E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants

Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


Web sites alter policies on use of data

Source: Arizona Daily Star

Posted on May 8, 2001

      Internet users who value their privacy would do well to watch the privacy policies of Web sites they frequent.

      It's getting harder to keep tabs on such policies, as many Web sites alter them to reflect a changing legal landscape and, in some cases, to give more leeway on how customer data is used.

      Two recent examples are retail giant Amazon.com and the popular auction site eBay, which have moved to reserve their right to treat customer data as "business assets."

      "All of the changes I have seen in the last few months have been toward more ambiguity and giving the companies more flexibility in using data," said Michael Erbschloe, vice president of the research firm Computer Economics in Carlsbad, Calif., and author of a book on Net privacy.

      Such concerns have prompted Congress and many states to consider legislation imposing minimum privacy standards. At least 50 bills are pending in Congress and hundreds more are on the table in various states, Erbschloe said.

      Many privacy policy changes are being driven by a court case last year involving the bankrupt Toysmart.com.

      The failed toy retailer, majority-owned by Walt Disney Co., wanted to sell a customer list including 250,000 names, addresses and credit-card numbers to help pay off its debts.

      But the proposed sale was stopped last fall after the Federal Trade Commission and 47 states, including Arizona, objected on grounds that the defunct company had promised not to sell customer data.

      Auction house eBay, which boasts nearly 29 million registered members, is changing its privacy policy effective May 15, partly because of the Toysmart.com case.

      The new policy will allow eBay to share personal user data with subsidiaries or joint-venture partners that merge with or are acquired by other companies.

      "Prior to the Toysmart issue, there were no watchdog groups raising the question," eBay spokesman Kevin Pursglove said.

      The company still will not share "personally identifiable information" - including names, addresses and credit-card information - with third-party advertisers or permit its service providers or other partners to resell user data, he said.

      The auction site notified its users of the changes via e-mail in mid-April, noting that users have the option of canceling their registrations if they don't like the new rules.

      However, eBay also warns that canceling doesn't mean existing information is wiped from the company's computers. Pursglove said some information may be kept to settle future complaints or to comply with police investigations.

      A local eBay user said she's happy with the company's current privacy practices and is unconcerned by the changes.

      "It's a trust system, and I would think they've given a lot of thought to keeping that trust," said Tucsonan Jane Haddad, who has been selling on eBay for three years.

      Amazon.com, which has 32 million registered users, changed its policy in September to reflect that customer information would be treated as any other business asset and could be transferred in the event of a sale or merger of one of its business units.

      But Amazon.com spokeswomen Patty Smith said another alteration removed a clause allowing the company to change its policy and sell customer data any time in the future, noting that customers were notified by e-mail.

      "A lot of times companies change their policies but you never know it - they change the fine print," Smith said.

      Andrew Shen, policy analyst with the Electronic Privacy Information Center in Washington, D.C., said privacy issues go far beyond the Toysmart.com situation.

      "It's much larger than that - it's a question of how a company can change terms on a customer," Shen said.

      He said the issue is critical because many major Web sites gather personal information or track user behavior, target marketing efforts and in some cases sell data to third parties.

      When such information reaches the wrong hands, users may find themselves increasingly targeted by marketers, or worse, subject to fraud such as identity theft or attacks by hackers, he said.

      Currently, no federal law specifically mandates that Web sites post formal privacy policies. Only about one-third of U.S. businesses and institutions have such policies in place, according to Computer Economics.

      However, some existing laws apply to some financial and medical information.

      Privacy advocates say industry oversight, such as privacy certification programs like TRUSTe, has failed to stem many abuses.

      They cite policies that use personal information unless users specifically "opt-out"; confusing and frequently changing privacy rules; and the use of "cookies," small text files that allow third-party companies to invisibly track Web users' online behavior.

      All make it hard for consumers to keep track of where their data is going.

      Even users who pay attention to privacy policies may find that their personal data is being shared without their consent.

      Last year, the Arizona Attorney General's Office took action against a company called HealthSquare, which promised in its privacy policy that it wouldn't share any personally identifying information about its visitors with third parties.

      HealthSquare agreed to change its policy after the state alleged that the company misled customers by letting other companies plant cookies on its users' computers.

      Groups like EPIC and TRUSTe want lawmakers to require Web sites to post clear privacy policies and get prior consent before collecting data, known as an "opt-in" system.

      Users also should be notified of any changes well in advance and have the ability to view and correct their user information, the groups say.

      "Congress should act on this issue because the current situation is not protecting consumers," EPIC's Shen said. "Companies are getting away with a lot more than consumers think."

      Charles Lee, a Tucson Web-site designer and self-described "rabid privacy minder," said any new privacy laws should require clear language and prohibit any sharing of personal information without prior consent.

      "If I give you information about me, it should not be going to anyone without my permission," said Lee, a member of the Tucson Computer Society.

      Arizona Attorney General Janet Napolitano spoke in favor of federal privacy laws at a conference of attorneys general at Harvard University last week.

      "There's a feeling that there needs to be one, uniform standard because the Net operates in all states," Napolitano said in an interview this week.

      In fact, companies have little incentive to set privacy policies when doing so makes them liable for violating their own rules, Napolitano said. She said she favors laws requiring clearly stated privacy policies and opt-in or "single-click" opt-out procedures whenever a policy is changed.

CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

Final Entries

LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Privacy Breaches.

Get WebTrust
Working For
Your Site.