From...

by Ann Harrison and Kathleen Ohlson

(IDG) -- The Electronic Privacy Information Center (EPIC), a Washington-based privacy research group, released a report warning online holiday shoppers that their privacy is at risk. According to the report, few of the 100 most popular shopping Web sites provide adequate privacy protection for consumers and many track purchases and online habits.

"On balance, we think that consumers are more at risk today than they were in 1997 when we first examined privacy practices on the Web," said Marc Rotenberg, executive director of EPIC.

Elaine Rubin, chairman of Shop.org, said it's a good move to warn new online shoppers, but consumers have always needed to question if a business is legitimate. Shoppers have to abide by the "classic rule" -- verifying if the business is credible, Rubin said. "Check to see if it has a privacy statement, an 800 number and if live people are available," she said.

MORE COMPUTING INTELLIGENCE

IDG.net home page

Computerworld's home page

Computerworld Year 2000 resource center

Tips for safe shopping online

Top 10 online retailers

Reviews & in-depth info at IDG.net

E-BusinessWorld

Year 2000 World

Questions about computers? Let IDG.net's editors help you

Subscribe to IDG.net's free daily newsletter for IT leaders

Search IDG.net in 12 languages

News Radio

Fusion audio primers

Computerworld Minute

Separately, the Federal Trade Commission Wednesday announced it will establish an Advisory Committee on Online Access and Security, the agency said in a statement.

The committee, staffed by 30 members, will recommend to the FTC how commercial sites can give consumers access to their personal data while ensuring security of that information, the FTC said. It will also look into the costs and benefits of various options. Other issues the committee will consider: if access should vary depending on the sensitivity of the data and purpose of collection, and whether consumers should be able to tap into so-called "enhancements" to their personal information, such as how a site is categorizing their preferences and purchasing habits.

The EPIC report, titled Surfer Beware III: Privacy Policies Without Privacy Protection, examines compliance with Fair Information Practices, a set of privacy protection principles outlined by the FTC last year. Commercial sites were also reviewed to determine whether they used profile-based advertising and deployed "cookies" on their sites, which track users as they traverse the Web.

According to the report, 18 of the top shopping sites didn't display a privacy policy, 35 have profile-based advertisers who collect data from the sites and 86 use cookies. EPIC also determined that none of the sites adequately addressed the Fair Information Practices. Rotenberg said legally enforceable standards of privacy are needed to ensure compliance with the principles and new techniques for anonymity are needed to protect online privacy.

Surfer Beware III is EPIC's third survey on Web privacy. Its first survey, Surfer Beware: Personal Privacy and the Internet, was the basis for the FTC's subsequent review of online privacy practices published last year.

Ben Isaacson, executive director of the Association for Interactive Media, said online businesses are still in their infancy and legislation would be premature now. Commercial sites already secure their data, and that's cited in privacy notices, he said. "I haven't seen one single case of a company posting a [privacy] policy and abusing it," he added. "We've done what [the FTC] asked and abided by it. What more can we do?"