The Roots of Privacy




Peter de Jager is a provocative Speaker, Writer and Consultant. His primary focus in on how we manage change, technology and the future.

In addition to speaking at conferences worldwide, he also writes monthly columns for CIO Magazine and Computerworld Canada.

His goal is always to question what we think is so, and in so doing perhaps open up new opportunities.

If you'd like permission to reprint any of Peter's articles, please contact him directly.

You can contact him at

Or sign the Guest Book and he'll get back to you. 

Here's a guiding philosophy most leaders would agree with, "It's easier to ask for forgiveness, than to beg for permission." This is how we get things done. We see something that needs doing and do it. No running around checking with everyone to ensure it's the 'right' thing to do. We act, and if necessary, make our apologies later.

  We're even proud of this behaviour, but it's easy to push the concept beyond an ill-defined fuzzy boundary, to where it becomes unethical. When we do things we know we'll have to apologize for later, then we've crossed that fuzzy line.

  Why this concern with the ethics of crossing fuzzy lines? Because sometimes, it's possible for someone to shift those 'ethical' boundaries until traditional business practices are called into question. An example of this is Canada's Personal Information Protection and Electronic Documents Act.

  The Act was put together by business, consumers, academics and government under the guidance of the Canadian Standards Association. It contains 10 guiding principles for the fair management of personal information. The Act's worthy objective is to give individuals control over how their personal information is used in the private sector.

  One of these 10 principles deals with the issue of 'Consent', part of it reads, businesses must "Obtain the individual's consent before, or at the time of collection, as well as when a new use is identified." The act goes further and includes a Grandfather clause to cover data you've already collected before the Act became a reality... "Since it has already been collected, you don't need to recollect it. However, in order to continue to use or disclose this information, you now require consent." [ ]

  So much for apologizing after the fact. To demonstrate the slippery ethical slope, let's use a simple example of some basic information not even covered by the Act. (i.e.. name, title, business address or telephone number)  Over the years, I've collected tens of thousands of business cards and e-mail addresses. When do I cross the 'ethical' boundary? When I mail out brochures advertising my consulting services? When I send out an e-mail announcing a new speaking topic? When I sell my list to a third party? To remain ethical... must I send them an e-mail to get their permission to send them an e-mail?

  The Act is well intentioned. Privacy is a legitimate concern shared by all citizens. The 10 guiding principles of: 'Accountability', 'Identifying purpose', 'Consent', 'Limiting collection', 'Limiting use, disclosure, and retention', 'Accuracy', 'Safeguards', 'Openness', 'Individual access', 'Challenging compliance.' are all necessary, but the real solution to the issue of privacy doesn't reside in the text of the Act...

  George Radwanski, the Privacy Commissioner of Canada in his introductory message on the Privacy site, makes the following observation, "I'm hopeful that, for most businesses, the administration of the Act will feel more like self-regulation than government regulation. ...the privacy principles and fair information practices set out in the Act are not difficult to understand: they are good business practice, and they make good sense." Self-regulation is the key to compliance, and being a good corporate citizen.

  The basic concept underlying 'Privacy' is that the individual owns their personal information and should have control over how it is used. How that gets interpreted in the corporate world depends more on the Ethical philosophy of the company, than on the legal interpretation of a Government regulation.

  Of course, getting everyone to dance to the same ethical drum is going to take some doing. Even in the simplest of ethical debates, it's not uncommon to encounter widely differing opinions. This is fine as long as the scenario under discussion is some hypothetical situation with no corporate impact. It's another thing entirely if it's about customer relationships.

  The 10 Principles of the Act are a good place to start. Who in your organization makes decisions regarding either customer contact or the use of customer information? Should they spend some time discussing/debating the 10 Principles? The more they're aware of the new rules, the less likely they'll step over the fuzzy lines.

  Personal rules of behavior that worked well in the past, will get us into some interesting trouble in the future, unless we take to time to see where the ethical lines have shifted.

2005, Peter de Jager Peter is passionate about change, how it affects both individuals and organizations and allows them to grow and prosper. To contact him, and host internal seminars on Change visit

For reprint permissions click here

  break line



Change Management

IT Management

Looking to the Future

Technological Implications

Soft Skills


Return to