Presentation is loading. Please wait.

Presentation is loading. Please wait.

E-Privacy for Electronic Commerce Implementing E-Privacy - An Enterprise Approach Tony LAM Deputy Privacy Commissioner for Personal Data, Hong Kong SAR.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "E-Privacy for Electronic Commerce Implementing E-Privacy - An Enterprise Approach Tony LAM Deputy Privacy Commissioner for Personal Data, Hong Kong SAR."— Presentation transcript:

1 E-Privacy for Electronic Commerce Implementing E-Privacy - An Enterprise Approach Tony LAM Deputy Privacy Commissioner for Personal Data, Hong Kong SAR Conference on E-Privacy in the New Economy March 26, 2001 1

2 Why the concern about E-Privacy It’s a core value of an organisation in any E- Business initiative “It is not whether an organisation can afford to adopt an E-Privacy policy, but whether it can afford not to do so” 2

3 E-Privacy : A Business issue How can organisations improve key processes in an increasingly competitive environment? How can organisations maximise the benefit of information in the new information age? Can E-Commerce maximise its value to consumers and simultaneously retain their trust and confidence? 3

4 E-Privacy : A Management issue “Failure to deal with privacy issues can present frightening risks to the E-Business enterprise” Loss of competitive advantage Loss to potential business 4

5 E-Privacy : A Management issue “When the client of a major bank can have $900,000 stolen from his account despite all the protections that are written into the system, it seems that even the biggest companies are vulnerable against the skills of a determined Internet criminal.” Source : South China Morning Post, February 22 2001 Unfavourable publicity Customers walk away 5

6 E-Privacy : A Management issue “In 1998, a federal jury in the US awarded an identity theft victim $50,000 in actual damages and $4.7 million in punitive damages against a major credit- reporting agency. Jurors found that the company failed to follow reasonable procedures to maximise accuracy and that it, in doing so, willfully defamed the defendant” Source : Privacy Times Magazine, May 29 1998 Other costs of remedy Direct costs of litigation 6

7 E-Privacy : A Consumer issue “Despite the fact that the majority of the sites collected personal information from the user, only a tiny minority provided a privacy policy that gave users meaningful information about how that data would be used. Sites both in the US and EU fall woefully short of the standards set by international guidelines on data protection” Source : Consumer International Privacy@net Report, 2001 Trust and confidence are not yet the hallmarks of E-Commerce 7

8 E-Privacy : A Consumer issue “Fewer than 2% of all respondents have bought goods or services or traded securities online. The main reason cited by respondents for not using the Internet to shop or trade was concern about security” Source : Census & Statistics Department Survey, 2000 “Of all the respondents, about 52% gave a rating of 8 or more on a scale of 0 to 10 to indicate their privacy concern about purchasing online. The highest privacy concern was “money loss due to interception of your credit card (84%), followed by “misuse of personal data by third parties (72%)”” Source : PCO Opinion Survey, 2000 8

9 E-Privacy : Consumer Concerns n Security threats –Insecure transmission of sensitive data –Unauthorised access, modification of information n Privacy intrusion –Unlawful & unfair collection of personal data –Disclosure of data for fraudulent purposes –Misuse of data for unintended purposes without consent –Unsolicited commercial e-mails 9

10 E-Privacy : A Regulatory compliance issue E-Privacy data practices should operate on the principle that what is illegal offline is illegal online Hong Kong Privacy Law Personal Data (Privacy) Ordinance International and National Regulation EU Directive on Trans-border Data Flow International Conventions and Codes of Practice 10

11 Privacy Stories n Real Networks - online software distributor – –Collect musical tastes of users without their knowledge – –TRUSTe announced to review its licence agreement n n DoubleClick - online advertising agency – –Profile users’ browsing habits with data of Abacus, a direct marketing firm it had acquired – –FTC investigation ~ a drop of one-third in its share price n n Toysmart - a toy retailer – –Intended sale of a bankrupt business’ customer database – –Court injunction to prevent the sale taking place 11

12 E-Privacy : A Policy Framework Stage I E-Privacy Drivers Stage II Strategic Planning Stage III Strategy Implementation Stage IV Pursuit of Excellence 12

13 E-Privacy : A Policy Framework Stage I E-Privacy Drivers ê Organisation Culture ê Privacy Core Value ê E-Privacy Policy 13

14 E-Privacy : A Policy Framework Stage II Strategic Planning ê Identify E-Privacy issues ê Formulate strategies ê Privacy Impact Assessment 14

15 E-Privacy : A Policy Framework Stage III Strategy Implementation ê E-Privacy Policy Statement ê Privacy Enhancing Technology ê Compliance & Audit 15

16 E-Privacy : A Policy Framework Stage IV Pursuit of Excellence ê Manage & Review ê Enhance Compliance ê Continuous Improvement 16

17 E-Privacy Policy Statement Privacy policies and accurate public statements outlining such policies are a vital step towards encouraging openness and trust in E- Commerce among consumers “They can help consumers to make informed choices about entrusting an organisation with personal data and doing business with it” 17

18 Core elements of an E-PPS n General statement of personal data policy –your overall commitment to protecting the privacy interests of your consumers n Statement of data handling practices –the kind of personal data held –main purposes for which personal data are used n Notice of other practices –data disclosure practice –data retention and security policy –choice & consent in Internet marketing 18

19 Making an Effective E-PPS Whenever a web site collects personal data of consumers A prominent “hotlink” from the home page A linked page from any data collection forms Written in simple and easy to understand manner Conforming with acceptable privacy standards Relevant to the online environment of the site Reflecting the core values of privacy protection Avoid “over-commitment” and “under-delivery” 19

20 E-Privacy : The Pay-off n Building trust & confidence in the E-Economy n Gaining competitive advantage n Enhancing corporate governance 20

21 Contacting PCO n Hotline - 2827 2827 n Internet - http://www.pco.org.hk n Email - pco@pco.org.hk n Correspondence - Unit 2001, 20/floor, Office Tower, Convention Plaza, 1 Harbour Road Wanchai Hong Kong 21

Download ppt "E-Privacy for Electronic Commerce Implementing E-Privacy - An Enterprise Approach Tony LAM Deputy Privacy Commissioner for Personal Data, Hong Kong SAR."

Similar presentations

Mobile Payments and the FTC Manas Mohapatra Director of Mobile Policy Mobile Technology Unit Federal Trade Commission The views expressed are not necessarily.

Mobile Payments and the FTC Manas Mohapatra Director of Mobile Policy Mobile Technology Unit Federal Trade Commission The views expressed are not necessarily.
E-Commerce and the Law Section 13.3. Understanding Business and Personal Law E-Commerce and the Law Section 13.3 Contracts for the Sale of Goods Electronic.

E-Commerce and the Law Section Understanding Business and Personal Law E-Commerce and the Law Section 13.3 Contracts for the Sale of Goods Electronic.
Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.
CHAPTER 4 E-ENVIRONMENT

CHAPTER 4 E-ENVIRONMENT
Silicon Valley Apps for Kids Meetup Laura D. Berger October 22, 2012 The views expressed herein are those of the speaker, and do not represent the views.

Silicon Valley Apps for Kids Meetup Laura D. Berger October 22, 2012 The views expressed herein are those of the speaker, and do not represent the views.
The Internet industry’s privacy seal program Silicon Valley Web Guild.

The Internet industry’s privacy seal program Silicon Valley Web Guild.
6/1/2015MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA 1 PRESENTATION OF PERSONAL DATA PROTECTION BILL PRESENTATION OF PERSONAL DATA PROTECTION BILL.

6/1/2015MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA 1 PRESENTATION OF PERSONAL DATA PROTECTION BILL PRESENTATION OF PERSONAL DATA PROTECTION BILL.
Hong Kong Privacy Code on Human Resource Management

Hong Kong Privacy Code on Human Resource Management
Data Protection and Records Management

Data Protection and Records Management
Www.oaic.gov.au Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.

The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Legislation Who governs e-commerce?. E-commerce is regulated by laws and guidelines. These aim to ensure that sites operate effectively and that online.

Legislation Who governs e-commerce?. E-commerce is regulated by laws and guidelines. These aim to ensure that sites operate effectively and that online.
NTIA Privacy Multistakeholder Meeting March 25, 2014 Amanda Koulousias, Attorney Division of Privacy and Identity Protection Federal Trade Commission FTC.

NTIA Privacy Multistakeholder Meeting March 25, 2014 Amanda Koulousias, Attorney Division of Privacy and Identity Protection Federal Trade Commission FTC.
Per Anders Eriksson

Per Anders Eriksson
Personal Data Privacy and The Internet by Stephen Lau Privacy Commissioner for Personal Data, Hong Kong SAR at the Joint Conference of the OECD, HCOPIL,

Personal Data Privacy and The Internet by Stephen Lau Privacy Commissioner for Personal Data, Hong Kong SAR at the Joint Conference of the OECD, HCOPIL,
3-1 Chapter Three. 3-2 Secondary Data vs. Primary Data Secondary Data: Data that have been gathered previously. Primary Data: New data gathered to help.

3-1 Chapter Three. 3-2 Secondary Data vs. Primary Data Secondary Data: Data that have been gathered previously. Primary Data: New data gathered to help.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Personal Data (Privacy) Ordinance Hong Kong Personal Data (Privacy) Ordinance Hong Kong by Stephen Lau Privacy Commissioner for Personal Data Hong Kong.

Personal Data (Privacy) Ordinance Hong Kong Personal Data (Privacy) Ordinance Hong Kong by Stephen Lau Privacy Commissioner for Personal Data Hong Kong.

Similar presentations

Ads by Google