PRIVACY ETHICS OF COLLECTING AND USING CONSUMER INTERNET DATA JANICE C. SIPIOR ie an associate professor of MIS at Villanova University, Villanova, Pennesluania. BURKE T.WARDisen ‘associate profeseor in the department of eccounting-and a faculty memember of graduate tax program ft Villanova University NICHOLAS M. RONGIONE is an associate professor of business law at Villanova Univers. JariceC. Sipior, Burke T. Ward, and Nicholas Mt. Rongione ‘A wealth of information concerning a consumer's Internet use and preferences can, with rela- tive ease, be gathered and disseminated. Sometimes, a consumer may willingly give personal information to enhance the browsing experience at a favorite Web site. Other times, Internet monitoring programs may be surreptitiously gathering this information so it can be used to ‘commit identify theft. In another instance, information willingly given to one site is sold to a third party that uses it to promote its own Web services. The ethics of these first two scenarios is clear: the first is good and the second is bad. The third, however, is not so clear. The con- ‘sumer may feel that private information has been violated while industry may feel it is doing good by better serving the consumer. These are just a small sampling of the range of ethical situations data collection on the Internet creates. This article identifies the ways Internet infor- ‘mation about consumers is collected and examines the ethical issues created by the collection process and its consequences. pand worldwide. Current cstimates range from 259.3 million to 407.1 mil lion Internet users worldwide. There are an estimated 106.7 million users in the United States alone. The explosive growth in the use of the Internet for information access, file transfer, e-mail, collaborative work, banking, shopping, and performing countless other functions makes clectronic commerce (Ecom- merce) increasingly attractive. Acconling to some industry experts, threats to consumer pri- cy have tempered the growth of retail E-com- merce. Indeed, 61 percent of Internet users in the United States reported that they do not pur- chase online because of privacy concerns. An estimated $15 billion in Ecommerce revenues for 2001 were unrealized because of consum- cers’ concerns about their privacy, according to report by Forrester Research. A wealth of information concerning consum- cr characteristics and preferences can, with rele tive ease, be gathered and disseminated through ii INTERNET ACCESS CONTINUES TO EX- the Internet. The information collected can be used beneficially to improve market segmenta- ‘tion and target marketing or to personalize the consumer's interaction with Web sites. Howev- ce, the information can also be collected and sold to third parties for profit. The nondisclo- sure of the intended use of information collect- ‘ed, coupled with the surreptitious nature of its acquisition, have brought about an es of consumer privacy concerns and fi cal issues regarding the acceptability of privacy invasions in Internet use. Based on years of work addressing Internet privacy issues, the U.S. Federal Trade Commission (FTC) has con- cluded that online privacy continues to present an enormous public policy challenge. This arti- cle examines privacy and the cthical issues of collecting consumer data from the Internet. ‘The types of consumer information collected and the concerns associated with such practices are discussed. The question of whether data cok lection on the Internet is innocuous is then ex: amined within the context of identity theft andPRIVACY. ii. information collected identifies patterns and habits of consumers, but does not reveal personal identity. the consequences of personal information for sale. Finally, privacy protections from Internet data collection, including approaches by con- sumers, industry, and the US. Government, are addressed. PRIVACY PROTECTION WITHIN THE UNITED STATES Although privacy rights within the United States were explicitly recognized in the late 1800s, the full extent of these rights remains unclear, Almost half a century ago, a federal judge analogized the confusing state of privacy rights to a“haystack in a hurricane"In an often- cited article of continuing vitality, Bloustein stated that “words we use to identify and de scribe basic human values are necessarily vague and illcefined.” He regarded individual privacy as, in part,a spiritual issue, the unppriv- ileged invasion of which is an affront to individ- uality and human dignity. Is the collection of data from Web users such an unethical affront to individual human dignity as to be afforded le- gal protection? Currently, privacy protection in the United States is an incomplete but complex amalgam of federal and state constitutions, stat utes, and regulations, ‘TYPES OF CONSUMER INFORMATION COLLECTION Many Web sites are using increasingly sophisti- cated technology to gather information about consumers. While technological advances have improved Internet interaction, some compa- nies have employed these advances to collect. otherwise unobtainable consumer data. The various forms of data collection include specif ically requested information, communication tools, anonymous tracking, and information sharing. ‘Specifically Requested Information Information may be specifically requested from consumers for purposes such as making a pur- chase, registering at a Web site, applying for membership, or participating in surveys, con- tests, or other enticements. Consumers are of ten motivated 10 provide vital_ personal information, such as their name, postal ad- dress, e-mail address, and credit card informa- tion, believing that the information is collected only for a specific purpose, such as the ship- ment of their purchase. This may not be the case. When voluntarily provided information is used for purposes other than that for which it ‘was given, the privacy violation is particularly insidious, Communication Tools Various service providers offer a variety of communication tools and may also collect and ‘maintain the content of those communica: tions, which in turn could be sold to third par- Consumers may choose to participate in discussions by posting to newsgroups, bulletin boards, or chat rooms. Personal information may be posted voluntarily, but may subsequent- ly be subject to involuntary disclosures. Such postings could reveal the identity of the sender, email address, and place of origin, if partic pants registered for example. Similarly, Web site authors may post information about them- selves and others they know, Search engines can effect an Internetwide distribution of these postings. Information about someone ‘else, included in a posting, can subject this third party to involuntary disclosures as well. ‘Additionally, the content of e-mail and instant messages may be revealed by a seemingly in- nocuous forwarding to recipients not intended by the original sender or by message intercep- tion. Clickstream Tracking Information may surreptitiously be collected ‘while a consumer surfs the Web.A Web site can use clickstream tracking technology, such as access logs, cookie files, and Web bugs to ex- tract information not voluntarily provided. The information collected identifies patterns and habits of consumers, but does not reveal per- sonal identity ‘Access logs store information about each request for information made by a consumer from aWeb site. The consumer's Internet Proto- col (IP) address, the types of computer and browser used, the requested page, the time and date of access, and the referring Web site's address may be captured and transmitted back to the Web site in the Web page header. Profiles of behavioral patterns and habits may be creat- ed with information such as the number of unique visitors, the site from which the user ‘came, the number of requests for cach page at the site,and usage patterns in terms of date and time. Insight on how well promotional or ad- vertising campaigns are being received can be gained. The number of users completing registra- tion forms, clicking on an advertisement, or pur- chasing a product may be ascertained. Indicative of the growing trend for such site analytics is thePRIVACY. i Jhrough the use of a unique identifier, such as social security: number, matching of records from various sources can result in an extensive and detailed personal profile. continued increase in sales for supporting soft- ‘ware, projected to reach $6 billion by 2006,ac- cording to Jupiter Research. Cookie files store clickstream or transac- tional data captured by aWeb site as the user in- teracts with the site. Intended to enhance interaction with the Web, clickstream informa tion, along with a unique identifier, ae sent from the Set-Cookie tag within the Web page header to the user's hard drive and back when the user revisits the site, Browsers provide us- crs with the option of declining cookies, but some sites disallow visits unless cookies can be placed. Cookies may also be placed by third- party advertisers featured on sites visited, Users can opt out of receiving third-party cookies by visiting, for example, the Network Advertising Initiative (NAL at httpy//networkadvertsing, org/optout_nonppii.asp, an online advertising clearinghouse, Cookies may also include the address of the site that placed them, allowing other sites to track sites a consumer has visited, ‘Companies can gain access to even more infor- mation through cookie sharing, the practice of sharing and consolidating information gathered from various Web sites. Particularly threatening is the possibility of cookie poisoning, Hackers may intercept cookies and use these files to ap- pear to be the consumer with whom the cookie is associated. The hacker is thereby able to gain access to personal information of that consum- cer to commit information o identity theft. Ac- cording to the FTC, identity theft occurs when someone appropriates your personal informa- tion without your knowiedge to commit fraud or theft” In repeat interaction with a Web site, cook- ies, if protected through encryption for exam- ple, can be beneficial. User registration information, preferences, and transactions, among other information, could be stored in a cookie. For subsequent interaction, the cookie could be used as a signature to authenticate the consumer's identity and personalize the Web site according to that consumer's desires. Re- trieval of registration information would pre- clude the necessity of reentering it The screen display could be customized according to pre- vious choices and interests, Cookies also allow consumer to leave a site and return later to re- sume where the interaction left off, forming the basis of the shopping cart to hold items se- lected for purchase. ‘Web bugs are small, imperceptible graphic files placed on a Web site or in. an email mes- sage to monitor user behavior. While uscrs have the option to accept or decline cookies, Web bugs are placed within HTML as a small gif file, often transparent because itis the same Color as the background. Web bugs function as a kind of undetected spyware by transmitting information to a remote computer when the page is viewed. Web bugs can collect click stream data or retrieve this information from a previously set cookie, tricking whether a spe- Citic Web page has been viewed, or determin- ing if an email message has been opened or forwarded, Web bugs may also be used 10 re- trieve files stored on a hard drive, record con- versations through a computer microphone,or transmit images from a computer's video cam- ‘era.The presence of Web bugs is detected only ifthe user is able to find an IMG tag within the HTML that loads from a different Web server than the rest of the page. Web bugs can also be put (0 positive use, such as tracking copyright violations on the Web, Information Sharing Even more threatening to individual privacy is the capability to combine data gathered through Web interaction with public records, ‘census data, and even survey data. An IP ad- dress can, with some effort, be traced back to a specific individual An IP address is either stat ic, associated with a specific computer, or dy- namically assigned, The former is usually the case in a networked corporate environment ‘wherein the IPs assigned to an individual com- puter:The latter occurs in access through com- mercial Internet service providers (SPs). Because IP addresses are centrally coordinated, a reverse domain name system (DNS) look-up ‘will provide the identity of the ISP to which the address was assigned: The user's personal infor- mation can then be obtained from the ISP as a fog of dynamic addresses is generally main- tained. ‘The global nature of the Internet enables easy connectivity to centrally aggregate reconds. Public sources may contain such records as driver's records, land titles, property tax records, court records (such as bankruptcy, divorces, civil and criminal actions), occupa: tional licenses, Securities and Exchange Com- mission filings, and political contributions. The contents of these records may include personal information such as date of birth, height and ‘weight, marital status, medical conditions, polit {cal party affiliation, assessed home value,among others. Survey data may provide individual char. acteristics and preferences. Through the use of a unique identifier such as social security number,PRIVACY FIGURE 1 Ethical Issues of Consumer Privacy on the Internet, Consumers Grintondod Uses of Data ‘matching of records from various sources can result in an extensive and detailed personal profile. ETHICAL ISSUES OF CONSUMER PRIVACY ON THE INTERNET An overwhelming 86 percent of Web users in the United States reported concern about oth- ‘ers gathering personal information about them. Internet companies claim this informa- tion is used beneficially to customize Web site content to individual interests. However, only 27 percent of respondents agreed that informa- tion is collected for users’ benefit, while 54 percent viewed such practices as harmful The privacy controversy over collecting in- formation on the Internet arises from the far- reaching, unprecedented capability to collect more detailed information and disseminate greater quantities of information. Once infor- mation is disclosed, the user loses control over it.The result is a potential for misuse, through secondary use of the information, either by the party who collected it or by a third party who Purchases ot otherwise obtains it, Further con- tributing to the privacy concern is the surrepti tious nature of involuntary information disclosure on the Web. The ethical issues are depicted in Figure 1 and discussed below. Loss of Anonymity ‘Consumers may erroneously assume that Web in- teraction is anonymous The capability to person: ally identify Web users, without their knowledge, is afforded through various technological tools, used alone or in combination with other meth- ‘ods, Even when the actual identity of the user is not known, a random identifier, such as a unique numeric user code, associates informa- tion collected. The potential for personal iden- Uification is present should a user register, make 4 purchase, or otherwise provide information such as name, e-mail address, postal address, or telephone number. The random number can ily be associated with such personal infor- mation. Unintended Uses of Data Collected Does any use of data collected, other than the original purpose of gathering that data, consti tute unintended use? The underlying motive. tion for the various technological tools is to ‘enhance the user's Web experience and better serve consumers’ needs and desires. The deter- ‘mination of what use is unintended use is not so straightforward. In using cookies, for exam- ple, the onscreen visual cue of dimming the highlighting for a hotspot after a user has se- lected it, seems to be within the realm of in- tended use. An example that is not so clear ‘entails tracking user movements to record pag- 6s viewed, the sequence of viewing, and the time duration of viewing for the purpose of de- igning a custom interaction for that user's next visit.A more clear-cut example of unintended use is tracking navigation to determine what, and when, advertisements should be present- ed. The various technological tools were not originally intended for the benefit of marketers and advertisers. 61oe Privacy Beni theft is widely recognized as a serious and growing problem as personal information is ‘more accessible and criminals are becoming more technologically: save) ‘Surreptitious Data Collection Ethically, Web sites have an obligation to con- ‘Sumers to obtain informed consent for the cok lection and use of personal information. However, in the commercially competitive en- vironment of Ecommerce, information gather- ing may be undertaken without consumers’ Knowledge or permission. The mere aware- ness, on the part of aWeb user, of the existence of data collection may impart an eerie feeling during reabtime interaction. The knowledge that someone, somewhere, may be surrepti- tiously tracking every click of the mouse and every keystroke during Web navigation can be unsettling. Perhaps being both informed when data is being collected and presented with the opportunity to grant permission could remove the stealth reputation of these activities. Notification and optional acceptance do not resolve the issue of surreptitious data col lection. Consumers are currently still not al- ‘ways informed of what specific information is collected and for what purpose, To overcome the surreptitious reputation, some Web sites ‘are posting their privacy policy to inform users about whether and how data is collected. ‘Trespassing into Web Users’ Resources. ‘Web publishers use a visitor's own Web brows- cr to transfer data, and the visitor's hard drive to store and retrieve files. The transfer is unde- tectable-The idea of others storing data on an in- dividual’s hard drive may be unpalatable, Further, the Web provider utilizes the user's re- sources potentially without the user's knowl edge and certainly without the user's explicit permission. Files containing data, such as cook- ies files, may be deleted, but this requires an un- invited time commitment or monetary investment if specialized software such as cook- je managers are purchased, Data Sharing Data gathered from various Web sites and pub- lic sources is collected and shared with increas- ing efficiency through the use of the Internet. Not only can users be unaware that a wealth of information is being collected about them, but they may be equally unaware if and what person- al information is sold to third parties for what un- authorized commercial or nefarious use. Even ‘more threatening to individual privacy isthe c2- ability to combine data gathered from the Web ‘with public reconds, census data, and even sur vey data Through the use of a unique identifier, stich as social security number, matching. of records from the various sources can result in an extensive personal profile. Direct Marketing Activities The Direct Marketing Association (DMA) projects that interactive media expenditures undertaken by Internet marketers will reach U.S.$5.0 billion in 2006, based on a projected growth rate in expenditures of 18.9 percent an- ‘ually. Direct marketing activities may include unwanted and even annoying advertising cam- paigns using postal mail, email, Web banners, pop-up ads, and telemarketing. Direct marketing, however, may beneficial- ly provide consumers with information about product and service offerings in areas of inter- ‘est to them, Tracking tools allow for a personal- ized screening capability, thus reducing information overload. Consumer profiles can ly be developed as users return repetitively to a site. The resulting detailed target market profiles, often used by third parties, allow ad- vertising and offerings to be customized for ev- ery individual consumer. Further, tracking can determine what advertisements a Web site visi tor has seen before and present only similar ads ‘during future visits. Tracking can also be used to determine what other sites are visited, pro- viding further insight regarding a consumer's ‘online usage and interests, Thus, data collec- tion on the Internet presents the opportunity to collect a wealth of information concerning consumer preferences and characteristics, which may be used beneficially to improve product and service offerings to consumers, Such use seems rather innocuous and perhaps even desirable, IS DATA COLLECTION ON THE INTERNET INNOCUOUS? If used as intended with informed consent by ‘consumers, it would scem that there is no ethical controversy surrounding data collection on the Intemet.This conclusion may be incorrect. In what has been considered one of the largest identity theft cases in Internet history, the identities of more than 200 of the wealthi est Americans, as ranked by Forbes magazine, ‘were allegedly stolen by Abraham Abdallah us- ing the Internet at public libraries. Credit card and investment accounts of the victims were used to make an estimated $100 million worth. of purchases on the Internet. As many as 250,000 to 750,000 individuals are estimated to become victims of identity theft annually, Iden- tity theft is widely recognized as a serious andPrac Internet ‘Consumer Action 1. Undoretand 2. Avoid 23. Parental controle 4, Protective coftware Industry Sel-Regulation 1. Trado organizations with sel-regulation include: ~ Bettor Business Bureau (www: bb0.019) World Wide Web Consortium (www.ne.org) 2. TRUSTe (nww.tuste.org) U.S. Government Action 1. Federal Trade Commission Act (FTC Act) 4. Federal Crecit Reporting Act (FCRA) 6. Electronic Communications Privacy Act(ECPA) 7. Computer Fraud and Abuse Act (CFAA) £8. Additonal legislation and regulation TABLE 1 Approaches to Address Privacy Concerns of Consumer Data Collected on the Online Privacy Aliance (wwe privacyaliance.org) ~ Direct Marketing Association (wwwa.the-dma.ora) ~ Entertainment Software Rating Board (wwesib.org) = Network Advertising Initiative (www:networkadvertsing.org) 23. The Platform for Privacy Preferences Project (P3P) 2. Children’s Oniine Privacy Protection Act (COPPA) 3. Gramm-Leach-Bliley Financial Services Act (GLB) 5. Health Insurance Portability and Accountability Act (HIPAA) growing problem as personal information is more accessible and criminals are becoming more technologically savvy. ‘The market for personal information is esti- mated to total $1.5 billion in revenues annually, “In most cases, the sale of this data is perfectly legal. But the results can sometimes be deadly” An information broker, Docusearch.com, sold Amy Boyer’s social security number for $45 dollars to Liam Youens. Using this unique iden- tification number, Youens was able to deter ‘mine where Boyer worked. He tricked her down, shot her to death, and then turned the gun on himself. PROTECTING CONSUMER PRIVACY ON THE INTERNET The growth in E-commerce has been accompa: nied by an increase in consumer awareness and ‘concern about the privacy of personal data col. lected on the Internet. This concern is likely to translate into lost retail Ecommerce sales. If pri- vacy concems are not addressed, Ecommerce will not reach its full potential and consumers will not gain the confidence necessary to fully participate in the electronic marketplace. The approaches to address the ethical concern of pri- vacy on the Intemet include consumer action, industry self-regulation, and US. government action, as shown in Table 1 Consumer Action Consumers can take precautionary actions to reduce the potential of data being collected about them on the Internet, Consumers should read and understand the posted privacy poli- cies of the Web sites they visit. Web sites with no posted policy or a policy with which the ‘consumer disagrees should be avoided. Similar- ly, parents can control what their children ac- cess and the personal information they volunteer, either by parental supervision oF i stalling protective software to block unaccept able sites, Various types of protective software ‘can be installed based on consumers’ desires to, for example, block access to selected Web sites, block ads and pop-up windows, or elimi- nate cookies and Web bugs. Consumers, through their own action, can thereby take ‘some control in protecting their own privacy, rather than rely on businesses or the govern: ment to afford privacy protection. Industry Self-Regulation Selfimposed regulations are intended to limit how Web sites collect user data and what canPrivacy C= trust is recognized as «@ major factor influencing the success of E-commerce. be done with the data that is collected. As shown in Table 1, industry self-regulation in- cludes initiatives by trade organizations, Inter- net privacy seal programs, and the Platform for Privacy Preferences Project (P3P).To encour age self-regulation and avoid government legis- lation, several industry trade organizations have developed selfregulation privacy guide- lines of programs. Included among these are: 0 The Online Privacy Alliance (www:privacyal- liance.org) 0 The Direct Marketing Association (www.the- dma.org) U The Better Business Bureau (www:bbb.org) 0 The World Wide Web Consortium (oww.w3e.org) O The Entertainment Software Rating Board (owwwesth.org) In general, these organizations require compa- nies to implement their information practices and also monitor their compliance, In addition, a number of electronic advertis- ing firms specializing in target-marketing formed the Network Advertising Initiative (NAD. Gwww:networkadvertising org) in. re- sponse to growing consumer concerns and lawsuits regarding such practices. In conjunc tion with the FTC and the U.S. Department of ‘Commerce, the NAL has developed. privacy protections, including consumer choice to opt ‘out of online preference marketing and regular audits of privacy practices, required of its mem- bers. This selfenforcement program is man- aged by TRUSTe. ‘Consumer trust is recognized as a major fac- tor influencing the success of Ecommerce. In response, an Internet privacy seal program, ‘TRUSTe, was developed by the Electronic Fron- tier Foundation and the CommerceNet Consor- ium, TRUSTe (wwwitruste.org) isan independent, nonprofit organization that certi- fies Web sites which comply with its privac and disclosure requirements. Web sites receiv ing certification are licensed to display the ‘TRUSTe seal online. The TRUSTe seal was found to be the most trustworthy symbol on the Web among American users in a study by Cheskin Research. However, a stirvey undertaken by the FTC revealed that the seal programs have Yet to establish a significant presence on the Web although the number of sites enrolled in these programs has increased. A technological approach to self-regulation, the Platform for Privacy Preferences Project (P3P), was developed by the Worldwide Web Consortium (W3C). P3P is an automated ‘means for users to gain more control over the use of personal information collected by Web sites visited. P3P enables Web sites to describe, ina standardized machine-readable format, ma- jor aspects of how personal information about their users is handled. A user’s P3P-enabled browser can automatically check a participar- ing Web site’s P3P privacy policy and compare it with the consumer's own privacy preferenc- cs. The user is alerted if the browser encoun ters a Web site that does not conform to the userspecified preferences. U.S. Government Action Since the 1930s, the U.S. Government has been involved in regulating the commercial environ- ‘ment. In response to both commercial interests and privacy concerns of consumers, legislation hhas been enacted within the U.S. legislation ap- plicable to the privacy concerns of consumers engaged in Ecommerce are presented in ‘Table 1 and described below. The FIC Act is intended to ensure that com- ‘panics uphold their promises to consumers, luding those regarding privacy. The FTC Act prohibits “unfair methods of competition” and “unfair and deceptive acts or practices in and affecting commerce” Further, the FTC is spe- ‘ifcally charged with protecting the privacy of children through the Children’s Online Privacy Protection Act (COPPA), which became effec- tive in April 2000. Legislation directed toward specific indus- tries has been enacted, including the Gramm- Leach.Bliley (GLB) Financial Services Act, the Federal Credit Reporting Act (FCRA), and the Health Insurance Portability and Accountability ‘Act (HIPAA) of 1996. Effective July 1,2001, the GLB Act applies to consumer information col lected in the fields of banking, credit, and insur ance. Financial institutions, as defined in GLB, are required to disclose their privacy policies, and the GLBAct allows consumers, through an “optout" option, to disallow their financial is stitutions from sharing personal financial infor ‘mation with nonafiiliated third parties. Further, {financial institutions must have policies for pro- tecting against unauthorized access to consum- ers’ personal information. The FCRA, which ‘was enacted in 1970, limits the purposes for which a consumer credit report can be ob- tained or provided: The HIPAA is collection of requirements, directed at patient medical records, which mandates the establishment of privacy protections for health-care informa- tion. Organizations maintaining or transmittingfi... maintaining or transmitting health information are required to undertake reasonable and appropriate administrative, technical, and physical safeguards. Privacy health information are required to undertake reasonable and appropriate administrative, technical, and physical safeguards. ‘Two acts directed specifically at telecom- ‘munications and computer use were enacted in 1986.The Electronic Communications Priva- cy Act CECPA) prohibits the interception of electronic communications and unauthorized access to stored electronic communications ‘The Computer Fraud and Abuse Act (CFAA) provides both civil and criminal protection against intentional unauthorized access to a computer, through interstate or foreign com- ‘munication, to obtain information of to cause damage. Atthe close of the 107th U.S. Congress, in session from 2000 to 2002, more than 50 bills relating to privacy were introduced, many of ‘which targeted online privacy. In the 108th Congress currently in session, there are multi- ple proposed bills that impact on various infor- ‘mation and Internet privacy issues, These bills ‘are currently being addressed at the committee level of the House of Representatives and the Senate. CONCLUSION Protecting consumer privacy is both an ethical and economic issue. To encourage growth in E-commerce, itis critical to address the protec- tion of consumer privacy. Consumers can take Some control in protecting their own privacy by understanding posted privacy policies of Web sites visited, avoiding those with no post- ed policy or a policy with which the consumer disagrees, controlling what children access and. what personal information they volunteer, or installing protective software. However, con: sumer action alone is not adequate. Consumers ‘can only hope to reduce the potential for infor- mation collection, but certainly cannot elimi- nate it through their own actions alone, Industry self-regulation is intended to limit how Web sites collect user data and what can be done with the data that is collected. However, the FTC has concluded that self-regulation alone is not adequate to protect consumer on- line privacy. Government action, coupled with active enforcement, could supplement both consumer action and industry self-regulation in an effort to provide basic consumer privacy protection. The challenge is to find the appro- priate approach or combination of approaches to satisfy consumer concerns and promote the continued growth of Ecommerce. References Bloustein, Privacy as an Aspect of Human Dignity: An Answer to Dean Prosser. 39. NYU Law Review, 962, 1001, 1967. Carlton, Christopher F, The Right to Privacy in Internet Commerce:A Call for New Federal Guidelines and the Creation of an Independent Privacy Commission; 16 St Jobn's Journal of Legal Commentary, Spring/Summer 2002, Direct Marketing Association, “Economic Impact: US. Direct & Interactive Marketing Today Executive Summary — 2002: Interactive Marketing” 2002, butpi//www.thedma.org/cgi/ registered/research/libres-ecoimpactinteractive. |. shim Electronic Privacy Information Center,“EPIC Bill Track; January 16, 2003, hitp://www.epic orw/ privacy bill track html Ettore v Philco Television Broadcasting Co, 229 E 2d 481 (3d Cir, 1956) Federal Trade Commission, FTC Recommends ‘Congressional Action t0 Protect Consumer Privacy Online May 22, 2000a, hntpi//wwwtcgow/opa/2000/05/privacy2khim Federal Trade Commission, “Privacy Online: Fair Information Practices in the Electronic Marketplace: A Federal Trade Commission Report to Congress,’ May 2000b, http://www. {tc gov/reports/privacy2000/privacy2000. pat Federal Trade Commission, Welcome to the US. Government's Central Website for Information about Identity Theft January 3, 2003, http:// www.consumer gov/idtheft Hamilton, David P,-ECommerce (A Special Report): A Consumer's Guide — Advertising Tossing Out the Pitches — If you are looking for a ‘commerciabfrce Web, here are some programs thac can help? Wall Street Jounal, New York, ‘October 21, 2002, p.R7. Hildebrand, Carol,"What makes an online store usable? Experts offer tips” searchClO.com, September 16, 2002, http://searcheio, techtanget.com/originalConten/0,2891 42, sid19_gei851105,00.heml Jesdlanun, Anick,-Privacy Predicament’ August 21 2000, The Associated Press, ABCNews.com, ‘http //wwwabcnews.go.com/sections/tech/ DallyNews/pewprivacystudyQOO82I, html Kelley, Christopher M.,,Alanna Denton, and Resa Broadbent, “Privacy Concerns Cost eCommerce 15 Billion: Forrester Research, September 2001 Kimery, Kathryn Mand Mary McCord,*Thirdparty assurances: Mapping the road to trust in retailing” /ITTA: Journal of Information Technology’ Theory and Application, Hong Kong, 4(2), 63-82, 2002 Nielsen NetRatings, “Average Web Usage Month of March, 2002 US. 2002a, hetp://pm.netratings ‘com/nnpnvowa/NRpublicreports.usagemonthiy Nielsen NetRatings, “February 2002 Global Internet Index Average Usage? February 2002b, httpy/ 65PRIVACY. -wwwinielsennetratings.com/hot_off_the_net_ United States General Accounting Office, “Identity ‘isp “Theft: Prevalence and Cost Appear to be [Nita Internet Surveys, September 2001, http:// ‘Growing March 2002. hitp:/seww consumer ‘www.nunie/surveys/bow_many_online/indes. __gov/idtheft/reports/gn0-d02363. pdf Pe ‘Warren, 8.D.and LD, Brandeis, The Right of searchSecurty.com, "Access Log.’ March 19, 2001, ‘Privacy Harvard Law Review; December 1890, 193-220. /scarcsecurity techtarget.com/sDefinition/ eee ‘Weis, Murnay."How NYPD Cracked the Unimate sid 14_gci212498,00.htm! d “TRUSTe, “Building Trust Online:TRUSTe,Privacy and CYPEtraud’ — B'klyn Busboy Busted in Theft of ' i 200+ Tycoon IDs: The New York Post, March Self Governance,’ 20012, 20.20 pede : ‘http://www.truste.org/about/truste/about_ Westin, Alan F, “Report on the IBM-Harris Multi- whkepeperhtml ‘National Consumer Survey? san iaih’iilet Privacy Survey’ Prieacy and American Business, January 2000, ‘World Wide Web Consortium, “What is PSP?! January 21, 2008, hitp://wwww-w3.org/P3P (Collection of News Briefs)" PC Word, 186), 103, June 1, 2000, See = SSeSCopyright of Information Systems Management is the property of Auerbach Publications Inc. and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use.