Protecting Online Privacy
Article Specs |
Article ID: 2728
Age Group: Adult
Days Up: 7,246
Times Read: 17,736
Author: Witchvox Central
Posted: March 19th. 2000
Times Viewed: 17,736
In a major report to Congress two summers ago, the Federal Trade Commission (FTC) said that concerns about online privacy may eventually become so severe as to threaten the commercial viability of the Internet. [n.1] More recently, a dramatic survey by Privacy & American Business reported that nearly nine-out-of-ten online consumers were "concerned" about threats to their personal privacy, and more than half (55%) were "very concerned." [n.2] Among those that make up the Witch and Neo-Pagan community, we can only guess, but the levels of concern are likely at least as high, especially considering almost half the community is still partially broomcloseted. [n.3] Certainly it would be safe to say that a lot of people are worried about privacy infringements when they go online.
Despite this, many Web site operators (both ordinary and occult) have yet to take steps to reassure their site-visitors about privacy. As of last year, over 34% of the major-traffic sites were still operating without a posted privacy notice. [n.4] [n.5] The statistics are even more dire among Witch and Neo-Pagan sites, where nearly all are currently operating without a notice. [n.6]
In an effort to address these concerns, and offer some thoughts on how to make cyberspace a little more privacy-friendly, the following article describes some of the most current thinking on how to draft a privacy notice, what it should contain, where it should be posted, and how it can be successfully implemented. In creating this article, we relied heavily on the published materials of the Federal Trade Commission, [n.7] the Online Privacy Alliance, [n.8] the Center For Democracy & Technology, [n.9] TRUSTe, [n.10] and the BBBOnLine Privacy Program. [n.11]
STEP ONE: WRITE A NOTICE
One of the most direct ways to speak to your site visitors about online privacy is to post a clear and easy to find privacy notice. Through the privacy notice, you can explain your information policies, and offer your site visitors choices about how such information will be later used and/or shared. In going through the process of drafting and posting a notice, you can not only help address concerns about privacy, but also help gain a clearer picture of your own information practices. [n.12]
When drafting a notice, one way to get started is to take a look at some of the notices created by others. However, don't just cut and paste! In order to be effective, a privacy notice should paint an accurate picture of your own information policies. Besides incurring some interesting copyright karma, the language of someone else's notice is very likely to be wrong or inadequate to describe what's actually happening on your specific Web site. With that important qualification, the following are some other examples of current Neo-pagan privacy notices:
So what makes a good privacy notice? The FTC has indicated that fair information practices generally contain four key ingredients. They are: "notice, " "choice, " "security, " and "access." [n.13] A solid privacy notice, in turn, should try to touch on each of these.
STEP TWO: CHECK FOR ACCURACY
- Notice of what you collect -- To begin, the privacy notice should provide notice of all the different types of identifying information that might be collected through the site. Identifiable information is data that tells you something about a person, or would allow you to contact a person. This includes email, what you might collect through Web forms, and behavioral data (like cookies or click-stream data) if this is also tied to an identifier.
- Notice of how it's used -- For each type of information you collect, the privacy notice should also specifically describe how that information is used. "Uses" of course, includes any sharing of information.
- Notice of resident parties -- The privacy notice should give fair notice on who might be collecting information. If you have other parties on the site along with you (like a storefront provider, list service provider, banner ad company, or guestbook host) you should disclose them and their URLs so your visitors can go check them out as well.
- Notice of unclear elements -- The privacy notice at its heart should be clear. If you have something strange going on (like a cgi-tag referral program or frames around other-site content) , or any other elements that your site visitors might think important, then explain that. Basically, when in doubt, disclose!
- Choice Over Sharing -- If you plan to share information, it is critical that you give people the ability to control whether or not this sharing will take place. You can do this by asking them if it's okay to share their data (an "opt-in") or by asking them if they don't want their information shared (an "opt-out") . Of the two, the opt-in is generally considered the better practice. The privacy notice should clearly explain when information may be shared and how a site-visitor can opt-in or opt-out of that sharing.
- Choice over secondary uses -- You should also give people the ability to opt-in or opt-out of any "new" uses of information. This includes new uses of data that wasn't initially described in the privacy notice, as well as uses of data that is unrelated to the purpose for which it was initially provided (also called "unrelated" or "secondary" uses) .
- Choice over marketing -- It may be a good idea to give some choice on whether or not individuals will receive marketing from you. This is the one of those areas were people get cranky about the use of their information. Build some goodwill and give your site visitors an up-front choice about whether or not they will receive marketing.
- Access to review -- The privacy notice should clearly explain how someone may later "see what you have on them." This is based on a theory of information ownership. Under this idea, identifiable data never completely becomes the property of a Web site operator. Instead, it is more like a partial loan. From this comes the concept that if a "data subject" (someone you have information about) comes back and later asks to see what information about them you may have, you should take reasonable efforts to provide it back. You should also take steps to make sure you are giving that information back to the right person. The privacy notice, in turn, should explain how to make this kind of request.
- Access to correct -- In a related concept, individuals should also be able to correct factual inaccuracies in their information, especially if that information is being used to make decisions about that person (like whether they are eligible to join a group, get credit, buy insurance, etc.) For this reason, the privacy notice should also disclose how information might be corrected.
- Access to the site operator -- Finally, you should provide (at least a little) access to yourself. Include your own contact information in your privacy notice so a site-visitor can get hold of you if they need to ask a question.
- Data security -- Data security typically has three elements. They are protection against misuse, loss, or corruption (data integrity) , protection against unauthorized physical access, and protection against unauthorized electronic access. The privacy notice should briefly describe your commitment to data security on each of these levels.
- Children under 13 -- Two Samhains ago, the United States Congress passed a law called The Children's Online Privacy Protection Act of 1998. The FTC since promulgated a rule based on this law which goes into effect on April 21, 2000. The rule applies to commercial sites with areas that are "directed to children" OR general interest commercial sites that collect information from individual's "actually known" to be children (children being defined as individual's under the age of 13) . If you fall under this rule, it would have a big impact on the way you would need to draft your privacy notice. Further information about who has to comply with this rule (and how to comply) is available on the FTC Web site.
Making your privacy notice extremely accurate is good netiquette anyway. However, if this wasn't a good enough reason to craft an accurate notice, also be aware that the FTC sometimes applies "truth in advertising" rules to online information practices. [n.14] Because of this, it may be worth spending a few extra moments reviewing the notice before you hit the "upload" button to make sure it is accurate and contains nothing that might be considered false or misleading. This can apply to "omitted" disclosures as well, so be sure not to leave out anything that your site-visitors might find important. STEP THREE: POST THE NOTICE
Okay... you've gone to all the trouble to write a privacy notice, now you have to decide where to post it! Based on the guidelines of the Online Privacy Alliance [n.15] as well as BBBOnLine [n.16] and TRUSTe, [n.17] a link to your privacy notice should appear at least in two kinds of areas. The first is your homepage (or homepages) , the second is every other area at which you may collect identifiable information. STEP FOUR: ENFORCE THE NOTICE
In the end, the privacy notice is just a bit of well-drafted HTML. It doesn't really mean anything unless it's actually put into practice. To make the privacy notice "real, " make sure your site operations are set up so you can actually abide by its provisions. If you haven't already, go ahead and take steps to implement your physical and electronic security procedures. Put your data behind passwords. Put your file cabinets behind locked doors. Have your staff and volunteers sign-off on the notice and make sure they understand what it means. If you need to, negotiate agreements with any third parties that might have access to your data or receive transfers of your data. In the end, you should have a privacy notice of which you can be proud, and will go a long way towards honoring privacy and making cyberspace a little bit happier place to be. FURTHER READING
n.1. Privacy Online: A Report To Congress. Executive Summary. P. iv. Federal Trade Commission. Saying "If growing consumer concerns about online privacy are not addressed, electronic commerce will not reach its full potential." June 1998. NOTE: This article was created exclusively for the Witches' Voice, "Protecting Online Privacy" was authored by a friend of the Witches' Voice who (ironically) would rather remain anonymous for privacy and security reasons.
n.2. The Privacy Concerns & Consumer Choice Survey. Executive Summary. P. ix. Conducted by Louis Harris & Associates and Dr. Alan F. Westin. Prepared for Privacy & American Business. Issued November 18, 1998.
n.3. The Witches Voice. A Quest For Unity Survey Results. Are You Out Of The Broomcloset?. http://www.witchvox.com/unity/r_us3_broomcloset.html. 1997.
n.6. As of this writing, we are aware of only three major sites which have posted privacy notices (although there may be others) . They are the Witches' Voice (www.witchvox.com) , the Open Hearth Foundation (www.openhearth.org) , and the Military Pagans Network (www.milpagan.org) .
n.7. FTC. Privacy Initiatives. http://www.ftc.gov/privacy/index.html. 2000.
n.8. The Online Privacy Alliance. Rules and Tools for Protecting Personal Privacy Online. http://www.privacyalliance.org/resources/rulesntools.shtml. 1999-2000.
n.9. Center For Democracy & Technology. Data Privacy. http://www.cdt.org/privacy/. March 15 2000.
n.10. TRUSTe. http://www.truste.com. 2000.
n.11. BBBOnLine Privacy. Sample Privacy Notice. http://www.bbbonline.org/businesses/privacy/sample.html. 1999.
n.12. Id at http://www.bbbonline.org/businesses/privacy/sample.html.
n.13. FTC Press Release. FTC Tells House Subcommittee that Self-regulation Is the Preferred Method of Protecting Consumers' Online Privacy. http://www.ftc.gov/opa/1998/9807/privacyh.htm. Testimony of Chairman Pitofsky before the House Subcommittee on Telecommunications, Trade and Consumer Protection. July 21 1998.
n.14. FTC Press Release. Internet Site Agrees to Settle FTC Charges of Deceptively Collecting Personal Information in Agency's First Internet Privacy Case. http://www.ftc.gov/opa/1998/9808/geocitie.htm. Announcing settlement of charges against GeoCities claiming misrepresentation of purposes for which it was collecting personal identifying information from children and adults. August 13 1998.
n.15. The Online Privacy Alliance. Rules and Tools for Protecting Personal Privacy Online. http://www.privacyalliance.org/resources/rulesntools.shtml. 1999-2000.
n.16. BBBOnLine Privacy. Sample Privacy Notice. http://www.bbbonline.org/businesses/privacy/sample.html. 1999.
n.17. TRUSTe. http://www.truste.com. 2000.
Location: Clearwater¼, Florida
Other Articles: Witchvox Central has posted 407 additional articles- View them?
Other Listings: To view ALL of my listings: Click HERE
Email Witchvox Central... (No, I have NOT opted to receive Pagan Invites! Please do NOT send me anonymous invites to groups, sales and events.)
Web Site Content (including: text - graphics - html - look & feel)
Copyright 1997-2020 The Witches' Voice Inc. All rights reserved
Note: Authors & Artists retain the copyright for their work(s) on this website.
Unauthorized reproduction without prior permission is a violation of copyright laws.
of The World
NOTE: The essay on this page contains the writings and opinions of the listed author(s) and is not necessarily shared or endorsed by the Witches' Voice inc.
The Witches' Voice does not verify or attest to the historical accuracy contained in the content of this essay.
All WitchVox essays contain a valid email address, feel free to send your comments, thoughts or concerns directly to the listed author(s).