Web Site Privacy – How Much Should We Worry?
Web Site Privacy – How Much Should We Worry?
Case study 10: Web Site Privacy: How Much Should We Worry?
The Internet has quickly become one of the most important sources of personal data. Obviously, we openly volunteer personal information such as our names, addresses, and e-mail addresses when we register to gain access to a Web site, or when we subscribe to an on-line newsletter. If you bank through the Net or invest through an on-line brokerage firm, you must give out a great deal more personal data. Although you give this information freely, you rarely have any control over what the site will do with it. Additionally many sites are gathering much more personal information without our even being aware of it using “cookies” and other tools for gathering personal data from Web visitors.
Once these data are collected they are often merged with other personal data about the individual to develop detailed profiles of customer behavior for marketing campaigns. Many companies sell personal data in order to obtain income. Acxiom Corp. has collected data on 176 million individuals, data that is for sale. “They follow you more closely than the U.S. government,” says Anthony Picardi, a software analyst at International Data Corp.
Public institutions, such as hospitals, schools, and the police, also collect massive amounts of data on their clients (patients, students, and citizens). Medical data in particular are becoming more and more centralized into huge databases. Many medical institutions are private and, without government regulation, are free to sell their data. Moreover, organizations are occasionally privatized, merged, or closed, and so their data could end up in the hands of someone who would sell them. For example, the Federal Trade Commission (FTC) filed suit in July 2000 against Toysmart.com, the failed on-line retailer of childrens toys, to block the company from selling its customer data as part of its assets. Toysmart.coms databases included information such as childrens names, birth dates, and toy wish lists, and the firms privacy policy promised that personal information voluntarily submitted by Web site visitors would never be shared with a third party. The case was settled when the FTC said Toysmart.com could sell the information provided the buyer purchase the entire company and adhere to Toysmarts privacy policy. Two other expiring Internet companies, Boo.com and CraftShop.com, were also discovered trying to sell private customer information, such as home addresses, telephone and credit card numbers, and data on shopping habits.
Why does this lucrative trade in personal data exist? Obviously, one reason is to increase sales. Many businesses use the information to locate good sales prospects or to target repeat customers with new offers of items to purchase. Web sites even use their own data to direct visitors to other sites in exchange for a fee. Insurance companies, lawyers, bail bondspersons, manufacturers of home security equipment, and even funeral parlors want personal data on recent crime victims in the hope of finding new clients.
Increasing sales is not the only reason for interest in these data, however. Organizations can use data on your Web travels to draw implications about you, implications that can be wrong and harmful. Job applicants may find that trouble they had in elementary school has followed them the rest of their lives. Or the employer may find that an applicant has visited a number of sites relating to AIDS. The candidate may then be denied employment based on the conclusion that the candidate has AIDS even though the person may have visited them for many reasons, such as curiosity, research (for work, school), or to help a friend. Compounding this problem, data errors are likely to abound. Data can be inaccurate, false, and out of date and still be sold repeatedly or used in ways that harms the individual.
Because personal data can help as well as harm, its collection presents many people with a dilemma. “Theres no question that this technology could be hugely invasive,” explains Christine Varney, who was the Internet expert for the Federal Trade Commission (FTC) until August 1997 and now heads the Online Privacy Alliance. “But,” she continues, “it could also be enormously empowering by allowing individuals to make their own choices and by saving us all time and money.” Studies do show that most users want some protection from indiscriminate use of their personal data, but they will supply it as long as they benefit from the proffered information and are fully informed as to how the data will be used.
Many individuals and organizations are addressing the Internet privacy issue. Self-regulation (that is, regulation by the industry rather than by the government) is a major approach involving some of the leading Internet companies. Online Privacy