The reason for this oversight hinges, in part, on the lack of data linking corporate expenditures with privacy protection. But last month, several new studies purported to show that privacy regulations would cost billions of dollars. Days later, the US Federal Trade Commission held a hearing exploring how corporations harvest and exchange data about consumers - and how the sharing of that information cuts costs for consumers on everything from bank loans to T-shirts.
As the privacy war continues to simmer, the subject of costs is becoming a major battleground. Will privacy regulations saddle electronic commerce companies with new expenses? Probably. But the degree to which e-commerce is weighed down by privacy costs depends on the nature of the legislation.
"When we talk about privacy [laws], we are talking about a fundamental shift in how our economy operates," says Rick Lane, director of e-commerce and Internet technology at the US Chamber of Commerce. "There would be massive amounts of costs associated with that. There has to be - you're talking about completely changing the dynamics of how businesses interact with customers."
But others engaged in the privacy debate argue that regulations will eventually pay for themselves - if not end up enriching e-commerce firms - by bolstering consumer trust and shepherding more shoppers to the Internet.
"There are some costs, I won't be naive," says John McCarthy, a group director at Forrester Research. "But is there a huge cost of forcing a company to come clean on who they share information with? I don't think so."
McCarthy adds: "Businesses that view this as a compliance issue are kicking their customers in the shins. It's about building customer loyalty, building customer trust. Why is that so bad for the economy and for business?"
The cost issue has several dimensions. Depending on the details of the privacy legislation being considered, companies could be forced to:
- Hire chief privacy officers, or attorneys dedicated to privacy issues;
- Make privacy central to the business and dedicate increasingly more resources to privacy; and
- Buy new hardware and software to protect privacy, authenticate users and secure databases of personally identifiable information.
