1.1 The Privacy Problem
The rapid development of the Internet has been accompanied by a growth in the number of e-services available to consumers. E-services, and in particular, web services, are available for banking, shopping, learning, healthcare, and Government Online. However, each of these services requires a consumer’s personal information in one form or another. This leads to concerns over privacy. Indeed, the public’s awareness of potential violations of privacy by online service providers has been growing. Evidence affirming this situation include a) the use of P3P privacy policies (P3P, 2002) by web server sites to disclose their treatment of users’ private information, b) the enactment of privacy legislation and directives by major jurisdictions as a sort of owners’ “bill of rights” concerning their private information, and c) the appointment of privacy commissioners or officials who can assist the consumer in addressing violations of privacy (Canada has a federal privacy commissioner as well as provincial level privacy commissioners). In order for e-services to be successful, privacy must be protected. An effective and flexible way of protecting privacy is to manage it using privacy policies. The objectives of this chapter are a) to show that such use of privacy policies can lead to pitfalls and b) to propose ways to eliminate or mitigate these bad outcomes. This work is based on Yee & Korba (Oct. 2005).
1.2 Approaches for Solving the Privacy Problem
Key Terms in this Chapter
Privacy: Privacy refers to the ability of individuals to control the collection, use, retention, and distribution of information about themselves.
E-Service: An e-service or electronic service is a service that can be accessed by users of the service through a network such as the Internet. Two examples of e-services are 1) an online broker such as etrade.com that allows users to obtain stock quotations and trade stocks, and 2) an online book seller such as amazon.com. Web services comprise an important class of e-services that is characterized by the use of XML and SOAP in a Service Oriented Architecture.