Presentation on theme: "Privacy in E-Commerce Li Xiaoming Hasan Chowdhury Valon Sejdini."— Presentation transcript:
Privacy in E-Commerce Li Xiaoming Hasan Chowdhury Valon Sejdini
Privacy in eCommerce Sub Topics 1. A Case study 2. E-Commerce Framework and Privacy Issues 3. Public Opinion 4. Privacy Policies 5. Overview of Privacy Seals and its Benefits 6. TRUSTe Process 7. Conclusion
Privacy in E-Commerce: A Case study OurApparel.com is a Canada based, emerging on-line retailer. The company developed a unique technology that guarantees a custom produced garment with correct fit. The sales process: A user register with the web site; provides several photos of him/herself and a comprehensive set of measurements and weight data.
The user then selects the specific type of garment she/he wants to purchase and the system, leveraging a proprietary algorithm, suggests a list of garments that would be the best fit. When the user decides to purchase an item, he needs to provide shipping/billing address, financial information. In order to provide good service, the company stores all the information provided by the user (as well as purchase history) in a central database. Privacy in E-Commerce: A Case study
After 12 months, the Canada site had over 1 million users from USA and Canada. The company received many requests from consumers in Europe and decided to open 2 new sites that would target customers in the USA, UK and Spain. As the site continued to gain popularity, and in order to improve customer service, management decided to outsource customer service to a third party, operating 2 service centers in Chennai, India and in Costa Rica. Financial processing & IT support were moved to separate provider based in Bangalore. Privacy in E-Commerce: A Case study
On Monday, august 21, 2007, the CIO received message from a hacker group in Romania, stating that the sites was hacked and they had downloaded all the data of 1.5 million users. The group asked for a ransom of $5 million to return the data and provide the company with the information on how the breach was performed so that the company could remediate it. As proof, they sent an attachment containing information on 100 clients. Privacy in E-Commerce: A Case study
Privacy in E-Commerce The word “Privacy” could be described as the right to be left alone, or the right to exercise control over one’s personal information, or a set of conditions necessary to protect dignity and autonomy of an individual. In its simplest sense “commerce” is an act of trade between two parties where exchange is negotiated on a set of conditions and upon development of trust between the parties. And the “E-Commerce” is trading by using an online system available through the computer systems and public networks i.e. the internet.
Privacy in E-Commerce The Privacy in E-Commerce means the protection of privacy of the parties involved in e-commerce Trade. The protection of privacy is somewhat a social policy issue, but, could be enhanced with technology.
Privacy in E-Commerce People are now in the age of e-commerce. The media of trading are rapidly changing from “traditional” to “e-commerce” While doing trading in e-commerce people are disclosing their personal information and those information are being proliferated and reaching to the hand of undesirable parties, and thereby increasing concern about privacy
Privacy in E-Commerce Numerous surveys conducted over the past decades around the world have found consistently high levels of concern about privacy in e-commerce.  A Harris Poll designed by Privacy & American Business and sponsored by Microsoft in June 2004 surveyed 2,136 adults online and found that 65% had declined to register at an e-commerce site because of privacy concerns.
Privacy in E-Commerce: E-Commerce Framework and Privacy Issues
B2B (Business to Business) Unauthorized access to its sensitive information about business’s proprietary systems, customer names, operations, pricing and deal terms, financial condition and other competitive transaction information might occurs. B2C (Business to Client) Customer perspective: This e-commerce environment is often a “one-way mirror effect”. Businesses usually ask customers to provide personal information, but customers have little knowledge about how their information will be used and protected. Business Perspective: An understanding of customers’ privacy concerns is crucial for learning how and what personal information is collected, identify the confidential information and provide solutions to secure each customer’s confidential information. Privacy in E-Commerce: E-Commerce FrameWork and Privacy Issues
C2C (Client to Client) C2C websites (ebay.com, amazon.com) enable the sale and purchase of products and services between individual customers. Individual customers frequently buy and sell products and provide private information to complete the transaction. Exchange between customers occurs only under the agreed policies. Privacy in E-Commerce: E-Commerce Framework and Privacy Issues
“Privacy is Dead, Get Over It!” Scott McNealy, SUN Microsystems “Good Privacy is Good Business” Malcolm Crompton, Federal Privacy Commissioner, USA Privacy in E-Commerce
PUBLIC OPINION OF PRIVACY IN E-COMMERCE The company should obtain an individual's affirmative consent before collecting user’s name, address, phone number, financial information or sharing data--as one of the most important privacy rights. Individuals Should Be in Control of Both Initial Collection of Data and Data Sharing
PUBLIC OPINION OF PRIVACY IN E-COMMERCE The current self-regulatory framework is insufficient to protect privacy. The current law inadequate to protect privacy. Individuals Want Comprehensive Legislation, Not Self-Regulation
PUBLIC OPINION OF PRIVACY IN E-COMMERCE Web tracking for the purposes of building profiles is opposed by most individuals. Users are uncomfortable with web tracking schemes where data was combined with an individual's identity. Individuals Object to Web Tracking, Especially When Personal Information is Linked to the Profile
PUBLIC OPINION OF PRIVACY IN E-COMMERCE Many Internet users cannot identify the most basic tracking tool on the Internet: the cookie. It remains unknown whether individuals can identify more sophisticated tracking tools, such as "web bugs" or "spyware." Individuals Are Unaware of Prevalent Tracking Methods
The Laws OF PRIVACY IN E-COMMERCE Canada The Personal Information Protection and Electronic Documents Act (PIPEDA) USA Gramm-Leach-Bliley Act
The Laws OF PRIVACY IN E-COMMERCE Canada’s The Personal Information Protection and Electronic Documents Act (PIPEDA) came into effect on January 1, 2004. The PIPEDA applies to all personal information collected, used or disclosed by private sector organizations in the course of commercial activity.
The Act's Provisions organizations are required to seek the consent of individuals prior to collecting, using or disclosing their personal information; organizations must protect personal information with security safeguards appropriate to the sensitivity of the information; Individuals may access personal information about them held by an organization and have it corrected, if necessary.
The Laws OF PRIVACY IN E-COMMERCE “Gramm-Leach-Bliley Act” regulated by “Federal Trade Commission” of USA. The act guards against unfairness and by enforcing companies' privacy promises about how they collect, use and secure consumers' personal information. Under the Gramm-Leach- Bliley Act, the Commission has implemented rules concerning financial notices and the administrative, technical and physical safeguard of personal information, and it aggressively enforces against pretext.
Overview of Privacy Seals A privacy seal is an image that you display on your Web site that is granted by a privacy seal organization. The seals are intended to demonstrate that a Web site has adopted appropriate privacy policies in protecting personal information and to assure individuals that they are visiting a trustworthy Web site.
Overview of Privacy Seals cont. Enable individuals and businesses to establish trusting relationships in respect for personal identity and information in the advanced networking world. Their mission is to promote trust and confidence on the Internet through the Privacy Seal Program The main objective of the Privacy Seal Program is to help protect online consumers worldwide by identifying safe and trustworthy Web sites
Overview of Privacy Seals cont. They monitor web site privacy and email policies, monitor practices, and resolve thousands of consumer privacy problems every year. Brand recognition and price, as well as their reputation, are the major points of differentiation among privacy seals. TRUSTe and BBBOnLine are the big names in the business, but there are many other options, i.e. Guardian eCommerce, PrivacyBot.com, PrivacySecure, CPA WebTrust etc.
Benefits Build trust and confidence by displaying trusted consumer facing seals. Increase registrations, and engagement with customers. Stay compliant with national and state privacy laws. Receive guidance in developing your online privacy practices.
The TRUSTe Process Your organization fills out a TRUSTe contract and self-assessment. TRUSTe conducts an initial site walkthrough and provides a set of written recommendations in the form of a site findings report. You implement recommendations on your website.
The TRUSTe Process cont. TRUSTe awards you privacy seals. Display these where you collect information to build confidence with customers. TRUSTe ensures ongoing compliance and monitoring with MAXAMINE scanning and the TRUSTe Watchdog Dispute Resolution System.
Some TRUSTe Features Monitoring and Scanning TRUSTe uses a combination of tools including MAXAMINE scanning technology and personal attention to monitor licensed sites for breaches of their privacy policies. Watchdog Dispute Resolution System The TRUSTe Watchdog Dispute Resolution System is an online tool that allows consumers to report violations of posted privacy statements, or specific privacy concerns pertaining to TRUSTe member Web sites.
Study results The three main Privacy seals (Note: All seals are trademarks of their respective organizations; Web Shield is a fake). Summary of recognition results (N=143).
Study results cont. Summary of responses to questions on the function of Web assurance seals (N=143)
Study results cont. Respondents do not fully understand the form or function of privacy seals Few can recognize the genuine article, some “recognize” seals that do not exist, and few see them as important in deciding to trust a Web site Lack of understanding of crucial trust engendering properties
Conclusion We may conclude that the e-commerce business needs to do an extensive research, development of tools, formulate and apply robust policies representing the user’s concern about their privacy and increase awareness about existing privacy tools and policies to build confidence of e-commerce users. In order for privacy seals to be effective, B2C Web sites must display them more prominently so that online consumers can begin to recognize these graphic images and understand their function
References 1. Privacy & American Business, June 10, 2004 (New National Survey on Consumer Privacy Attitudes to Be Released at Privacy & American Business Landmark Conference, Privacy and American Business Press Release, June 10, 2004).New National Survey on Consumer Privacy Attitudes to Be Released at Privacy & American Business Landmark Conference 2. Electronic privacy information center (http://www.epic.org/privacy/survey)http://www.epic.org/privacy/survey 3. Privacy Commision of Canada website (www.privcom.gc.ca)www.privcom.gc.ca 4. Privacy in E-commerce: Development of reporting standard, disclosure, and assurance services in an Unregulated Market by Karim Jamal, Michael Maier and Shyam Sunder October 15, 2002 5. Session M1: privacy in e-commerce: Privacy and the clandestine evolution of e-commerce Andrew Odlyzko August 2007 Proceedings of the ninth international conference on Electronic commerce ICEC '07 Publisher: ACM Press 6. Do consumers understand the role of privacy seals in e-commerce? Trevor Moores March 2005 Communications of the ACM, Volume 48 Issue 3 Publisher: ACM Press Privacy in e-commerce: stated preferences vs. actual behavior Bettina Berendt, Oliver G|nther, Sarah Spiekermann April 2005 Communications of the ACM, Volume 48 Issue 4 Publisher: ACM Press