--Alan Zisman

Businesses should think about online privacy
before government forces laws on all Netizens

The question of trust is turning into a key factor in the development of Internet commerce.

Concerns about what Web site administrators do with the private information they collect are proving to be as significant as concerns about credit card security in limiting customers' willingness to shop over the Net.

And the slow acceptance of self-regulatory schemes is bringing government (at least U.S. government) interest.

Similarly, the European Union has ordered its members to institute laws protecting online privacy -- though it's unclear how individual governments could enforce such policies across the borderless Internet.

TrustE is a Palo Alto-based industry group, hoping to ward off government regulation by providing a framework for the Internet to police itself. TrustE offers to certify and audit sites' privacy activities and may publish a list of sites that have lost their TrustE seal of approval.

Other schemes, similar in nature, have been proposed by the Better Business Bureau and the new Online Privacy Alliance. The BBB is planning to offer an online "seal of approval" and to set up an office to investigate consumer complaints.

Right now, only a tiny minority of sites have such policies. Even online members of the Direct Marketing Association have failed to live up to year-old promises to post information on their use of customer data. Only three out of 40 DMA members checked had the promised information online.

Electronic Privacy Information Center (EPIC) director Marc Rotenberg called these results "pathetic."

And 61 per cent of Web surfers polled last April say they have never seen a privacy policy online, while 81 per cent of respondents expressed concern about online privacy. (By comparison, only 25 per cent said they had similar fears about privacy and security when shopping using more traditional methods.)

Sixty per cent of the people polled believed that industry self-regulation wouldn't be sufficient to protect their privacy.

The problem is not just with e-commerce sites, however. In May 1997, for example, the U.S. Social Security Administrator shut down a site where, by typing a name, social security number, birthdate, birthplace and mother's maiden name, a user could find an individual's earnings and benefits.

And your social insurance number may show up in places on the Net where you least expect it (try checking for your SIN number in a search engine).

Hoping to head off government intervention, the Online Privacy Alliance in July issued recommendations for protecting privacy of user-provided data. The Alliance represents companies including Microsoft, Net-
, IBM and more.

It would support auditing organizations such as TrustE and the BBB to assure consumers of the privacy of information gathered online -- and of how that information will be used. Such organizations would issue seals that would be displayed in a prominent place on compliant Web sites.

However, after two years of operation, TrustE, for example, has only 200 participants.

As a result, EPIC's Rotenberg gave the OPA's proposals "an 'A' for public relations and a 'D' for privacy protection." Even TrustE's executive director, Susan Scott, seems reconciled to a need for legislation to provide a backup to industry self-regulation and codes of conduct.

U.S. Federal Trade Commissioner Robert Pitosky suggests that Web site operators must do a number of things if they want to gain consumer trust, and forestall government intervention. They must:

* give consumers a choice between providing personal data or not; if they provide information, consumers must be able to control whether it is provided to third parties or not;

* allow consumers to review information collected on them, and give them the opportunity to correct inaccuracies;

* give consumers a sense that all reasonable efforts are being made to keep personal data out of the hands of hackers.

Pitosky expects legislation in the U.S. by year-end unless there is significant industry compliance with these proposals.

Christine Varney, speaking for the Online Privacy Association, however, is pessimistic about the power of the law.

She pointed out that the U.S. passed the Telemarketing Fraud Act in 1994, when such fraud cost consumers $40 million Today, four years after passage of the law, such fraud is estimated to have grown to $60 million.

Of course, Web surfers too have ways of protecting their privacy.

Some studies suggest that when faced with requests to enter names, e-mail addresses and the like, as many as half of Web site visitors simply lie.

Still, if you're collecting personal data online, it's probably in your own best interest to let your online customers have control over the data -- before some government forces you to do so.*

Search WWW Search

Alan Zisman is a Vancouver educator, writer, and computer specialist. He can be reached at E-mail Alan