LONDON: BT, the UK's largest home internet provider, will not face government legal action over an online behavioural targeting initiative.
Britain's Crown Prosecution Service (CPS) has announced that it will not prosecute BT and Phorm for conducting a 2006 trial of a technology called Page Sense.
Around 18,000 customers participated without their prior knowledge. The initiative sparked consumer privacy concerns after being made public.
Page Sense worked by scanning the web pages viewed by individual users, and then serving targeted ads based on this behaviour. All data monitored during the trial was anonymised.
BT subsequently said that no laws had been broken by the trial. The broadband provider's relationship with Phorm ended in 2009.
In a statement, the CPS said: "In rare cases ... it may become clear prior to the collection and consideration of all the likely evidence that a prosecution would not be in the public interest.
"We would only take such a decision if we were satisfied that the broad extent of the criminality had been determined and that we could make a fully informed assessment of the public interest. This is such a case."
Institutions from both the public and private sectors have responded to consumer concerns over online behavioural advertising in a variety of ways.
The European Commission is currently updating its data protection laws, and is likely to recommend stricter controls on the use of online data.
"I am a firm believer in the necessity of enhancing individuals' control over their own data," Viviane Reding, the European Union's justice commissioner, said last month.
"Individuals must be informed about which data is collected and for what purposes. They need to know how it might be used by third parties. They must know their rights and which authority to address if those rights are violated."
She added: "They must be told about the risks related to the processing of their personal data so that they don't lose control over their data or that their data is not misused."
Meanwhile, Yahoo recently rolled out an Ad Choices icon, which appears alongside display ads on its pages - and which, the company hopes, will become an industry standard.
Users who click on the icons are given information on the advertiser, and will also be given the opportunity to change their privacy preferences.
Speaking at the 2011 ISBA Conference, Justin Weiss, international privacy director at Yahoo, said: "Data collection in an invisible way is creepy to people. They don't like the idea of it.
"We have to find creative solutions to get at the issue of a lack of transparency."
Data sourced from The Guardian/Daily Telegraph/EU/Warc; additional content by Warc staff, 14 April 2011
Personal Comment: In this case, BT successfully avoids from lawsuit raise some argument by US which not satisfied with the European decision, thus, European Commission is currently updating its data protection laws, and is likely to recommend stricter controls on the use of online data. I agree with Justin Weiss's view, data collection in an invisible way is creepy to people, and all of us does not like that way. We prefer detail and purpose of collection stated clearly before we provide our personal information, because this is our right.Personal Data Protection Act 2010, Principle 2:Purposes of Collection of Personal Data, Personal data shall be held only for one or more specified and lawful purposes (necessary for that purpose, adequate and relevant and not excessive).
Wednesday, January 25, 2012
Judge tosses online privacy case
The dismissal of lawsuits brought against Northwest Airlines has online privacy advocates renewing calls for federal privacy legislation.
In a decision dated June 6, U.S. District Court Judge Paul Magnuson ruled that seven consolidated class action lawsuits against Northwest had no merit--in part because the privacy policy posted on the airline's Web site was unenforceable unless plaintiffs claimed to have read it. The plaintiffs had contended that the airline, in giving passenger information to the government in the wake of the Sept. 11, 2001, terrorist attacks, violated laws and its own privacy policy.
"Although Northwest had a privacy policy for information included on the Web site, plaintiffs do not contend that they actually read the privacy policy prior to providing Northwest with their personal information," Magnuson noted. "Thus, plaintiffs' expectation of privacy was low."
Privacy advocates assailed that part of the decision, saying it rendered Web site privacy policies all but unenforceable. "I don't think it's relevant whether or not they actually read the privacy policy first," said Lee Tien, senior staff attorney for the Electronic Frontier Foundation (EFF) in San Francisco. "Think of all the 'fine print' we run into every day--warranties and the like. Rather than focus on what the plaintiffs actually read, we should focus on what Northwest said it would do."
"The rationale the court uses calls into question the assurances of any policy posted on any Web site," said David Sobel, general counsel for the Electronic Privacy Information Center (EPIC) in Washington, D.C.
Northwest shared passenger information with the National Aeronautical and Space Administration (NASA) for its research into improving airline security following the terrorist attacks of Sept. 11, 2001.
According to the plaintiffs, Northwest violated its privacy policy, the Electronic Communications Privacy Act, the Fair Credit Reporting Act and Minnesota's Deceptive Trade Practices Act by giving NASA passenger name records, which include not only passengers' name but also their flight numbers, credit card information, hotel and car rental reservations, and names of traveling companions.
The EFF's Tien and other privacy advocates said the decision illustrated the inadequacy of U.S. privacy law. "This decision is precisely why so many advocates call for consumers to be given a right to sue for privacy breaches," said Ray Everett-Church, chief privacy officer for the ePrivacy Group. "This decision tells companies that promises they make in privacy policies can be ignored because the people who are harmed have little legal basis for complaining."
EPIC's Sobel agreed, saying the decision undermined marketers' claims that industry is capable of regulating itself when it comes to consumers' privacy."The online industry has always made the argument that there's no need for legislation protecting online privacy, that through privacy policies and self-regulation they're able to give people the protections they need," Sobel said. "This decision really underscores the fact that there appears to be no enforceable protection in place."
Personal Comment:
In this case, the data was shared to third party which not really related to the purpose of customer to use the website. Although this is not really fair to customer, but it is related to terrorist attack which can incur a huge damage and loss to a nation, this consideration has to be taken. Northwest Airlines need to improve and modify its privacy details to avoid any conflicts rise between the company and customer on this issue. Personal Data Protection Act 2010, Principle 2:Purposes of Collection of Personal Data, Personal data shall be held only for one or more specified and lawful purposes (necessary for that purpose, adequate and relevant and not excessive). Principle 3:Use of Personal Data. Personal data shall not be held without consent unless:(a)For the purposes to be used at the time of the collection of data,(b)For the purposes directly related to (a).
In a decision dated June 6, U.S. District Court Judge Paul Magnuson ruled that seven consolidated class action lawsuits against Northwest had no merit--in part because the privacy policy posted on the airline's Web site was unenforceable unless plaintiffs claimed to have read it. The plaintiffs had contended that the airline, in giving passenger information to the government in the wake of the Sept. 11, 2001, terrorist attacks, violated laws and its own privacy policy.
"Although Northwest had a privacy policy for information included on the Web site, plaintiffs do not contend that they actually read the privacy policy prior to providing Northwest with their personal information," Magnuson noted. "Thus, plaintiffs' expectation of privacy was low."
Privacy advocates assailed that part of the decision, saying it rendered Web site privacy policies all but unenforceable. "I don't think it's relevant whether or not they actually read the privacy policy first," said Lee Tien, senior staff attorney for the Electronic Frontier Foundation (EFF) in San Francisco. "Think of all the 'fine print' we run into every day--warranties and the like. Rather than focus on what the plaintiffs actually read, we should focus on what Northwest said it would do."
"The rationale the court uses calls into question the assurances of any policy posted on any Web site," said David Sobel, general counsel for the Electronic Privacy Information Center (EPIC) in Washington, D.C.
Northwest shared passenger information with the National Aeronautical and Space Administration (NASA) for its research into improving airline security following the terrorist attacks of Sept. 11, 2001.
According to the plaintiffs, Northwest violated its privacy policy, the Electronic Communications Privacy Act, the Fair Credit Reporting Act and Minnesota's Deceptive Trade Practices Act by giving NASA passenger name records, which include not only passengers' name but also their flight numbers, credit card information, hotel and car rental reservations, and names of traveling companions.
The EFF's Tien and other privacy advocates said the decision illustrated the inadequacy of U.S. privacy law. "This decision is precisely why so many advocates call for consumers to be given a right to sue for privacy breaches," said Ray Everett-Church, chief privacy officer for the ePrivacy Group. "This decision tells companies that promises they make in privacy policies can be ignored because the people who are harmed have little legal basis for complaining."
EPIC's Sobel agreed, saying the decision undermined marketers' claims that industry is capable of regulating itself when it comes to consumers' privacy."The online industry has always made the argument that there's no need for legislation protecting online privacy, that through privacy policies and self-regulation they're able to give people the protections they need," Sobel said. "This decision really underscores the fact that there appears to be no enforceable protection in place."
Personal Comment:
In this case, the data was shared to third party which not really related to the purpose of customer to use the website. Although this is not really fair to customer, but it is related to terrorist attack which can incur a huge damage and loss to a nation, this consideration has to be taken. Northwest Airlines need to improve and modify its privacy details to avoid any conflicts rise between the company and customer on this issue. Personal Data Protection Act 2010, Principle 2:Purposes of Collection of Personal Data, Personal data shall be held only for one or more specified and lawful purposes (necessary for that purpose, adequate and relevant and not excessive). Principle 3:Use of Personal Data. Personal data shall not be held without consent unless:(a)For the purposes to be used at the time of the collection of data,(b)For the purposes directly related to (a).
Children Online Privacy Issues
Iconix Brand Group, Inc., in October 2009, agreed to pay a $250,000 civil penalty to settle Federal Trade Commission charges that it violated the Children’s Online Privacy Protection Act "by knowingly collecting, using, or disclosing personal information from children online without first obtaining their parents’ permission," according to the FTC.
Since 2006, the FTC said, Iconix, which owns youth-oriented brands including Candie's, Bongo, OP and Mudd, "knowingly collected and stored personal information from approximately 1,000 children without first notifying their parents or obtaining parental consent." One of its sites, MyMuddWorld.com, the company "also enabled girls to publicly share personal stories and photos online," the FTC said.
Sony Music, in late 2008, agreed to pay $1 million as part of a settlement to resolve FTC charges that it violated the Children’s Online Privacy Protection Act. The FTC said that through its music fan Web sites, Sony "improperly collected, maintained and disclosed personal information from thousands of children under the age of 13, without their parents’ consent." The $1 million was the "largest penalty ever in a COPPA case," the FTC said.
The privacy protection act, in place since 2000, requires Web sites that collect information from children under age 13 to get consent first from a parent before getting information from a child.
Personal Comment: Companies need to be aware when collecting data from user, they have to avoid collecting data from children who under age 13 or to get permission from their parent before proceed to collection of data. Its important to follow the act that indicates personal data shall be collected fairly and lawfully in PDP Act 2010. PDP Act 2010, Principle 1:Personal Data shall be Collected Fairly and Lawfully. Neither fairly or lawfully is defined. Definition of “unlawful" R v R “…something which is contrary to some law or enactment or is done without lawful justification or excuse.” *House of Lords, 1991
Since 2006, the FTC said, Iconix, which owns youth-oriented brands including Candie's, Bongo, OP and Mudd, "knowingly collected and stored personal information from approximately 1,000 children without first notifying their parents or obtaining parental consent." One of its sites, MyMuddWorld.com, the company "also enabled girls to publicly share personal stories and photos online," the FTC said.
Sony Music, in late 2008, agreed to pay $1 million as part of a settlement to resolve FTC charges that it violated the Children’s Online Privacy Protection Act. The FTC said that through its music fan Web sites, Sony "improperly collected, maintained and disclosed personal information from thousands of children under the age of 13, without their parents’ consent." The $1 million was the "largest penalty ever in a COPPA case," the FTC said.
The privacy protection act, in place since 2000, requires Web sites that collect information from children under age 13 to get consent first from a parent before getting information from a child.
Personal Comment: Companies need to be aware when collecting data from user, they have to avoid collecting data from children who under age 13 or to get permission from their parent before proceed to collection of data. Its important to follow the act that indicates personal data shall be collected fairly and lawfully in PDP Act 2010. PDP Act 2010, Principle 1:Personal Data shall be Collected Fairly and Lawfully. Neither fairly or lawfully is defined. Definition of “unlawful" R v R “…something which is contrary to some law or enactment or is done without lawful justification or excuse.” *House of Lords, 1991
Online Data Retention
Yahoo, which was keeping data about user's Web searches for 13 months, said it would limit most of that data collection to 90 days after an uproar in late 2008. Some say Yahoo's partial deletion of IP (Internet Protocol) address data is still not enough to protect consumers, and called for complete deletion.
Google and Microsoft also agreed to reduce the length of time the companies kept such data, but not as much as Yahoo did. Google agreed to nine months and Microsoft to six months, both down from 18 months. (Msnbc.com is a joint venture of Microsoft and NBC Universal.)
Personal Comment: Retention of user data should not exist longer than necessary for particular purpose, but I think that it depend on the nature of business involved. For example, banking industry will keep the transaction history for customer because there are possibility that customer need to revise their transaction in few months ago or even few years ago. It is a wise step for yahoo, google and microsoft to reduce the period of data retention,it will increase the confidence level of the users in using web. PDP Act 2010, Principle 6:Retention of Personal Data. Data held for any purpose shall not be kept longer than necessary for that purpose.
Google and Microsoft also agreed to reduce the length of time the companies kept such data, but not as much as Yahoo did. Google agreed to nine months and Microsoft to six months, both down from 18 months. (Msnbc.com is a joint venture of Microsoft and NBC Universal.)
Personal Comment: Retention of user data should not exist longer than necessary for particular purpose, but I think that it depend on the nature of business involved. For example, banking industry will keep the transaction history for customer because there are possibility that customer need to revise their transaction in few months ago or even few years ago. It is a wise step for yahoo, google and microsoft to reduce the period of data retention,it will increase the confidence level of the users in using web. PDP Act 2010, Principle 6:Retention of Personal Data. Data held for any purpose shall not be kept longer than necessary for that purpose.
Google's "Cloud Computing" Issue
The controversy over the lack of privacy in the initial release of Google Buzz, a social media program, is but one in a series of privacy issues in recent years that have affected companies doing business online.
Buzz, which is embedded into the popular Gmail e-mail program, is the most recent. Buzz lets Gmail users share photos, Web links, status messages, and and photos on the Picasa photo-sharing site with fellow Google Buzz users. Two days after its Feb. 9 release, reacting to privacy concerns, Google made it easier for users to hide lists of followers and followees, and to block specific people from following a user's Buzz updates. On Feb. 13, Google also said it will now "suggest" people for users to "follow" electronically, rather than telling users to "auto-follow" those who are e-mail and chat contacts.
Among the privacy issues that have been raised in recent years with Google and other companies:
The Electronic Privacy Information has asked the Federal Trade Commission to investigate whether Google's "cloud computing" services, including the Gmail e-mail service, Google Docs and its online photo-sharing service, Picasa, is adequately protecting users' privacy.
The FTC is looking at the privacy and security issues tied to cloud computing — where documents and other data are stored on Web-based servers, in the hands of third parties, as opposed to being on a user's hard drive
Cloud computing is considered the future of data storage for many. "However, the storage of data on remote computers may also raise privacy and security concerns for consumers," wrote FTC attorney David C. Vladeck in a December letter to the commission.
"For example, the ability of cloud computing services to collect and centrally store increasing amounts of consumer data, combined with the ease with which such centrally stored data may be shared with others, create a risk that larger amounts of data may be used by entities in ways not originally intended or understood by consumers," he said.
Personal Comment: In this case, google company should revise their cloud computing services in term of collect and store of consumer data to avoid stored data shared with others. They should lower the risk of miss use of the data provided by consumers by improve the systems. PDP Act 2010, Principle 6:Security of Personal Data. All practicable steps should be taken against unauthorized or accidental access , processing or erasure, alteration, disclosure or destruction of personal data and against accidental loss.
Buzz, which is embedded into the popular Gmail e-mail program, is the most recent. Buzz lets Gmail users share photos, Web links, status messages, and and photos on the Picasa photo-sharing site with fellow Google Buzz users. Two days after its Feb. 9 release, reacting to privacy concerns, Google made it easier for users to hide lists of followers and followees, and to block specific people from following a user's Buzz updates. On Feb. 13, Google also said it will now "suggest" people for users to "follow" electronically, rather than telling users to "auto-follow" those who are e-mail and chat contacts.
Among the privacy issues that have been raised in recent years with Google and other companies:
The Electronic Privacy Information has asked the Federal Trade Commission to investigate whether Google's "cloud computing" services, including the Gmail e-mail service, Google Docs and its online photo-sharing service, Picasa, is adequately protecting users' privacy.
The FTC is looking at the privacy and security issues tied to cloud computing — where documents and other data are stored on Web-based servers, in the hands of third parties, as opposed to being on a user's hard drive
Cloud computing is considered the future of data storage for many. "However, the storage of data on remote computers may also raise privacy and security concerns for consumers," wrote FTC attorney David C. Vladeck in a December letter to the commission.
"For example, the ability of cloud computing services to collect and centrally store increasing amounts of consumer data, combined with the ease with which such centrally stored data may be shared with others, create a risk that larger amounts of data may be used by entities in ways not originally intended or understood by consumers," he said.
Personal Comment: In this case, google company should revise their cloud computing services in term of collect and store of consumer data to avoid stored data shared with others. They should lower the risk of miss use of the data provided by consumers by improve the systems. PDP Act 2010, Principle 6:Security of Personal Data. All practicable steps should be taken against unauthorized or accidental access , processing or erasure, alteration, disclosure or destruction of personal data and against accidental loss.
Leaked Twitter Subpoena Raises Online Privacy Issues
UPDATE: Twitter would not comment on this particular matter, but gave us this statement: “To help users protect their rights, it is our policy to notify our users about law enforcement and governmental requests for their information, unless we are prevented by law from doing so.”
The leaked subpoena sent to Twitter this month by the Suffolk District Attorney’s Office in Boston is causing some hoopla on the web and raising the issue of law enforcement’s access to online personal data.
On Dec. 14, the D.A.’s Office issued a subpoena to Twitter in order to access the account information of two users who tweeted a list of personal information they allegedly obtained by hacking into the Boston Police Patrolmen’s Association. The hackers stole identifying information and Tweeted it to followers. The subpoena requests “available subscriber information, for the account or accounts associated with the following information, including IP address logs for account creation.”
In the subpoena, assistant D.A. Benjamin A. Goldberger requests that the investigation be kept from the Twitter users as to not impede the ongoing probe. But the information was leaked. We reached out to Twitter for comment, but have yet to hear back.
On Dec. 23 one of the accounts under investigation, @p0isAn0N Tweeted, “Haha. Boston PD submitted to Twitter for my information. Lololol? For what? Posting info pulled from public domains? #comeatmebro.”
The D.A.’s office requested details of two Twitter users and also listed the name Guido Fawkes, which is the name but not handle listed for one of the accounts under investigation, as well as the hashtags #BostonPD and #d0xcak3.
One of the accounts being probed is listed in the subpoena as @OccupyBoston, however that account appears to be inactive. It’s likely they meant @Occupy_Boston, which Tweets about the occupy movement. Targeting this account has lead some to speculate that the police are monitoring the online activity of occupy protestors.
Twitter’s website contains an information section for law enforcement. It states that if a subpoena is issued for a user’s information, the company will inform that user before they hand the information to the authorities, unless it is prevented from doing so by court order or statute. According to its site, Twitter was following protocol by informing the user of the subpoena, and, perhaps later providing that user’s information to the Boston D.A. This isn’t the first time Twitter has been reluctant to hand-over user information to law enforcement.
It’s possible Twitter does host some personal information about the owners of the accounts who tweeted the hacked materials. At the very least, it might have IP addresses. However, Twitter doesn’t verify identities or email addresses of its users, so using Twitter for detective work might be more harmful than helpful to an investigation, especially if the subpoena is leaked.
Personal Comment: Twitter should surrender user information of hackers? although the protection of personal data is important, but this case is different, because they commit a computer crime (hacking). I think that Twitter should provide the user information of hackers for the investigation purpose. PDP Act 2010 Principle 4:Disclosure of Personal Data, Personal data shall not be disclosed without consent unless the person is a registered data user under the Act.
The leaked subpoena sent to Twitter this month by the Suffolk District Attorney’s Office in Boston is causing some hoopla on the web and raising the issue of law enforcement’s access to online personal data.
On Dec. 14, the D.A.’s Office issued a subpoena to Twitter in order to access the account information of two users who tweeted a list of personal information they allegedly obtained by hacking into the Boston Police Patrolmen’s Association. The hackers stole identifying information and Tweeted it to followers. The subpoena requests “available subscriber information, for the account or accounts associated with the following information, including IP address logs for account creation.”
In the subpoena, assistant D.A. Benjamin A. Goldberger requests that the investigation be kept from the Twitter users as to not impede the ongoing probe. But the information was leaked. We reached out to Twitter for comment, but have yet to hear back.
On Dec. 23 one of the accounts under investigation, @p0isAn0N Tweeted, “Haha. Boston PD submitted to Twitter for my information. Lololol? For what? Posting info pulled from public domains? #comeatmebro.”
The D.A.’s office requested details of two Twitter users and also listed the name Guido Fawkes, which is the name but not handle listed for one of the accounts under investigation, as well as the hashtags #BostonPD and #d0xcak3.
One of the accounts being probed is listed in the subpoena as @OccupyBoston, however that account appears to be inactive. It’s likely they meant @Occupy_Boston, which Tweets about the occupy movement. Targeting this account has lead some to speculate that the police are monitoring the online activity of occupy protestors.
Twitter’s website contains an information section for law enforcement. It states that if a subpoena is issued for a user’s information, the company will inform that user before they hand the information to the authorities, unless it is prevented from doing so by court order or statute. According to its site, Twitter was following protocol by informing the user of the subpoena, and, perhaps later providing that user’s information to the Boston D.A. This isn’t the first time Twitter has been reluctant to hand-over user information to law enforcement.
It’s possible Twitter does host some personal information about the owners of the accounts who tweeted the hacked materials. At the very least, it might have IP addresses. However, Twitter doesn’t verify identities or email addresses of its users, so using Twitter for detective work might be more harmful than helpful to an investigation, especially if the subpoena is leaked.
Personal Comment: Twitter should surrender user information of hackers? although the protection of personal data is important, but this case is different, because they commit a computer crime (hacking). I think that Twitter should provide the user information of hackers for the investigation purpose. PDP Act 2010 Principle 4:Disclosure of Personal Data, Personal data shall not be disclosed without consent unless the person is a registered data user under the Act.
The Impact On Personal Privacy Through The Use Of Social Networking
In past several years, there have been lots of controversies relating to the online personal privacy. One of the social networking website that had been always under the limelight is the Facebook. In the past 6 years the Facebook had constantly updating their privacy control system. The frequent updates left the users in the middle of confusion state. This is because by the time the user perfectly configured their profile, there will be a newer version with different setting rolled out.
Why the control over information and personal privacy does is very important? Recently a security firm discovered that many large organizations which especially deal in the IT field are harvesting user data from online social networking websites. Not only the organization even a normal person with little technical knowledge can do so.It did happen recently and the collected data was release online in a public torrent website. It’s time to stop and think on what we are putting online. If these people can easily gets their hand on your personal information and use it for their personal gain. What about the stalkers or someone who secretly following your every move?
Not only crime happens but there is also problems related to the personal relationship issue. All these originate from the failure of protecting the flow of information and personal privacy. It leaves an impact on an individual’s personal privacy.
There is a certain amount of impact in personal privacy of an individual through the use of social networking. It either has left positive effect or negative effect on them. In terms business and professional networking the personal privacy proves to be very effective to reach the masses. On the other hand, the relationships and interaction between family, friends and partners can bring some negative impact on the personal privacy. One’s personal privacy will be invaded when others starts interfering and getting information about them.
The online users are sharing certain type of information among other computer users nevertheless their location. This is done via the use of social networking. There is certain information that should not be made in public. These exposures of confidential information can lead the user of the social networking into trouble.
Personal Comment: Social networking of course helps in a lot of ways but the users have to really careful to stay secure and safe. Security is one of the top most concerns of social networking sites that you currently use. This is mainly because the social networking sites allow us to display our personal information such as name, location, and email address. There are some people who always in search of a fake identity. If they get all the information about you on internet, they may use your identity for different type of illegal activities, which may cause you problems in future. It is always advisable to don’t provide your entire identity information online.
Why the control over information and personal privacy does is very important? Recently a security firm discovered that many large organizations which especially deal in the IT field are harvesting user data from online social networking websites. Not only the organization even a normal person with little technical knowledge can do so.It did happen recently and the collected data was release online in a public torrent website. It’s time to stop and think on what we are putting online. If these people can easily gets their hand on your personal information and use it for their personal gain. What about the stalkers or someone who secretly following your every move?
Not only crime happens but there is also problems related to the personal relationship issue. All these originate from the failure of protecting the flow of information and personal privacy. It leaves an impact on an individual’s personal privacy.
There is a certain amount of impact in personal privacy of an individual through the use of social networking. It either has left positive effect or negative effect on them. In terms business and professional networking the personal privacy proves to be very effective to reach the masses. On the other hand, the relationships and interaction between family, friends and partners can bring some negative impact on the personal privacy. One’s personal privacy will be invaded when others starts interfering and getting information about them.
The online users are sharing certain type of information among other computer users nevertheless their location. This is done via the use of social networking. There is certain information that should not be made in public. These exposures of confidential information can lead the user of the social networking into trouble.
Personal Comment: Social networking of course helps in a lot of ways but the users have to really careful to stay secure and safe. Security is one of the top most concerns of social networking sites that you currently use. This is mainly because the social networking sites allow us to display our personal information such as name, location, and email address. There are some people who always in search of a fake identity. If they get all the information about you on internet, they may use your identity for different type of illegal activities, which may cause you problems in future. It is always advisable to don’t provide your entire identity information online.
Information Overload
by Lorrie Faith Cranor
Aside from many complaints about unwanted junk mail and a few problems with Web sites that tempt kids to disclose personal information that can be used to target them for marketing campaigns, there have been few allegations to date of actual online privacy violations. This may be because many online data collectors actually do have policies and procedures in place to protect privacy. However, I suspect that part of the reason online privacy problems have been so rare is that most of the organizations that have collected vast amounts of data online do not have the resources to sort through it all. They save this data in case they need it later, but the data collectors have little or no idea what they will do with it or how they will process it -- the information just seems too valuable to throw away.
As better tools are developed for processing huge quantities of data, and as better data-mining applications come to the market, chances are that new businesses will be built around data mining and people will start finding uses for all the data they have been stashing away. And even if the organization that owns the data doesn't make use of it, the data may be subpoenaed in lawsuits or accessed in unauthorized ways by employees or hackers.
Although much of the information being collected online appears to be going unused, some of it is being used actively, often to the benefit of the individual to whom it pertains. Individuals frequently reveal personal information to gain benefits such as home delivery of products, customized services, and the ability to buy items on credit. I enjoy the convenience of ordering books online; with just a few clicks of the mouse they can be billed to my credit card and delivered to my door. But I often wonder whether online stores are using my information for purposes other than processing my order. Which leads me to what I think is the root of the privacy problem: >Consumers have little knowledge about or control over the use of their personal information. This problem is exacerbated on the Internet due to the ease with which information can be collected, processed and combined with other information.
Although commercial Web sites are evolving toward more privacy-friendly practices, many still collect information without providing any explanation about what they will do with it. When people find out that their data might be used in ways they didn't expect, or that information they did not know about is being silently collected, they get worried. There is nothing inherently evil about HTTP cookies, although they can potentially be used in undesirable ways. But most people don't understand what cookies are used for, and most Web sites that use them fail to provide any explanatory information.
In a recent article about online privacy, Esther Dyson summed up the problem: "The biggest challenge right now is ignorance: People aren't worried enough, and are careless. Other people are worried too much, and are paranoid. No one knows what is known and what isn't. It's the one-way mirror effect that makes people so uneasy".
Personal Comment: Commercial web's developer should clearly explain the purpose of collect information from user to make sure user understand why they should provide the particular information to the website.Under Personal Data Protection Act 2010, Principle 2:Purposes of Collection of Personal Data, Personal data shall be held only for one or more specified and lawful purposes (necessary for that purpose, adequate and relevant and not excessive).
Aside from many complaints about unwanted junk mail and a few problems with Web sites that tempt kids to disclose personal information that can be used to target them for marketing campaigns, there have been few allegations to date of actual online privacy violations. This may be because many online data collectors actually do have policies and procedures in place to protect privacy. However, I suspect that part of the reason online privacy problems have been so rare is that most of the organizations that have collected vast amounts of data online do not have the resources to sort through it all. They save this data in case they need it later, but the data collectors have little or no idea what they will do with it or how they will process it -- the information just seems too valuable to throw away.
As better tools are developed for processing huge quantities of data, and as better data-mining applications come to the market, chances are that new businesses will be built around data mining and people will start finding uses for all the data they have been stashing away. And even if the organization that owns the data doesn't make use of it, the data may be subpoenaed in lawsuits or accessed in unauthorized ways by employees or hackers.
Although much of the information being collected online appears to be going unused, some of it is being used actively, often to the benefit of the individual to whom it pertains. Individuals frequently reveal personal information to gain benefits such as home delivery of products, customized services, and the ability to buy items on credit. I enjoy the convenience of ordering books online; with just a few clicks of the mouse they can be billed to my credit card and delivered to my door. But I often wonder whether online stores are using my information for purposes other than processing my order. Which leads me to what I think is the root of the privacy problem: >Consumers have little knowledge about or control over the use of their personal information. This problem is exacerbated on the Internet due to the ease with which information can be collected, processed and combined with other information.
Although commercial Web sites are evolving toward more privacy-friendly practices, many still collect information without providing any explanation about what they will do with it. When people find out that their data might be used in ways they didn't expect, or that information they did not know about is being silently collected, they get worried. There is nothing inherently evil about HTTP cookies, although they can potentially be used in undesirable ways. But most people don't understand what cookies are used for, and most Web sites that use them fail to provide any explanatory information.
In a recent article about online privacy, Esther Dyson summed up the problem: "The biggest challenge right now is ignorance: People aren't worried enough, and are careless. Other people are worried too much, and are paranoid. No one knows what is known and what isn't. It's the one-way mirror effect that makes people so uneasy".
Personal Comment: Commercial web's developer should clearly explain the purpose of collect information from user to make sure user understand why they should provide the particular information to the website.Under Personal Data Protection Act 2010, Principle 2:Purposes of Collection of Personal Data, Personal data shall be held only for one or more specified and lawful purposes (necessary for that purpose, adequate and relevant and not excessive).
Internet Privacy: A Public Concern
by Lorrie Faith Cranor
Why is so much of the recent attention to privacy issues focused on Internet privacy when consumers have had privacy concerns long before they started doing business online? Certainly, the current hype surrounding the Internet in general has contributed to the buzz. These days, anything that happens online seems much more exciting than things going on in the "real" world. But in the case of online privacy, I think there is some substance behind the hype.
Internet privacy is now a hot-button issue; the flurry of media reports about HTTP cookies has raised public concerns that consumers' online activities are being monitored. In mid-May, Vice President Al Gore announced a White House initiative aimed at helping to improve online privacy protections. And in June, the Federal Trade Commission reported the results of its March privacy "sweep," in which the agency visited more than 1,400 commercial Web sites in search of clearly displayed privacy policies. The FTC reported that while 85% of the sites it had visited collect personal information from consumers, only 14% had posted any privacy-related notices, and only 2% had posted comprehensive privacy policies.
Meanwhile, the European Union is preparing to launch the European Data Protection Directive on Oct. 25. This directive will prohibit EU member countries from sending personal data to other countries that lack adequate privacy protection. Online transactions, which often cross national borders, may be significantly impacted by this directive.
The Internet and computerized databases make automated collection and processing of information particularly easy and convenient. In fact, for the typical Web site operator, it's easier to collect information about Web site visitors than to figure out how to configure a Web server not to collect that information. As a result, there are now zillions of databases silently collecting mostly innocuous "click-stream" data from everyone who surfs on by. But when these databases are merged, and especially when click-stream data is combined with personally identifiable data that users type in when filling out online forms, Web surfers may be profiled in ways that raise serious privacy concerns. Imagine, for example, if employers started inferring health information about their employees (or prospective employees) based on information about visitors to medical- or health-related Web sites.
Personal Comment: The article stated that 85% of the sites it had visited collect personal information from consumers, only 14% had posted any privacy-related notices, and only 2% had posted comprehensive privacy policies, this shows the needed of laws and regulations to comes in and improve the situation to protect the data subject (user of internet) personal data. If the condition did not improve, user will loss confidence to online transaction as their information might spread to unknown third parties which they not prefer to happens.
Why is so much of the recent attention to privacy issues focused on Internet privacy when consumers have had privacy concerns long before they started doing business online? Certainly, the current hype surrounding the Internet in general has contributed to the buzz. These days, anything that happens online seems much more exciting than things going on in the "real" world. But in the case of online privacy, I think there is some substance behind the hype.
Internet privacy is now a hot-button issue; the flurry of media reports about HTTP cookies has raised public concerns that consumers' online activities are being monitored. In mid-May, Vice President Al Gore announced a White House initiative aimed at helping to improve online privacy protections. And in June, the Federal Trade Commission reported the results of its March privacy "sweep," in which the agency visited more than 1,400 commercial Web sites in search of clearly displayed privacy policies. The FTC reported that while 85% of the sites it had visited collect personal information from consumers, only 14% had posted any privacy-related notices, and only 2% had posted comprehensive privacy policies.
Meanwhile, the European Union is preparing to launch the European Data Protection Directive on Oct. 25. This directive will prohibit EU member countries from sending personal data to other countries that lack adequate privacy protection. Online transactions, which often cross national borders, may be significantly impacted by this directive.
The Internet and computerized databases make automated collection and processing of information particularly easy and convenient. In fact, for the typical Web site operator, it's easier to collect information about Web site visitors than to figure out how to configure a Web server not to collect that information. As a result, there are now zillions of databases silently collecting mostly innocuous "click-stream" data from everyone who surfs on by. But when these databases are merged, and especially when click-stream data is combined with personally identifiable data that users type in when filling out online forms, Web surfers may be profiled in ways that raise serious privacy concerns. Imagine, for example, if employers started inferring health information about their employees (or prospective employees) based on information about visitors to medical- or health-related Web sites.
Personal Comment: The article stated that 85% of the sites it had visited collect personal information from consumers, only 14% had posted any privacy-related notices, and only 2% had posted comprehensive privacy policies, this shows the needed of laws and regulations to comes in and improve the situation to protect the data subject (user of internet) personal data. If the condition did not improve, user will loss confidence to online transaction as their information might spread to unknown third parties which they not prefer to happens.
Privacy and Internet
What is privacy?
Privacy can be defined as the claim of individuals, groups or institutions to determine when, how and to what extent information about them is communicated to others. Privacy is your right to control what happens with personal information about you.
Privacy and the Internet
The use of the Internet can affect the privacy rights a person has in his or her identity or personal data. Internet use and transactions generate a large amount of personal information which provide insights into your personality and interests.
Privacy issues relating to identity include the possible appropriation of a person’s email identity and address. Ease of access to and the appropriation of email addresses has led to the practice of sending vast amounts of unsolicited e-mails (spam).
Identification through email and website transactions and the ability to locate people’s physical addresses easily through national and international directories have raised new privacy concerns.
Privacy issues relating to personal data arise from
-Insecure electronic transmissions,
-Data trails and logs of email messages,
-Online transactions and the
-Tracking of web pages visited.
Privacy invasion issues arise from data matching (the process of wholesale cross checking of data from one source against another source such as tax and social security data) and personal profile extraction processes which use this data alone or in combination with other publicly available data.
The Malaysian government has passed the Personal Data Protection Act 2010. This Act is based on guidelines passed by the European Convention
Subscribe to:
Posts (Atom)