ISSUE 459: THE HIGH-TECH OFFICE- Aug
Businesses should think about online privacy
before government forces laws on all Netizens
The question of trust is turning into a key
factor in the development of Internet commerce.
Concerns about what Web site administrators do with
the private information they collect are proving to be as significant
as concerns about credit card security in limiting customers'
willingness to shop over the Net.
And the slow acceptance of self-regulatory schemes is
bringing government (at least U.S. government) interest.
Similarly, the European Union has ordered its members
to institute laws protecting online privacy -- though it's unclear how
individual governments could enforce such policies across the
TrustE is a Palo Alto-based industry group,
hoping to ward off government regulation by providing a framework for
the Internet to police itself. TrustE offers to certify and audit
sites' privacy activities and may publish a list of sites that have
lost their TrustE seal of approval.
Other schemes, similar in nature, have been proposed
by the Better Business Bureau and the new Online Privacy
Alliance. The BBB is planning to offer an online "seal of approval"
and to set up an office to investigate consumer complaints.
Right now, only a tiny minority of sites have such
policies. Even online members of the Direct Marketing Association
have failed to live up to year-old promises to post information on
their use of customer data. Only three out of 40 DMA members checked
had the promised information online.
Electronic Privacy Information Center (EPIC)
director Marc Rotenberg called these results "pathetic."
And 61 per cent of Web surfers polled last April say
respondents expressed concern about online privacy. (By comparison,
only 25 per cent said they had similar fears about privacy and security
when shopping using more traditional methods.)
Sixty per cent of the people polled believed that
industry self-regulation wouldn't be sufficient to protect their
The problem is not just with e-commerce sites,
however. In May 1997, for example, the U.S. Social Security
Administrator shut down a site where, by typing a name, social security
number, birthdate, birthplace and mother's maiden name, a user could
find an individual's earnings and benefits.
And your social insurance number may show up in places
on the Net where you least expect it (try checking for your SIN number
in a search engine).
Hoping to head off government intervention, the Online
Privacy Alliance in July issued recommendations for protecting privacy
of user-provided data. The Alliance represents companies including Microsoft,
scape, IBM and more.
It would support auditing organizations such as TrustE
and the BBB to assure consumers of the privacy of information gathered
online -- and of how that information will be used. Such organizations
would issue seals that would be displayed in a prominent place on
compliant Web sites.
However, after two years of operation, TrustE, for
example, has only 200 participants.
As a result, EPIC's Rotenberg gave the OPA's proposals
"an 'A' for public relations and a 'D' for privacy protection." Even
TrustE's executive director, Susan Scott, seems reconciled to a
need for legislation to provide a backup to industry self-regulation
and codes of conduct.
U.S. Federal Trade Commissioner Robert Pitosky
suggests that Web site operators must do a number of things if they
want to gain consumer trust, and forestall government intervention.
* give consumers a choice between providing personal
data or not; if they provide information, consumers must be able to
control whether it is provided to third parties or not;
* allow consumers to review information collected on
them, and give them the opportunity to correct inaccuracies;
* give consumers a sense that all reasonable efforts
are being made to keep personal data out of the hands of hackers.
Pitosky expects legislation in the U.S. by year-end
unless there is significant industry compliance with these proposals.
Christine Varney, speaking for the Online
Privacy Association, however, is pessimistic about the power of the
She pointed out that the U.S. passed the Telemarketing
Fraud Act in 1994, when such fraud cost consumers $40 million Today,
four years after passage of the law, such fraud is estimated to have
grown to $60 million.
Of course, Web surfers too have ways of protecting
Some studies suggest that when faced with requests to
enter names, e-mail addresses and the like, as many as half of Web site
visitors simply lie.
Still, if you're collecting personal data online, it's
probably in your own best interest to let your online customers have
control over the data -- before some government forces you to do so.*