Canadian companies have a policy regarding surveillance and computer monitoring in the workplace, versus only 13 per cent of U.S. companies. However, U.S. companies are more likely to give their employees choice over how their personal data is collected.

      - Canadian companies are more likely to let consumers "opt out" over the secondary use and sharing of their personal information.

      "It's not that U.S. companies were grossly out of compliance with the law and regulation, or even customer expectations," said Ponemon, pointing out that the study is more descriptive than scientific. "But it seemed they would stop at the lower threshold than their Canadian counterparts.

      "It could be that (U.S. companies) feel what they're doing is more than adequate and just as protective of the customer."

CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

Final Entries

LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Privacy Breaches.

Get WebTrust
Working For
Your Site.