POV: date=December 2007 Consumer privacy laws and regulations seek to protect any individual from loss of privacy due to failures or limitations of corporate customer privacy measures. They recognize that the damage done by privacy loss is typically not measurable, nor can it be undone, and that commercial organizations have little or no interest in taking unprofitable measures to drastically increase privacy of customers - indeed, their motivation is very often quite the opposite, to share data for commercial advantage, and to fail to officially recognize it as sensitive, so as to avoid legal liability for lapses of security that may occur.

Consumer privacy concerns date back to the first commercial couriers and bankers, who in every culture took strong measures to protect customer privacy, but also in every culture tended to be subject to very harsh punitive measures for failures to keep a customer's information private. The Hippocratic Oath includes a requirement for doctors to avoid mentioning ills of patients to others, not only to protect them, but to protect their families - the same basic idea as modern consumer privacy law and regulation, which recognizes that innocent third parties can be harmed by the loss of control of sensitive information, and that therefore there is a responsibility beyond that to the 'customer' or 'client'. Today the ethical codes of most professions very clearly specify privacy measures beyond that for the 'consumer' of an arbitrary service. Those measures are discussed in other articles on medical privacy, client confidentiality and national security - and to a degree in carceral state (where no privacy in any form nor limits on state oversight or data use exist).

Modern consumer privacy law in a recognizable form originated in telecom regulation, when it was recognized that a telco, especially a monopoly (known in most nations as a PTT), had access to unprecedented levels of information about not only the direct customer's communications habits and correspondents, but also that of those who shared his or her household. It was also often the case that telephone operators could hear conversations, inadvertently or deliberately, and were required to dial the exact numbers.

The data gathering required for billing began to become an obvious privacy risk as well. Accordingly, strong rules on operator behavior, customer confidentiality, records keeping and destruction were enforced on telcos in every country. Typically only police and military authorities had powers to 'wiretap' or see records. Even stricter requirements emerged for banks' electronic records - in some countries financial privacy is a major focus of the economy, and penalties for violating it are severe and criminal penalties applied. In Austria in the 1990s mere mention of a client's name in a semi-public social setting was enough to earn a junior bank executive a stiff jail sentence.

Through the 1970s many other organizations in developed nations began to acquire sensitive data, but there were few or no regulations in place to prevent them from sharing or abusing it. Customer trust and goodwill was generally thought to be sufficient in some nations, notably the United States, to ensure protection of truly sensitive data. 'Caveat emptor' applied. But in the 1980s much smaller organizations began to get access to computer hardware and software, and these simply did not have the procedures or personnel or expertise, nor less the time, to take rigorous measures to protect their customers. Meanwhile, via target marketing and rewards programs, they were acquiring ever more data.