Personal privacy : Steps to protect you, the consumer.
There has been a lot of talk about privacy on the net lately, especially as the Federal Trade Commission wraps up its week of hearings on the subject. Indeed, it seems as if everyone is talking about finding ways to protect consumers on the net, yet too few people are doing anything about it.
The Electronic Privacy Information Center (EPIC) has recently released a special report, "Surfer Beware: Personal Privacy and The Internet" which concludes that "few websites today have explicit privacy policies (only 17 of our sample) and none of the top 100 websites meet basic standards for privacy protection." The report raised some interesting questions about the use of "cookies" to collect and store personal information such as passwords and, in some cases, user preferences. It also discussed the extent to which web sites fail to disclose to the user whether or not their personal information is being sold, rented or otherwise passed on to other parties.
The report ended with five recommendations:
- Web sites should make available a privacy policy that is easy to find. Ideally the policy should be accessible from the home page by looking for the word "privacy."
- Privacy policies should state clearly how and when personal information is collected.
- Web sites should make it possible for individuals to get access to their own data.
- Cookies transactions should be more transparent.
- Web sites should continue to support anonymous access for Internet users.
On a related note, both Microsoft and Netscape announced that they would be supporting the Open Profiling Standard (OPS), a proposed specification that gives computer users more control over how their personal information is exchanged on the Internet. OPS will make it possible for a web user to decide whether or not to release information stored on his computer that's requested by a website. With OPS, a computer user could store a personal profile on his system or corporate server, and then authorize a website to access all, part or none of that information. If the site requests additional information, it can -- with your permission -- add that to your personal profile. The key here is that nothing can happen without the consumer's authorization.
Each OPS profile includes a personal identifier for the user and an identifier for each site visited. It also contains demographic information about you such as country, zip code, age, and gender. Finally, there is specific information about you, including your name, address, zip code, country and telephone number. On the surface, this looks like big brother. There will also be areas to store such data as credit card number, social security and other potentially sensitive information. The computer is keeping track of your information but, if the companies involved in this initiative is correct, the information can only be divulged with your permission.
Websites, according to the companies, will not be able to access this data unless you specifically OK it and the information itself will be encrypted so it can't be understood by unauthorized people, even if they gain access to your computer.
For more on OPS, check out the following sites:
Microsoft OPS discussion
Joint Press Release: "Firefly, Netscape and Microsoft Cooperate to Build upon Previously Proposed OPS Standard for Personalization with Privacy"
Firefly's OPS Resource CenterThis article originally appeared on the Prodigy Internet service.
© 1997 Prodigy Services Corporation. All rights reserved.
