Application convergence and personal privacy, Part 2

Last time, we noted that a customer’s personal information must be tightly controlled – especially in the face of easier access to customer information offered by IP phone systems. In fact, information control is not only a moral requirement, but it is also the law in some jurisdictions.

For example, in California, state law requires “a state agency, or a person or business that conducts business in California, that owns or licenses computerized data that includes personal information… to disclose in specified ways, any breach of the security of the data… to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person.”

The law permits notifications to be delayed if a law enforcement agency determines that it would impede a criminal investigation.

Personal information includes an “individual’s first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted: (1) Social security number. (2) Driver’s license number or California Identification Card number. (3) Account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual’s financial account.”

For our readers who think this trend applies only to California, please note that U.S. Senator Dianne Feinstein (D-Calif.) and others are making progress to introduce this law at the federal level.

The bottom line: While customer service can be improved by easing employee access to customer information, business must assure they don’t overlook the need for maintaining customer privacy.