Online Privacy Issues

What Is Online Privacy?

Businesses need to understand privacy conditions and implications to ensure that they are in compliance with legal constraints and do not step on consumers’ rights for privacy. Personal identifiable information (PII) and data can have innate importance to an organization. Some organizations view certain privacy features as essential components of their product or services; for example, profile data is often used to tailor products specifically for their customers’ likes and needs. PII can also be used for less-honorable endeavors such as identity theft, phishing, political sabotage, character annihilation, spamming, and stalking.

One of the core issues of privacy is: Who actually owns the data, the holder of the data, or the subject (persons) of the data? The answer depends on many criteria: the users’ perspective, the environment that privacy is addressed, and how the data are collected and used. Privacy issues arise because nearly every activity on the Internet leaves traces somewhere. This audit trail has caused many people to be concerned that this data may be inappropriately used. The paradox is that many businesses are also concerned for a different reason. In this age of legislation and litigation, a “minor” misstep or software glitch could easily put businesses in a position of extreme jeopardy. A data breach at T.J. Maxx that allowed hackers to download over 45 million credit/debit card numbers could literally bankrupt the organization. The damage and fines could easily total more than $4.5 billion; some have the figure as high as $8 billion (Ou, 2007). It is important to state that the governments’ approach to the protection of personal privacy is neither equal nor universal. Some localities extend protection much further than others. In 1972, California amended its constitution to specifically include the construct of “a resident’s inalienable right to privacy.” Within the United States, court decisions dealing with privacy have fairly closely upheld two principles (Freedman, 1987):

• 1.

  The right to privacy is NOT an absolute. An individual’s privacy has to be tempered with the needs of society; and

• 2.

  The public’s right to know is superior to the individual’s right of privacy.

However, some large communities were very slow in becoming involved; Japan did not pass its major protection law (“the Act on the Protection of Personal Information”) to protect consumers and to regulate business until 2005 (Yamazaki, 2005).

Unacceptable Behavior

The Internet Activities Board (IAB) issued a Request for Comment (RFC-1087) in 1989 dealing with what they characterized as the proper use of Internet resources. Prominent on the IAB’s list of what it considers as unethical and unacceptable Internet behavior is the act that “compromises the privacy of users.” The reliable operation of the Internet and the responsible use of its resources are of common interest and concern for its users, operators, and sponsors (Stevens, 2002).

Using the Internet to violate people’s privacy by targeting them for abusive, corrosive comments, or threats is not only unacceptable, but it is illegal. Privacy violations can do a lot more than just embarrass individuals. Information can be used in blackmail or otherwise coercive behavior. Institutions could use information to deny loans, insurance, or jobs because of medical, sexual orientation, or religion. People could lose their jobs if their bosses were to discover private details of their personal life.

Not long ago, the people that perpetrate these crimes—crackers—were basically ego-driven; they wanted to see their exploits on the news. However, now it is about money! Attacks today are more sophisticated, designed to capture personal and financial information. In 2006, the terms Crimeware and Ransomware were coined to describe these threats. Crimeware encompasses threats that lie, cheat, or steal to profit from unsuspecting users. Ransomware is an insidious form of blackmail where crackers encrypt the users’ data and then try to extort money from them by holding their files “hostage” (Lozada, Lagrimas, Corpin, Avena, Perez, Cruz, & Oliveria, 2007).