PRIVACY
ETHICS OF COLLECTING
AND USING CONSUMER
INTERNET DATA
JANICE C. SIPIOR ie
an associate professor
of MIS at Villanova
University, Villanova,
Pennesluania.
BURKE T.WARDisen
‘associate profeseor in
the department of
eccounting-and a
faculty memember of
graduate tax program
ft Villanova
University
NICHOLAS M.
RONGIONE is an
associate professor of
business law at
Villanova Univers.
JariceC. Sipior, Burke T. Ward, and Nicholas Mt. Rongione
‘A wealth of information concerning a consumer's Internet use and preferences can, with rela-
tive ease, be gathered and disseminated. Sometimes, a consumer may willingly give personal
information to enhance the browsing experience at a favorite Web site. Other times, Internet
monitoring programs may be surreptitiously gathering this information so it can be used to
‘commit identify theft. In another instance, information willingly given to one site is sold to a
third party that uses it to promote its own Web services. The ethics of these first two scenarios
is clear: the first is good and the second is bad. The third, however, is not so clear. The con-
‘sumer may feel that private information has been violated while industry may feel it is doing
good by better serving the consumer. These are just a small sampling of the range of ethical
situations data collection on the Internet creates. This article identifies the ways Internet infor-
‘mation about consumers is collected and examines the ethical issues created by the collection
process and its consequences.
pand worldwide. Current cstimates
range from 259.3 million to 407.1 mil
lion Internet users worldwide. There are
an estimated 106.7 million users in the United
States alone. The explosive growth in the use
of the Internet for information access, file
transfer, e-mail, collaborative work, banking,
shopping, and performing countless other
functions makes clectronic commerce (Ecom-
merce) increasingly attractive. Acconling to
some industry experts, threats to consumer pri-
cy have tempered the growth of retail E-com-
merce. Indeed, 61 percent of Internet users in
the United States reported that they do not pur-
chase online because of privacy concerns. An
estimated $15 billion in Ecommerce revenues
for 2001 were unrealized because of consum-
cers’ concerns about their privacy, according to
report by Forrester Research.
A wealth of information concerning consum-
cr characteristics and preferences can, with rele
tive ease, be gathered and disseminated through
ii INTERNET ACCESS CONTINUES TO EX-
the Internet. The information collected can be
used beneficially to improve market segmenta-
‘tion and target marketing or to personalize the
consumer's interaction with Web sites. Howev-
ce, the information can also be collected and
sold to third parties for profit. The nondisclo-
sure of the intended use of information collect-
‘ed, coupled with the surreptitious nature of its
acquisition, have brought about an es
of consumer privacy concerns and fi
cal issues regarding the acceptability of privacy
invasions in Internet use. Based on years of
work addressing Internet privacy issues, the
U.S. Federal Trade Commission (FTC) has con-
cluded that online privacy continues to present
an enormous public policy challenge. This arti-
cle examines privacy and the cthical issues of
collecting consumer data from the Internet.
‘The types of consumer information collected
and the concerns associated with such practices
are discussed. The question of whether data cok
lection on the Internet is innocuous is then ex:
amined within the context of identity theft andPRIVACY.
ii.
information
collected
identifies
patterns and
habits of
consumers, but
does not reveal
personal
identity.
the consequences of personal information for
sale. Finally, privacy protections from Internet
data collection, including approaches by con-
sumers, industry, and the US. Government, are
addressed.
PRIVACY PROTECTION WITHIN THE
UNITED STATES
Although privacy rights within the United
States were explicitly recognized in the late
1800s, the full extent of these rights remains
unclear, Almost half a century ago, a federal
judge analogized the confusing state of privacy
rights to a“haystack in a hurricane"In an often-
cited article of continuing vitality, Bloustein
stated that “words we use to identify and de
scribe basic human values are necessarily
vague and illcefined.” He regarded individual
privacy as, in part,a spiritual issue, the unppriv-
ileged invasion of which is an affront to individ-
uality and human dignity. Is the collection of
data from Web users such an unethical affront
to individual human dignity as to be afforded le-
gal protection? Currently, privacy protection in
the United States is an incomplete but complex
amalgam of federal and state constitutions, stat
utes, and regulations,
‘TYPES OF CONSUMER INFORMATION
COLLECTION
Many Web sites are using increasingly sophisti-
cated technology to gather information about
consumers. While technological advances have
improved Internet interaction, some compa-
nies have employed these advances to collect.
otherwise unobtainable consumer data. The
various forms of data collection include specif
ically requested information, communication
tools, anonymous tracking, and information
sharing.
‘Specifically Requested Information
Information may be specifically requested from
consumers for purposes such as making a pur-
chase, registering at a Web site, applying for
membership, or participating in surveys, con-
tests, or other enticements. Consumers are of
ten motivated 10 provide vital_ personal
information, such as their name, postal ad-
dress, e-mail address, and credit card informa-
tion, believing that the information is collected
only for a specific purpose, such as the ship-
ment of their purchase. This may not be the
case. When voluntarily provided information is
used for purposes other than that for which it
‘was given, the privacy violation is particularly
insidious,
Communication Tools
Various service providers offer a variety of
communication tools and may also collect and
‘maintain the content of those communica:
tions, which in turn could be sold to third par-
Consumers may choose to participate in
discussions by posting to newsgroups, bulletin
boards, or chat rooms. Personal information
may be posted voluntarily, but may subsequent-
ly be subject to involuntary disclosures. Such
postings could reveal the identity of the sender,
email address, and place of origin, if partic
pants registered for example. Similarly, Web
site authors may post information about them-
selves and others they know, Search engines
can effect an Internetwide distribution of
these postings. Information about someone
‘else, included in a posting, can subject this
third party to involuntary disclosures as well.
‘Additionally, the content of e-mail and instant
messages may be revealed by a seemingly in-
nocuous forwarding to recipients not intended
by the original sender or by message intercep-
tion.
Clickstream Tracking
Information may surreptitiously be collected
‘while a consumer surfs the Web.A Web site can
use clickstream tracking technology, such as
access logs, cookie files, and Web bugs to ex-
tract information not voluntarily provided. The
information collected identifies patterns and
habits of consumers, but does not reveal per-
sonal identity
‘Access logs store information about each
request for information made by a consumer
from aWeb site. The consumer's Internet Proto-
col (IP) address, the types of computer and
browser used, the requested page, the time
and date of access, and the referring Web site's
address may be captured and transmitted back
to the Web site in the Web page header. Profiles
of behavioral patterns and habits may be creat-
ed with information such as the number of
unique visitors, the site from which the user
‘came, the number of requests for cach page at
the site,and usage patterns in terms of date and
time. Insight on how well promotional or ad-
vertising campaigns are being received can be
gained. The number of users completing registra-
tion forms, clicking on an advertisement, or pur-
chasing a product may be ascertained. Indicative
of the growing trend for such site analytics is thePRIVACY.
i Jhrough
the use of a
unique
identifier, such
as social
security:
number,
matching of
records from
various
sources can
result in an
extensive and
detailed
personal
profile.
continued increase in sales for supporting soft-
‘ware, projected to reach $6 billion by 2006,ac-
cording to Jupiter Research.
Cookie files store clickstream or transac-
tional data captured by aWeb site as the user in-
teracts with the site. Intended to enhance
interaction with the Web, clickstream informa
tion, along with a unique identifier, ae sent
from the Set-Cookie tag within the Web page
header to the user's hard drive and back when
the user revisits the site, Browsers provide us-
crs with the option of declining cookies, but
some sites disallow visits unless cookies can be
placed. Cookies may also be placed by third-
party advertisers featured on sites visited, Users
can opt out of receiving third-party cookies by
visiting, for example, the Network Advertising
Initiative (NAL at httpy//networkadvertsing,
org/optout_nonppii.asp, an online advertising
clearinghouse, Cookies may also include the
address of the site that placed them, allowing
other sites to track sites a consumer has visited,
‘Companies can gain access to even more infor-
mation through cookie sharing, the practice of
sharing and consolidating information gathered
from various Web sites. Particularly threatening
is the possibility of cookie poisoning, Hackers
may intercept cookies and use these files to ap-
pear to be the consumer with whom the cookie
is associated. The hacker is thereby able to gain
access to personal information of that consum-
cer to commit information o identity theft. Ac-
cording to the FTC, identity theft occurs when
someone appropriates your personal informa-
tion without your knowiedge to commit fraud
or theft”
In repeat interaction with a Web site, cook-
ies, if protected through encryption for exam-
ple, can be beneficial. User registration
information, preferences, and transactions,
among other information, could be stored in a
cookie. For subsequent interaction, the cookie
could be used as a signature to authenticate the
consumer's identity and personalize the Web
site according to that consumer's desires. Re-
trieval of registration information would pre-
clude the necessity of reentering it The screen
display could be customized according to pre-
vious choices and interests, Cookies also allow
consumer to leave a site and return later to re-
sume where the interaction left off, forming
the basis of the shopping cart to hold items se-
lected for purchase.
‘Web bugs are small, imperceptible graphic
files placed on a Web site or in. an email mes-
sage to monitor user behavior. While uscrs
have the option to accept or decline cookies,
Web bugs are placed within HTML as a small gif
file, often transparent because itis the same
Color as the background. Web bugs function as
a kind of undetected spyware by transmitting
information to a remote computer when the
page is viewed. Web bugs can collect click
stream data or retrieve this information from a
previously set cookie, tricking whether a spe-
Citic Web page has been viewed, or determin-
ing if an email message has been opened or
forwarded, Web bugs may also be used 10 re-
trieve files stored on a hard drive, record con-
versations through a computer microphone,or
transmit images from a computer's video cam-
‘era.The presence of Web bugs is detected only
ifthe user is able to find an IMG tag within the
HTML that loads from a different Web server
than the rest of the page. Web bugs can also be
put (0 positive use, such as tracking copyright
violations on the Web,
Information Sharing
Even more threatening to individual privacy is
the capability to combine data gathered
through Web interaction with public records,
‘census data, and even survey data. An IP ad-
dress can, with some effort, be traced back to
a specific individual An IP address is either stat
ic, associated with a specific computer, or dy-
namically assigned, The former is usually the
case in a networked corporate environment
‘wherein the IPs assigned to an individual com-
puter:The latter occurs in access through com-
mercial Internet service providers (SPs).
Because IP addresses are centrally coordinated,
a reverse domain name system (DNS) look-up
‘will provide the identity of the ISP to which the
address was assigned: The user's personal infor-
mation can then be obtained from the ISP as a
fog of dynamic addresses is generally main-
tained.
‘The global nature of the Internet enables
easy connectivity to centrally aggregate
reconds. Public sources may contain such
records as driver's records, land titles, property
tax records, court records (such as bankruptcy,
divorces, civil and criminal actions), occupa:
tional licenses, Securities and Exchange Com-
mission filings, and political contributions. The
contents of these records may include personal
information such as date of birth, height and
‘weight, marital status, medical conditions, polit
{cal party affiliation, assessed home value,among
others. Survey data may provide individual char.
acteristics and preferences. Through the use of a
unique identifier such as social security number,PRIVACY
FIGURE 1 Ethical Issues of Consumer Privacy on the Internet,
Consumers
Grintondod
Uses of Data
‘matching of records from various sources can
result in an extensive and detailed personal
profile.
ETHICAL ISSUES OF CONSUMER
PRIVACY ON THE INTERNET
An overwhelming 86 percent of Web users in
the United States reported concern about oth-
‘ers gathering personal information about
them. Internet companies claim this informa-
tion is used beneficially to customize Web site
content to individual interests. However, only
27 percent of respondents agreed that informa-
tion is collected for users’ benefit, while 54
percent viewed such practices as harmful
The privacy controversy over collecting in-
formation on the Internet arises from the far-
reaching, unprecedented capability to collect
more detailed information and disseminate
greater quantities of information. Once infor-
mation is disclosed, the user loses control over
it.The result is a potential for misuse, through
secondary use of the information, either by the
party who collected it or by a third party who
Purchases ot otherwise obtains it, Further con-
tributing to the privacy concern is the surrepti
tious nature of involuntary information
disclosure on the Web. The ethical issues are
depicted in Figure 1 and discussed below.
Loss of Anonymity
‘Consumers may erroneously assume that Web in-
teraction is anonymous The capability to person:
ally identify Web users, without their knowledge,
is afforded through various technological tools,
used alone or in combination with other meth-
‘ods, Even when the actual identity of the user
is not known, a random identifier, such as a
unique numeric user code, associates informa-
tion collected. The potential for personal iden-
Uification is present should a user register, make
4 purchase, or otherwise provide information
such as name, e-mail address, postal address, or
telephone number. The random number can
ily be associated with such personal infor-
mation.
Unintended Uses of Data Collected
Does any use of data collected, other than the
original purpose of gathering that data, consti
tute unintended use? The underlying motive.
tion for the various technological tools is to
‘enhance the user's Web experience and better
serve consumers’ needs and desires. The deter-
‘mination of what use is unintended use is not
so straightforward. In using cookies, for exam-
ple, the onscreen visual cue of dimming the
highlighting for a hotspot after a user has se-
lected it, seems to be within the realm of in-
tended use. An example that is not so clear
‘entails tracking user movements to record pag-
6s viewed, the sequence of viewing, and the
time duration of viewing for the purpose of de-
igning a custom interaction for that user's next
visit.A more clear-cut example of unintended
use is tracking navigation to determine what,
and when, advertisements should be present-
ed. The various technological tools were not
originally intended for the benefit of marketers
and advertisers.
61oe
Privacy
Beni
theft is widely
recognized as
a serious and
growing
problem as
personal
information is
‘more
accessible and
criminals are
becoming more
technologically:
save)
‘Surreptitious Data Collection
Ethically, Web sites have an obligation to con-
‘Sumers to obtain informed consent for the cok
lection and use of personal information.
However, in the commercially competitive en-
vironment of Ecommerce, information gather-
ing may be undertaken without consumers’
Knowledge or permission. The mere aware-
ness, on the part of aWeb user, of the existence
of data collection may impart an eerie feeling
during reabtime interaction. The knowledge
that someone, somewhere, may be surrepti-
tiously tracking every click of the mouse and
every keystroke during Web navigation can be
unsettling. Perhaps being both informed when
data is being collected and presented with the
opportunity to grant permission could remove
the stealth reputation of these activities.
Notification and optional acceptance do
not resolve the issue of surreptitious data col
lection. Consumers are currently still not al-
‘ways informed of what specific information is
collected and for what purpose, To overcome
the surreptitious reputation, some Web sites
‘are posting their privacy policy to inform users
about whether and how data is collected.
‘Trespassing into Web Users’ Resources.
‘Web publishers use a visitor's own Web brows-
cr to transfer data, and the visitor's hard drive
to store and retrieve files. The transfer is unde-
tectable-The idea of others storing data on an in-
dividual’s hard drive may be unpalatable,
Further, the Web provider utilizes the user's re-
sources potentially without the user's knowl
edge and certainly without the user's explicit
permission. Files containing data, such as cook-
ies files, may be deleted, but this requires an un-
invited time commitment or monetary
investment if specialized software such as cook-
je managers are purchased,
Data Sharing
Data gathered from various Web sites and pub-
lic sources is collected and shared with increas-
ing efficiency through the use of the Internet.
Not only can users be unaware that a wealth of
information is being collected about them, but
they may be equally unaware if and what person-
al information is sold to third parties for what un-
authorized commercial or nefarious use. Even
‘more threatening to individual privacy isthe c2-
ability to combine data gathered from the Web
‘with public reconds, census data, and even sur
vey data Through the use of a unique identifier,
stich as social security number, matching. of
records from the various sources can result in an
extensive personal profile.
Direct Marketing Activities
The Direct Marketing Association (DMA)
projects that interactive media expenditures
undertaken by Internet marketers will reach
U.S.$5.0 billion in 2006, based on a projected
growth rate in expenditures of 18.9 percent an-
‘ually. Direct marketing activities may include
unwanted and even annoying advertising cam-
paigns using postal mail, email, Web banners,
pop-up ads, and telemarketing.
Direct marketing, however, may beneficial-
ly provide consumers with information about
product and service offerings in areas of inter-
‘est to them, Tracking tools allow for a personal-
ized screening capability, thus reducing
information overload. Consumer profiles can
ly be developed as users return repetitively
to a site. The resulting detailed target market
profiles, often used by third parties, allow ad-
vertising and offerings to be customized for ev-
ery individual consumer. Further, tracking can
determine what advertisements a Web site visi
tor has seen before and present only similar ads
‘during future visits. Tracking can also be used
to determine what other sites are visited, pro-
viding further insight regarding a consumer's
‘online usage and interests, Thus, data collec-
tion on the Internet presents the opportunity
to collect a wealth of information concerning
consumer preferences and characteristics,
which may be used beneficially to improve
product and service offerings to consumers,
Such use seems rather innocuous and perhaps
even desirable,
IS DATA COLLECTION ON THE
INTERNET INNOCUOUS?
If used as intended with informed consent by
‘consumers, it would scem that there is no ethical
controversy surrounding data collection on the
Intemet.This conclusion may be incorrect.
In what has been considered one of the
largest identity theft cases in Internet history,
the identities of more than 200 of the wealthi
est Americans, as ranked by Forbes magazine,
‘were allegedly stolen by Abraham Abdallah us-
ing the Internet at public libraries. Credit card
and investment accounts of the victims were
used to make an estimated $100 million worth.
of purchases on the Internet. As many as
250,000 to 750,000 individuals are estimated to
become victims of identity theft annually, Iden-
tity theft is widely recognized as a serious andPrac
Internet
‘Consumer Action
1. Undoretand
2. Avoid
23. Parental controle
4, Protective coftware
Industry Sel-Regulation
1. Trado organizations with sel-regulation include:
~ Bettor Business Bureau (www: bb0.019)
World Wide Web Consortium (www.ne.org)
2. TRUSTe (nww.tuste.org)
U.S. Government Action
1. Federal Trade Commission Act (FTC Act)
4. Federal Crecit Reporting Act (FCRA)
6. Electronic Communications Privacy Act(ECPA)
7. Computer Fraud and Abuse Act (CFAA)
£8. Additonal legislation and regulation
TABLE 1 Approaches to Address Privacy Concerns of Consumer Data Collected on the
Online Privacy Aliance (wwe privacyaliance.org)
~ Direct Marketing Association (wwwa.the-dma.ora)
~ Entertainment Software Rating Board (wwesib.org)
= Network Advertising Initiative (www:networkadvertsing.org)
23. The Platform for Privacy Preferences Project (P3P)
2. Children’s Oniine Privacy Protection Act (COPPA)
3. Gramm-Leach-Bliley Financial Services Act (GLB)
5. Health Insurance Portability and Accountability Act (HIPAA)
growing problem as personal information is
more accessible and criminals are becoming
more technologically savvy.
‘The market for personal information is esti-
mated to total $1.5 billion in revenues annually,
“In most cases, the sale of this data is perfectly
legal. But the results can sometimes be deadly”
An information broker, Docusearch.com, sold
Amy Boyer’s social security number for $45
dollars to Liam Youens. Using this unique iden-
tification number, Youens was able to deter
‘mine where Boyer worked. He tricked her
down, shot her to death, and then turned the
gun on himself.
PROTECTING CONSUMER PRIVACY
ON THE INTERNET
The growth in E-commerce has been accompa:
nied by an increase in consumer awareness and
‘concern about the privacy of personal data col.
lected on the Internet. This concern is likely to
translate into lost retail Ecommerce sales. If pri-
vacy concems are not addressed, Ecommerce
will not reach its full potential and consumers
will not gain the confidence necessary to fully
participate in the electronic marketplace. The
approaches to address the ethical concern of pri-
vacy on the Intemet include consumer action,
industry self-regulation, and US. government
action, as shown in Table 1
Consumer Action
Consumers can take precautionary actions to
reduce the potential of data being collected
about them on the Internet, Consumers should
read and understand the posted privacy poli-
cies of the Web sites they visit. Web sites with
no posted policy or a policy with which the
‘consumer disagrees should be avoided. Similar-
ly, parents can control what their children ac-
cess and the personal information they
volunteer, either by parental supervision oF i
stalling protective software to block unaccept
able sites, Various types of protective software
‘can be installed based on consumers’ desires
to, for example, block access to selected Web
sites, block ads and pop-up windows, or elimi-
nate cookies and Web bugs. Consumers,
through their own action, can thereby take
‘some control in protecting their own privacy,
rather than rely on businesses or the govern:
ment to afford privacy protection.
Industry Self-Regulation
Selfimposed regulations are intended to limit
how Web sites collect user data and what canPrivacy
C=
trust is
recognized as
«@ major factor
influencing the
success of
E-commerce.
be done with the data that is collected. As
shown in Table 1, industry self-regulation in-
cludes initiatives by trade organizations, Inter-
net privacy seal programs, and the Platform for
Privacy Preferences Project (P3P).To encour
age self-regulation and avoid government legis-
lation, several industry trade organizations
have developed selfregulation privacy guide-
lines of programs. Included among these are:
0 The Online Privacy Alliance (www:privacyal-
liance.org)
0 The Direct Marketing Association (www.the-
dma.org)
U The Better Business Bureau (www:bbb.org)
0 The World Wide Web Consortium
(oww.w3e.org)
O The Entertainment Software Rating Board
(owwwesth.org)
In general, these organizations require compa-
nies to implement their information practices
and also monitor their compliance,
In addition, a number of electronic advertis-
ing firms specializing in target-marketing
formed the Network Advertising Initiative
(NAD. Gwww:networkadvertising org) in. re-
sponse to growing consumer concerns and
lawsuits regarding such practices. In conjunc
tion with the FTC and the U.S. Department of
‘Commerce, the NAL has developed. privacy
protections, including consumer choice to opt
‘out of online preference marketing and regular
audits of privacy practices, required of its mem-
bers. This selfenforcement program is man-
aged by TRUSTe.
‘Consumer trust is recognized as a major fac-
tor influencing the success of Ecommerce. In
response, an Internet privacy seal program,
‘TRUSTe, was developed by the Electronic Fron-
tier Foundation and the CommerceNet Consor-
ium, TRUSTe (wwwitruste.org) isan
independent, nonprofit organization that certi-
fies Web sites which comply with its privac
and disclosure requirements. Web sites receiv
ing certification are licensed to display the
‘TRUSTe seal online. The TRUSTe seal was found
to be the most trustworthy symbol on the Web
among American users in a study by Cheskin
Research. However, a stirvey undertaken by
the FTC revealed that the seal programs have
Yet to establish a significant presence on the
Web although the number of sites enrolled in
these programs has increased.
A technological approach to self-regulation,
the Platform for Privacy Preferences Project
(P3P), was developed by the Worldwide Web
Consortium (W3C). P3P is an automated
‘means for users to gain more control over the
use of personal information collected by Web
sites visited. P3P enables Web sites to describe,
ina standardized machine-readable format, ma-
jor aspects of how personal information about
their users is handled. A user’s P3P-enabled
browser can automatically check a participar-
ing Web site’s P3P privacy policy and compare
it with the consumer's own privacy preferenc-
cs. The user is alerted if the browser encoun
ters a Web site that does not conform to the
userspecified preferences.
U.S. Government Action
Since the 1930s, the U.S. Government has been
involved in regulating the commercial environ-
‘ment. In response to both commercial interests
and privacy concerns of consumers, legislation
hhas been enacted within the U.S. legislation ap-
plicable to the privacy concerns of consumers
engaged in Ecommerce are presented in
‘Table 1 and described below.
The FIC Act is intended to ensure that com-
‘panics uphold their promises to consumers,
luding those regarding privacy. The FTC Act
prohibits “unfair methods of competition” and
“unfair and deceptive acts or practices in and
affecting commerce” Further, the FTC is spe-
‘ifcally charged with protecting the privacy of
children through the Children’s Online Privacy
Protection Act (COPPA), which became effec-
tive in April 2000.
Legislation directed toward specific indus-
tries has been enacted, including the Gramm-
Leach.Bliley (GLB) Financial Services Act, the
Federal Credit Reporting Act (FCRA), and the
Health Insurance Portability and Accountability
‘Act (HIPAA) of 1996. Effective July 1,2001, the
GLB Act applies to consumer information col
lected in the fields of banking, credit, and insur
ance. Financial institutions, as defined in GLB,
are required to disclose their privacy policies,
and the GLBAct allows consumers, through an
“optout" option, to disallow their financial is
stitutions from sharing personal financial infor
‘mation with nonafiiliated third parties. Further,
{financial institutions must have policies for pro-
tecting against unauthorized access to consum-
ers’ personal information. The FCRA, which
‘was enacted in 1970, limits the purposes for
which a consumer credit report can be ob-
tained or provided: The HIPAA is collection of
requirements, directed at patient medical
records, which mandates the establishment of
privacy protections for health-care informa-
tion. Organizations maintaining or transmittingfi...
maintaining or
transmitting
health
information are
required to
undertake
reasonable and
appropriate
administrative,
technical, and
physical
safeguards.
Privacy
health information are required to undertake
reasonable and appropriate administrative,
technical, and physical safeguards.
‘Two acts directed specifically at telecom-
‘munications and computer use were enacted
in 1986.The Electronic Communications Priva-
cy Act CECPA) prohibits the interception of
electronic communications and unauthorized
access to stored electronic communications
‘The Computer Fraud and Abuse Act (CFAA)
provides both civil and criminal protection
against intentional unauthorized access to a
computer, through interstate or foreign com-
‘munication, to obtain information of to cause
damage.
Atthe close of the 107th U.S. Congress, in
session from 2000 to 2002, more than 50 bills
relating to privacy were introduced, many of
‘which targeted online privacy. In the 108th
Congress currently in session, there are multi-
ple proposed bills that impact on various infor-
‘mation and Internet privacy issues, These bills
‘are currently being addressed at the committee
level of the House of Representatives and the
Senate.
CONCLUSION
Protecting consumer privacy is both an ethical
and economic issue. To encourage growth in
E-commerce, itis critical to address the protec-
tion of consumer privacy. Consumers can take
Some control in protecting their own privacy
by understanding posted privacy policies of
Web sites visited, avoiding those with no post-
ed policy or a policy with which the consumer
disagrees, controlling what children access and.
what personal information they volunteer, or
installing protective software. However, con:
sumer action alone is not adequate. Consumers
‘can only hope to reduce the potential for infor-
mation collection, but certainly cannot elimi-
nate it through their own actions alone,
Industry self-regulation is intended to limit how
Web sites collect user data and what can be
done with the data that is collected. However,
the FTC has concluded that self-regulation
alone is not adequate to protect consumer on-
line privacy. Government action, coupled with
active enforcement, could supplement both
consumer action and industry self-regulation in
an effort to provide basic consumer privacy
protection. The challenge is to find the appro-
priate approach or combination of approaches
to satisfy consumer concerns and promote the
continued growth of Ecommerce.
References
Bloustein, Privacy as an Aspect of Human Dignity:
An Answer to Dean Prosser. 39. NYU Law
Review, 962, 1001, 1967.
Carlton, Christopher F, The Right to Privacy in
Internet Commerce:A Call for New Federal
Guidelines and the Creation of an Independent
Privacy Commission; 16 St Jobn's Journal of
Legal Commentary, Spring/Summer 2002,
Direct Marketing Association, “Economic Impact:
US. Direct & Interactive Marketing Today
Executive Summary — 2002: Interactive
Marketing” 2002, butpi//www.thedma.org/cgi/
registered/research/libres-ecoimpactinteractive.
|. shim
Electronic Privacy Information Center,“EPIC Bill
Track; January 16, 2003, hitp://www.epic orw/
privacy bill track html
Ettore v Philco Television Broadcasting Co, 229
E 2d 481 (3d Cir, 1956)
Federal Trade Commission, FTC Recommends
‘Congressional Action t0 Protect Consumer
Privacy Online May 22, 2000a,
hntpi//wwwtcgow/opa/2000/05/privacy2khim
Federal Trade Commission, “Privacy Online: Fair
Information Practices in the Electronic
Marketplace: A Federal Trade Commission
Report to Congress,’ May 2000b, http://www.
{tc gov/reports/privacy2000/privacy2000. pat
Federal Trade Commission, Welcome to the US.
Government's Central Website for Information
about Identity Theft January 3, 2003, http://
www.consumer gov/idtheft
Hamilton, David P,-ECommerce (A Special Report):
A Consumer's Guide — Advertising Tossing Out
the Pitches — If you are looking for a
‘commerciabfrce Web, here are some programs
thac can help? Wall Street Jounal, New York,
‘October 21, 2002, p.R7.
Hildebrand, Carol,"What makes an online store
usable? Experts offer tips” searchClO.com,
September 16, 2002, http://searcheio,
techtanget.com/originalConten/0,2891 42,
sid19_gei851105,00.heml
Jesdlanun, Anick,-Privacy Predicament’ August 21
2000, The Associated Press, ABCNews.com,
‘http //wwwabcnews.go.com/sections/tech/
DallyNews/pewprivacystudyQOO82I, html
Kelley, Christopher M.,,Alanna Denton, and Resa
Broadbent, “Privacy Concerns Cost eCommerce
15 Billion: Forrester Research, September
2001
Kimery, Kathryn Mand Mary McCord,*Thirdparty
assurances: Mapping the road to trust in
retailing” /ITTA: Journal of Information
Technology’ Theory and Application, Hong
Kong, 4(2), 63-82, 2002
Nielsen NetRatings, “Average Web Usage Month of
March, 2002 US. 2002a, hetp://pm.netratings
‘com/nnpnvowa/NRpublicreports.usagemonthiy
Nielsen NetRatings, “February 2002 Global Internet
Index Average Usage? February 2002b, httpy/
65PRIVACY.
-wwwinielsennetratings.com/hot_off_the_net_ United States General Accounting Office, “Identity
‘isp “Theft: Prevalence and Cost Appear to be
[Nita Internet Surveys, September 2001, http:// ‘Growing March 2002. hitp:/seww consumer
‘www.nunie/surveys/bow_many_online/indes. __gov/idtheft/reports/gn0-d02363. pdf
Pe ‘Warren, 8.D.and LD, Brandeis, The Right of
searchSecurty.com, "Access Log.’ March 19, 2001, ‘Privacy Harvard Law Review; December 1890,
193-220.
/scarcsecurity techtarget.com/sDefinition/
eee ‘Weis, Murnay."How NYPD Cracked the Unimate
sid 14_gci212498,00.htm! d
“TRUSTe, “Building Trust Online:TRUSTe,Privacy and CYPEtraud’ — B'klyn Busboy Busted in Theft of
' i 200+ Tycoon IDs: The New York Post, March
Self Governance,’ 20012, 20.20 pede :
‘http://www.truste.org/about/truste/about_ Westin, Alan F, “Report on the IBM-Harris Multi-
whkepeperhtml ‘National Consumer Survey?
san iaih’iilet Privacy Survey’ Prieacy
and American Business, January 2000,
‘World Wide Web Consortium, “What is PSP?!
January 21, 2008, hitp://wwww-w3.org/P3P
(Collection of News Briefs)" PC Word, 186),
103, June 1, 2000,
See
= SSeSCopyright of Information Systems Management is the property of Auerbach
Publications Inc. and its content may not be copied or emailed to multiple sites or
posted to a listserv without the copyright holder's express written permission.
However, users may print, download, or email articles for individual use.