CSC 379 SUM2008:Week 4, Group 1
Privacy policies outline a site’s practices for data collection, retention, sharing, and use. The privacy policy has become increasingly important with the profit potential in marketing private data and more sites requiring personal information to access their services. Laws such as the “Shine the Light” law enacted in California, and the European Commission’s Directive on Data Protection have been catalysts in encouraging sites to enact and display a privacy policy. However, receipt of a privacy policy does not guarantee that it will be read; widely varied legal terminology which the policies are written in make them difficult to understand, and their length requires much time to consider fully.
Examine the role of online privacy policies. What ethical considerations do confusing, difficult to locate, lengthy, frequently changing, or otherwise problem-ridden privacy polices pose? What recent changes have been made or do you suggest could be made to improve privacy policies to better address these ethical considerations?
- http://epic.org/privacy/profiling/sb27.html
- http://www.export.gov/safeHarbor/
- http://www.ftc.gov/os/statutes/fcrajump.shtm
- http://bits.blogs.nytimes.com/2008/05/27/google-fights-for-the-right-to-hide-its-privacy-policy/
- http://bits.blogs.nytimes.com/2008/07/04/google-changes-home-page-adding-link-to-privacy-policy/
- http://cups.cs.cmu.edu/courses/privpolawtech-fa07/
Internet Privacy
Privacy is "the quality or condition of being secluded from the presence or view of others." From a technological view, this means that a person should be able to be in full control of who can see data that refers to that person. This can be information such as personal emails, name, contact information, credit card information, health records, web surfing habits etc. As software grows more advanced and users are opening up more on the web, this leads to a higher chance of a person's private information being viewed or distributed by parties that the user does not want doing so.
Purpose of Privacy Policies
To relieve users' fears, websites started creating privacy policies. These policies explain in great detail how a website plans to use, distribute, and store a user's information and the rights the user has to retrieve it from the company.
Ethical Issues
A problem that websites face is the problematic privacy policy. A lot of times, the problem is not the content, but length, location, variability, and the overall confusing nature of a policy. This leads to users who fail to read or fully understand the policy.
Recent advances in technology have benefited society by sharing personal information with the authorities. Law enforcement can use information to track down criminals, banks can prevent fraud, consumers can make better-informed purchasing decisions by learning about new products or services. Some would argue that all this comes at a great cost. Each individual would be sacrificing too much if personal information was so easily accessible. Also, this ease of access works both ways, allowing someone with malicious intent, or simply anyone not intended access, to view personal material with less effort.
Laws and Standards for Website Privacy Policy
Current Standards
A privacy policy for a particular web site usually includes:
- What personal information it gathers
- How personal information is used or may be used in the future
- To whom the information is disclosed
- Measures used to secure personal information
- Whether the site uses cookies or web bugs
The exact content will vary form site to site, as their respective laws regulate. Some sites use existing protocols to declare their degree of confidentiality. These protocols include Platform for Privacy Preferences Project(P3P) and Internet Content Rating Association(ICRA). Browsers can automatically assess the level of privacy offered by a site using an existing protocol.
Regulations
Section 5 of the FTC Act
This act is meant to enforce the promises made in a privacy policy. It also prohibits unfair or deceptive practices.
Gramm-Leach-Bliley Act
This act is meant to regulate financial institutions involved in any of the following:
- Banking
- Securities firms
- Insurance
- Lending
- Brokering
- Transferring or safeguarding money
- Preparing individual tax returns
- Providing financial advice or credit counseling
- Providing residential real estate settlement services
- Collecting consumer debts
Divided into three parts, this act inculdes:
- The Financial Privacy Rule requires financial institutions to give their customers privacy notices that explain the financial institution’s information collection and sharing practices.
- The Safeguards Rule requires financial institutions to have a security plan to protect the confidentiality and integrity of personal consumer information.
- Pretexting provisions prevents individuals and companies from obtaining personal financial information via false pretenses.
Fair Credit Reporting Act
This act is meant to ensure accuracy in consumer reports and privacy of their content. It was recently amended by the Fair and Accurate Credit Transactions Act of 2003. Credit reporting agencies, such as the credit bureau, gather and sell personal information. This act governs such agencies.
Children's Online Privacy Protection Act
This act is meant to allow parents to control what information is collected from their children online and how it may be used.