You may wonder what an annual gathering of privacy campaigners has to do with the UK's corporate IT departments. At a time of year when business people across the land were busy with the mutual back-slapping of industry award ceremonies, last month's Big Brother Awards at the London School of Economics was an altogether less self-congratulatory affair. And with such gongs as Corporate Menace and Most Appalling Project on offer, it's no surprise that most of the nominees declined to attend.
The Big Brother Awards is run by campaign group Privacy International and judged by a distinguished panel of lawyers, academics, consultants, journalists and civil rights activists. It aims to highlight abuses of personal privacy by both public and private organisations, as well as governments, government agencies and public servants. In the three years the ceremony has been running, it has gained increasing credibility and ever more widespread coverage. There are now Big Brother Awards in US, Germany, Austria, France and Switzerland.
Of most interest to readers of B&T is the Corporate Menace award. Among this year's nominees was online retailer Amazon.co.uk. Privacy International claims that because of the way its IT systems are set up, the company is unable to comply with the UK Data Protection Act (which requires organisations to provide individuals with copies of any data held about them on request, within a set time frame). Despite escaping the ignominy of winning the Corporate Menace award (that dubious accolade went to Envision Licensing for the invasive techniques it uses to gather TV licence fees), Amazon.co.uk has by no means escaped censure. Simon Davies, director of Privacy International, said,
"We've contacted the Data Protection Commissioner and asked that Amazon.co.uk's systems are shut down until the company can comply with the law."
While the Data Protection Commissioner is unlikely to take such a drastic step without first giving Amazon.co.uk a chance to bring its systems into compliance, Privacy International is planning to take private legal action and its campaign has received significant media coverage over the past month. This may well have made any online Christmas shoppers concerned about privacy think twice before handing their customer data - and by extension their custom - to Amazon.co.uk.
According to Davies, Amazon is not the worst offender. "Many companies need to take privacy seriously in every respect, from the core of the systems design right through to the servicing of the end user," he told B&T. "We're going to take a whole series of actions over the next three to six months - not just in the e-commerce sector but also in banking, medical, travel and so on. We are entitled to take legal action and that's what we are going to do."
Those who think that European data protection legislation places unreasonable demands on business often point to the lack of such regulations in the US. But there are signs that US consumers would also like to see similar legislation to that which exists in Europe. Last year a survey of over 2,000 US consumers, the Pew Internet and American Life Project, found that 86% favoured the introduction of even stronger privacy protection than in Europe. Other research has delivered similar findings.
This growing public concern over privacy should be of particular interest to IT directors and CIOs, since more often than not they are charged with getting on top of the issue and introducing appropriate IT systems and information policies. In commercial terms, those who see which way the wind is blowing and introduce appropriate policies before forced to by law or, worse, publicly shamed into doing so, will hold a significant advantage over their competitors.
Davies said Privacy International would be willing to offer its services. "There is an enormous body of talent within Privacy International who would be happy to sit down and work out solutions to some of the privacy problems faced by organisations, but most companies don't want to know," he said.
And beyond the invasion of customer privacy, there is the thorny issue of employee surveillance. Once again, it is IT bosses who are having to grapple not just with the logistical implications raised, but also the moral ones. The introduction of blanket surveillance of staff e-mail and Web usage effectively tasks IT directors in certain companies with spying on their colleagues. It is also a legal grey area.
"The law requires that companies must only introduce surveillance in proportion to the perceived threat, Davies told B&T. "So it isn't good enough to say the DTI guidelines give a green light to surveillance because they don't. If, for example, I work in a car sales company, the level of surveillance I can place my workers under is a great deal different to what it would be if I was working in, say, an investment bank."
Alongside the Big Brother Awards, Privacy International also handed out the Winstons, a set of awards for people and organisations that have done the most to protect privacy. Among this year's winners was the Manufacturing, Science and Finance Union (MSF) which has worked hard over the past 18 months to bring the issue of staff surveillance into the open. Peter Skyte, national secretary of the MSF's Information Technology Professionals Association collected the award. He later told B&T: "Reasonable use of e-mail and the Internet is no different from the use of the employer's telephone system for personal calls where most employers accept reasonable use either formally or informally, provided this facility is not abused."
Skyte said the MSF recommends negotiated workplace agreements covering access to electronic networks and communication systems; codes of practice regulating employer surveillance and monitoring systems; and the legal regulation of workplace agreements through the introduction of UK privacy legislation. Far from being hailed as interventionist and burdensome, such measures are likely to be broadly welcomed by many IT leaders who would welcome such sensitive issues being set in stone. Better that than having to shoulder alone the burden of deciding whether the invasion of colleagues' privacy is legally and morally justified.
For more information on Privacy International and the Big Brother Awards, see www.privacyinternational.org