|In the privacy jungle|
|Written by Cary GriffithHits : 407|
|Sunday, 31 December 2000 19:00|
Toysmart.com and Borders.com came to a fork in the road that winds through the privacy jungle, and chose different paths.
The toy e-tailer went to the left, and ended up being prosecuted by the Federal Trade Commission (FTC) for, among other things, data-privacy violations and deceptive trade practices. Bricks-and-mortar bookseller Borders.com took the right path, taking a hard line on consumer privacy. "Our privacy statement says we will never sell or rent customer data, and we've adhered to it," says Rich Fahle, content manager for the company's Web site. By doing so, Borders.com put itself in a good position to fend off accusations of privacy malfeasance.
Times have never been tougher for e-businesses dealing with data privacy and security issues. The ease with which user preferences can be tracked and a big push to personalize the consumer's Web experience has prompted Congress to pass strict new laws, the first salvos in what could be a barrage of privacy legislation this year.
But Web-enabled businesses can steer clear of the privacy quagmire by becoming familiar with privacy laws (both those currently on the books and coming down the pike) and following basic privacy guidelines in Web development. A new breed of software that lets companies personalize their content without trampling on visitors' privacy can also help keep the lawyers at bay.
Getting the lay of the land
Data miners and consumer profilers aren't likely to catch a break on Capitol Hill anytime soon. William B. Baker, a data-privacy specialist and partner at Wiley, Rein & Fielding, a Washington, D.C. law firm, advises Web enterprises to keep a sharp eye on the 107th Congress. Of the 30 pieces of data-privacy legislation that died in the 2000 session, these four are among those likely to be re-introduced:
Internet Growth and Development Act--would require commercial Web site operators to provide notice of their collection, use, and disclosure policies regarding personally identifiable information.
Privacy Commission Act--seeks to create an 18-month commission to study privacy issues, including those associated with the Internet.
Electronic Rights for the 21st Century--a broad-based electronic-privacy bill that focuses on government access to information.
Internet Integrity and Critical Infrastructure Protection Act--would restrict the legal or illegal collection, use, and disclosure of personal information by Internet sites.
Choosing the right path
Getting bushwhacked by privacy issues can be a humbling and expensive experience. Just ask Toysmart. The now defunct e-tailer's Web site explicitly stated that the company would never divulge information gleaned from visitors to any third party. But after filing for bankruptcy, Toysmart tried to sell its store of consumer data to the highest bidder in an effort to raise cash. In the end the FTC forced Toysmart to comply with the privacy pledge it made to its customers, prohibiting the sale of customer lists.
Fahle of Borders.com has taken that advice to heart. Not only does Borders.com categorically refuse to sell customer information to anyone, but it also makes third parties with whom the firm has relationships comply with its policy. "We can't say to our customers, 'trust us,' and then turn around and deliver them to a retailer that misuses that information," he says.
In addition, a business should provide its customers and subscribers with easy access to their own personal information, and state clearly what it intends to do with that information. Visitors should also be able to choose whether or not to allow personal information to be used in that manner. "For example," Baker says, "a Web site might say, 'We want to sell our customer list to a vendor. Would it be OK for us to do that?'"
Finally, privacy statements need to describe the method, process, and technology used to safeguard consumer information gathered from a Web site. Data encryption and databases maintained behind firewalls can shield customer data against theft and tampering.
Businesses aren't without resources in their efforts to comply with privacy laws and allay the fears of consumers. New services and technologies have sprung up to help companies win the confidence of site visitors and gather customer intelligence without breaking the law.
Baker is a big proponent of privacy seal programs such as BBBOnline, TRUSTe, PrivacyBot.com, and PricewaterhouseCooper's Better Web Program, which give shoppers an extra level of comfort on the Web. Sites that participate in one of these programs must observe rigorous data privacy standards in order to receive a seal of approval. Most seal programs incorporate a mechanism for consumers to file and resolve complaints.
Privacy-savvy personalization software satisfies e-marketers' craving for customer data while giving individuals a measure of control over that information. New York City--based YouPowered Inc., which describes itself as the "leader in permission-based personalization," offers three products designed to lead companies out of the privacy thicket: SmartSense, Consumer Trust, and Orby Privacy Plus. Installed on a Web server, SmartSense follows user preferences in tracking user activity at a variety of levels (site-specific, entire Web, etc.), and generating detailed summaries of site activity.
Borders.com doesn't use YouPowered's software, but Fahle says he understands the balance such tools try to strike in the right-to-market vs. right-to-privacy debate. "We're looking for ways to let the customer customize our site," he says. "We want to give more control and power to the customer...to provide them with the tools and flexibility to shape their shopping experience into whatever they want." But, he adds, Borders also wants them to know "we consider our relationship with our customers sacred."
Cary Griffith is president of The Electronic Book Co., a Minneapolis-based new media firm. Look for his monthly Web Site Advisor column in ComputerUser magazine.