Stage 1 : E -Privacy Drivers

7.1

This initial step in the cycle requires the provider to think carefully about what the future will look like in any given business domain. For example, currently there is considerable interest in migrating the success of conventional 'bricks and mortar' operations to an E-Business format. There have been spectacular success stories in this process but many more failures. This suggests that the transfer to a new modus operandi is a complex process or that, as some observers note, the 'whole E-Business thing' has been blown out of proportion. That is, for many customers, E-Business is something that is simply ahead of its time. Certainly the evidence is that there have been difficulties in the diffusion and adoption process and Hong Kong is no exception to this.

7.2

The present state of E-Business suggests
that some providers have better conceptualised or mapped an accurate picture of the future. This has been matched with the ability to implement strategic initiatives that seek to secure that vision of the future. However, clear thinking alone is not enough; it must be matched by reasoned analysis and judgements that are relevant to the individual provider's business domain. So, any E-Privacy Policy must be preceded by reconnaissance to ascertain what is tenable, in terms of the future, for any particular provider; the contention being that E-Privacy should be a constituent element of that vision.

7.3

If this is accepted then E-Privacy needs to become a core value that influences behaviour in the workplace. A commitment to creating this value means that all planning and implementation activity must be aligned with the vision of the future. This can be seen in the following examples. to become a core value that influences behaviour in the workplace. A commitment to creating this value means that all planning and implementation activity must be aligned with the vision of the future. This can be seen in the following examples.

• E-Privacy Culture - Creating the Value
  Organisational cultures take their cues both from the prevailing values and customs evident within the society in which business is conducted, and from the leadership of the organisation. Frequently, change in the 'ways of doing things' is met with resistance. The lessons of the past offer insights into what may happen in the future with E-Privacy. The initial ideas of thinkers on social issues such as consumerism and the environment were often regarded with scepticism. However, some entrepreneurs took a more enlightened approach by looking at these developments not as a threat, but as an opportunity for the business. That is the way in which E-Privacy should be regarded. A concept whose time has come and one that presents the provider with a new opportunity and basis upon which to compete.
  
  The future-oriented provider should regard E-Privacy as a 'new' value. The creation of that value necessitates the support and involvement of top management. However, this leadership should go beyond the trappings of E-Privacy if the initiative is to be credible. If that is the case then a provider will benefit by creating a favourable perception towards E-Privacy as a corporate value both with internal and external customers. The challenge then is to match the expectation created in the market place. This requires a disciplined approach to the implementation of operational strategies. The danger, of course, is that that the provider may over-promise and under-deliver which is likely to be counter-productive. Expectations should be appropriately pitched
  and managed.
  
  Creating the E-Privacy value, and sustaining it, will become part of the benchmark of excellence that consumers expect of leading providers. More significantly, commitment to the maintenance of this value will result in a win-win outcome for providers and customers alike.
  
  Though essential, creating the value may seem a rather obscure process. To try and make it more tangible it is useful to move to the micro level and look at an E-Privacy Policy Statement that encompasses the value and key features of online personal data privacy.
• E-Privacy Policy Statement (E-PPS)
  Good E-Privacy must respect E-Privacy principles in the conduct of all
  aspects of online and offline transactions. This means that E-Privacy values need to be
  apparent in the provider's on-screen E-Privacy Policy Statement ("E-PPS"). An E-PPS
  is a requirement of the Ordinance where a provider collects information online from
  individuals, that enables those individuals to be identified. This is most likely to arise in
  connection with online registration or service sign-up. However, such information may
  also be collected through other means such as the use of cookies.

7.4

It has been said that if you can't measure it, you can't manage it. The effectiveness of any particular E-Privacy Policy statement must be measured against its ability to deliver on four key dimensions:

• Respect for the Provisions of the Ordinance
  Providers need to create the value for E-Privacy so that it becomes one of the
  distinguishing features of the provider's organisational culture.
• Accountability
  Procedures should be put in place that will ensure operational compliance on a day-to
  day basis. This implies the appointment by the provider of appropriately qualified
  person(s) whose job description addresses this responsibility.
• Informed Consent
  The right of the customer to exercise control over the collection and use of their personal data by a provider. This can only be achieved if the provider accepts the principle of informed choice and consent.
• Customer Redress Mechanism
  Providers should ensure that, in the event of a customer grievance, there is an effective online redress mechanism that is user-friendly.

7.5

In summary, E-Privacy Policy should seek to eliminate the possibility of unlawful and unauthorised access and use of personal data. The ultimate goal is zero tolerance.