ways in which corporate policies affecting privacy are brought into being.
These policies are often based on guidelines developed by membership associations representing the sectoral interests of firms within a particular industry. Trade associations, such as the Direct Marketing Association, often develop and publish a set of standard practices or codes of ethics that members are expected to honor.
Two privacy-related organizations are also influential in shaping corporate privacy policies. One organization is Privacy & American Business, which is an activity of the non-profit Center for Social & Legal Research, a non-profit, non-partisan public policy think tank exploring U.S. and global issues of consumer and employee privacy and data protection. Launched by Alan Westin in 1993 as a “privacy-sensitive but business-friendly” organization to provide information useful to businesses about privacy,57 it began training and certifying corporate privacy officers in 2000. A second organization, the International Association of Privacy Professionals, offers the Certified Information Privacy Professional credentialing program and a variety of information resources (newsletters, conferences, discussion forums, and so on).58
Firms within industrial sectors that have traditionally been the target of government oversight are more likely than firms in other sectors to have established their own privacy policies—financial services and health care are two of the most obvious, and privacy efforts in these areas have been driven legislatively with the Gramm-Leach-Bliley Act of 1999 for the former and the Health Insurance Portability and Accountability Act of 1996 for the latter. Firms in other business sectors tend not to develop