Traveling down the road to exposure
|
|||
 | |||
|
A t first the news was astonishing: Sabre Group Holdings, the company that runs the Sabre system that deals with airline and other reservations for a good chunk of the travel industry, announced it was going to sell your travel plans.
On July 6, two days after Independence Day, PC Week online reported that Sabre was planning a service by which customers could find out where travelers were going even before they traveled. Sabre CEO Michael Durham was quoted as having said, "Think about how much companies would pay for [the names of] people who have reservations to go to specific places at specific dates and times."
Think of the advantages. You could be inundated with offers from tour guides, limousine companies, restaurants, streetwalkers and purveyors of tickets to shows and concerts even before you leave your house. As one who travels far too much, I can hardly wait. By the way, nowhere in the PC Week article was the word privacy mentioned.
Two days later, the Sabre Group issued a statement saying that they "do not sell passenger names or other private information without the consent of the passenger and have no intention of doing so in the future."
So there seems to have been some misunderstanding that led to the original story. In fact, a Sabre spokesperson said the company never planned any such thing and thinks the reporter was just confused somehow by a theoretical discussion of the data.
What makes me particularly sad is that the first report was so believable because plans of this type do fit right into the norm for U.S. business. The privacy of the individual is seen as an impediment to normal business operations. This contrasts starkly with the efforts now underway in the European Union (EU).
Starting in October 1998, new regulations come into effect in the EU that place strong limits on what businesses can do with data they collect from their customers. Many of the most routine operations of U.S. banks in dealing with the credit cards they issue would be illegal under these regulations. Sabre's statement specifically notes that the company complies with EU privacy regulations.
The U.S. government is now engaged in a series of discussions with the EU with the apparent goal of preserving the freedom of U.S. corporations to do as they see fit in the privacy area.
The hope is that U.S. corporations will decide to do the right thing to protect the privacy of your data by publicly saying what they will do and sticking to their orignial statement. The idea is that if you do not like their policy, you don't do business with them. That is easy to do in theory unless the company provides your electricity or some other hard to duplicate service.
Our government has a number of good reasons to say that laws requiring the protection of private information are not a panacea. But I will say that I'd sure like to be able to point the cops at a U.S.-based corporation that violates my privacy rather than hope that some private consortium will slap its hand.
Disclaimer: Harvard has been suspicious of panaceas for a rather long time, but the above wish for cops is my own opinion.
Related Links
Bradner is a consultant with Harvard University's Office of Information Technology. You can reach him at sob@harvard.edu
