Q. & A.: How About a Little Privacy?Skip other details (including permanent urls, DOI, citation information)
This work is protected by copyright and may be linked to without seeking permission. Permission must be received for subsequent distribution in print or electronically. Please contact firstname.lastname@example.org for more information. :
For more information, read Michigan Publishing's access and usage policy.
Tailoring your content is critical on the Web. A reader may well skip an irrelevant article in a magazine, newsletter, or newspaper, but chances are that he or she will continue reading the publication. Not so on the Web: With a seemingly infinite number of choices, readers jump quickly to another site.
To keep readers hanging around, Web publishers need to offer what author Mai-Lan Tomsen calls "killer content." Tomsen defines killer content as content so compelling that it hooks readers and keeps them coming back to the site. 
Web publishers have at their disposal a range of tools to help them identify and understand their audiences so they can deliver killer content to them. Unfortunately, some of those tools have led to abuses that have aroused feelings of suspicion and hostility among consumers and legislators.
In a word, the problem is privacy — or the lack thereof. During the past year, privacy issues have been at the forefront of discussions about the Internet (second possibly only to the topic of the dot-com implosion). Some surveys of consumers rate privacy as their No. 1 concern, an issue that keeps some people from going on line and others who are already on line from joining the e-commerce revolution.
A number of recent high-profile cases are no doubt to blame for some of this uneasiness. For example, Amazon.com announced Sept. 1, 2000, that it would no longer guarantee that it would not share customer data with third parties. In response, the company was slammed in the media and dropped by two privacy advocacy organizations.
Fortunately for Web publishers, many consumers are still happy to share personal information with Web sites. But, as a recent CNET News.com commentary points out,
Businesses need to remember that privacy is a quid pro quo issue, and they need to give consumers something in return for providing information about themselves. They also need to set forth clear privacy policies that comply with regulatory guidelines and set clear expectations for how information will be used. 
Writing in this journal, Judith A. Turner has set out the issue in stark terms:
Laws and rules aside, it's an issue of trust. ... To keep the trust that we, as publishers in the scholarly environment have built, we need to reassure our subscribers, authors, and readers as we move into new technologies. And we can reassure them by letting them know what we collect, what we do with it, and what rights they have. 
Searching for Guidelines
It seems reasonable, then, for any online publisher to follow regulatory guidelines. But there are no uniform guidelines at this point. While the 106th Congress made loud noises about the need to pass privacy legislation (and considered more than a dozen bills), as of this writing none had made it into law. In fact, earlier this year a report to Congress revealed that the federal government itself hasn't been able to follow its own rules on information gathering. Despite the fact that a June 2000 Clinton administration memorandum restricted the process of using electronic "cookies" to gather information about Web site visitors, dozens of federal Web sites were still using them early this year.
If the prospect of trying to accommodate dozens of conflicting state standards seems daunting, consider the issue of foreign statutes. Many European nations, as well as Japan, Australia, and other countries, have developed their own standards on privacy — which again would apply to all Web sites that are accessible within their borders. To get an idea of the range of international regulations, visit the Web sites of the Privacy Exchange or Privacy International. 
Basic Fair Information Practices
Fortunately, most publishers will find that they are covered in most cases by posting and following privacy policies that meet four simple standards:
Choice: You should offer your visitors a choice in how their information will be used both internally (for marketing back to the consumers) and externally (providing the data to third parties). Industry watchdog TRUSTe requires sites seeking its seal of approval to allow users to opt out of secondary uses of information; some privacy experts recommend additionally allowing users to opt out of primary uses — or, even better, requiring them to opt in.
Security: Your site must take precautions to protect the information you collect. If your site gathers, uses, or distributes credit card or other personally identifiable information, it's mandatory to encrypt it.
Access: You should offer users the chance to review the information you have collected on them, as well as to correct any errors in that information. 
Model Privacy Statements
While you can address those four areas in a fairly brief policy statement, privacy is one topic on which the more said, the better. TRUSTe, an independent, non-profit organization whose mission is to build users' trust and confidence in the Internet by promoting the use of fair information practices, offers its members a Model Privacy Statement [formerly http://www.truste.org/bus/pub_sample.html]. That statement covers all the points noted above, as well as a wide range of other issues.
TRUSTe's site also provides information on joining its Privacy Seal Program [formerly http://www.truste.org/programs/pub_how_join.html]. The process is simple, and the annual license fee is only $299 for companies with revenues of $1 million or less. (For larger companies, fees soar to as high as $6,999 a year.)
TRUSTe also offers its licensees the chance to join the European Union Safe Harbor Program for an additional fee. Safe Harbor membership requires a site to abide by seven voluntary principles (the four listed earlier as well as Transfers to Third Parties, Data Integrity, and Enforcement).
In addition, TRUSTe offers links to several privacy resources [formerly http://www.truste.org/bus/pub_privacy.html], but the EPIC Online Guide to Privacy Resources offers a much richer resource full of links to organizations, printed publications, U.S. privacy sites, international privacy sites, privacy tools, mailing lists and electronic newsgroups, and upcoming privacy-related conferences and events.
Many privacy experts cite the way eBay handles privacy issues as a model policy. Users are required not only to view the policy but also to agree to its terms and conditions.
Leave It to Browsers
Some parties are pushing to spread the burden of protecting privacy between Web publishers and consumers. The World Wide Web Consortium's (W3C) proposal for the Platform for Privacy Practices is the most visible initiative on that front. As W3C explains on its Web site:
P3P enables Web sites to translate their privacy practices into a standardized, machine-readable format (Extensible Markup Language XML) that can be retrieved automatically and easily interpreted by a user's browser. Translation can be performed manually or with automated tools. Once completed, simple server configurations enable the Web site to automatically inform visitors that it supports P3P.
P3P provides information on nine aspects of privacy:
- Who is collecting this data?
- Exactly what information is being collected?
- For what purposes?
- Which information is being shared with others?
- And who are these data recipients?
- Can users make changes in how their data is used?
- How are disputes resolved?
- What is the policy for retaining data?
- And finally, where can the detailed policies be found in "human readable" form?
Microsoft, one of the major supporters of P3P, is already building some privacy control into the latest version of its browser, Internet Explorer 6. The browser includes a "privacy thermostat" that lets users choose one of five levels of control for dealing with cookies:
- High: Blocks all Web site cookies.
- Medium-high: Accepts cookies from a Web site only if it has an "opt-in" or "opt-out" policy on cookies. Also accepts cookies from third-party Web sites that are partners of the host site, provided they too have opt-in or opt-out policies.
- Medium (default): Accepts all cookies, but deletes them when the browser is closed. Also accepts cookies from third-party Web sites that are partners of the host site, provided they too have opt-in or opt-out policies.
- Medium-low: Accepts all cookies from a host site and third-party partners, but deletes them when the browser is closed.
- Low: Accepts all cookies. 
Despite consumer concerns about privacy, it doesn't take much to get many people to give up personal information. Offering a small premium for registration — e-mail news updates, a discount on publications or services — can make many people rethink their opposition to parting with private information. This august journal, for instance, offers readers who "subscribe" notification of each new issue. To date, more than 1,200 unique readers have signed up, handing over such intimate details as their favorite flavors of ice cream.
Thom Lieb is an associate professor of journalism and new media at Towson University in Baltimore. Among his courses is Writing for the Web. He is the author of Editing for Clear Communication and has written and edited for magazines, newspapers, newsletters and online publication. He holds a Ph.D. in Public Communication from the University of Maryland at College Park and a master's of science in Magazine Journalism from Syracuse University. You may contact him by e-mail at email@example.com.
2. Meta Group, "Commentary: Net Privacy, the Perennial Issue," CNET News.com, 9 May 2001 at http://news.cnet.com/news/0-1005-202-5877774-0.html.
3. Judith A. Turner, "Privacy in the Electronic Environment: All Smoke and Mirrors," Journal of Electronic Publishing, September 1999.
4. "Report: Privacy Not Protected Online," latimes.com, 17 April 2001.
5. Brian Livingston, "Do Privacy Policies Really Protect You?" CNET News.com, 30 June 2000 at http://news.cnet.com/news/0-1278-211-3287300-1.html
Links from this article:
EPIC Online Guide to Privacy Resources, http://www.epi c.org/privacy/privacy_resources_faq.html
Platform for Privacy Practices, http://www.w3.org/P3P/
The Privacy Exchange, http://www.privacyexchange.org
Privacy International, http://www.privacyinternational.org/survey/
Safe Harbor, http://www.export.gov/safeharbor/
- TRUSTe's Model Privacy Statement [Formerly http://www.truste.org/bus/pub_sample.html]
- TRUSTe's Privacy Resources [Formerly http://www.truste.org/bus/pub_privacy.html]
- TRUSTe's Privacy Seal Program [Formerly http://www.truste.org/programs/pub_how_join.html]