Privacy Handbook: Guidelines, Exposures, Policy Implementation, and International Issues

For a company or organization, the most valuable intangible asset they have is trust, and the resulting goodwill from this trust. It may take years for a company to build up this asset, but as companies such as ChoicePoint learned this past year, it can all be gone just like that. Their crime was that of giving away private information about people to a criminal engaged in identity theft, and they failed to notify anybody until they had to under a California Privacy law. But it can be a daunting challenge to get a firm grasp on how privacy should be implemented in the enterprise, as well as knowing what laws of what jurisdictions may be applicable. That is why "Privacy Handbook: Guidelines, Exposures, Policy Implementation, and International Issues" (Albert J. Marcella, Jr. and Carol Stucki, John Wiley and Sons, 2003, 384 Pages, ISBN 0470011513) needs to be on the bookshelves of any professional that takes privacy seriously. I will not kid you and say this is an easy read. There is an abundance of material to get through and grasp. In fact, I have read through it twice already and am sure i will be going back. Why, because of the complexity and nuances of dealing with the issue in a serious way. When the authors talk about trust, it hits many levels, impacting customers, employees, vendors, and third parties (such as the case with ChoicePoint). The authors start out discussing why privacy is important and then step by step walk the reader through how our notion of privacy has eroded over the years. They explain how it has happened through not only the passage of laws, but loopholes in the laws that are passed. They talk about how the Internet Explosion has had such an impact in ways most people may not comprehend. The authors take great pains to distinguish between privacy types, such as public information vs. non-public information. Then the fun starts, they provide an extensive, but not full, listing of privacy resources available to people, as well as a listing of various privacy statutes on the books or proposed in various countries around the world. This latter item is extremely important to businesses because they must be cognizant of the privacy laws where there customers, vendors, employees live. Note that this is constantly changing, so additional due diligence is required on the part of the reader. The other great strength of this book is that they walk you through the establishment and inclusion of privacy policies and standards, aligned to your business needs and objectives, as part of an overall security strategy for an organization. They acknowledge and discuss the barriers to success, but provide an excellent roadmap to make people successful. Even though the book was published in 2003, it does not mean it is obsolete. On the contrary, while the laws and sits referenced in the book may be changed, the underlying concepts and guidance have not. An added bonus is the companion website to the book, which contains an additional 3