The cases of employee and customer data breaches (discussed in this Lustigman blog entry) continue to increase, and even those we knew about are getting worse. According to a June 7 article by Hope Yen of the Associated Press, not only was veterans' personal information stolen from a Veteran Affairs employee's home last month, but "personal data for as many as 1.1 million active-duty military personnel, 430,000 National Guard members and 645,000 Reserve members" may have been in the database as well. Imagine having to tell a Marine in Iraq that, while she is risking her life overseas, someone has stolen her identity and ruined her credit at home. That data loss has resulted in a class-action lawsuit filed by a coalition of veterans groups including the Vietnam Veterans of America. Add to that the loss by grocery chain owner Ahold USA of a laptop containing retiree information, and even the ongoing controversy regarding the disclosure by telecommunications companies of telephone records to the National Security Agency, and privacy remains front-page news throughout the U.S. and beyond.

Whether you are a chief marketing officer, a chief privacy officer, or other professional, you must keep apprised of developments in privacy laws and rules and best practices for protecting information. What are the best sources of this information? One place to start is the Federal Trade Commission's privacy home page. Here, you will find links to the federal laws covering privacy and data protection, plain-language explanations, details on enforcement actions, and other resources. You may also want to consider joining the International Association of Privacy Professionals (IAPP), one of the leading trade associations in the privacy area. In addition to conferences and even a certification program, IAPP publishes a daily e-mail bulletin and a monthly newsletter where key privacy issues are discussed. Beyond those sites, you can look to advocacy groups like the Electronic Privacy Information Center and the Center for Democracy and Technology, privacy initiatives such as those of the Direct Marketing Association, and privacy information sections of attorney general Web sites.

Above all, do not stick your head in the sand when it comes to privacy and data protection. While there is certainly the possibility that an inaccurate privacy policy can lead to liability, failing to not only post but follow a full privacy policy covering online and offline data alike is no solution. Whether you are focusing on privacy in your organization, rest assured that your customers, employees, competitors and the enforcement officials in your locale are. If you need to justify the expense of a full privacy review within your organization, look at it as an investment in customer good will, and an insurance policy against lawsuits and PR nightmares.

Jonathan I. Ezor, Special Counsel, The Lustigman Firm