Technology
toolbar
February 7, 2000

Report Rings Alarm Bells About Privacy on the Internet
By JERI CLAUSING Bio

WASHINGTON -- A report last week that most health-related Web sites were not honoring their promises to keep personal information about visitors private offered a somewhat alarming snapshot of the state of privacy on the Internet.

The group that conducted the survey from which the report was drawn, the California HealthCare Foundation, said its intent was to help health sites live up to their promises and win the trust of consumers.


Related Articles
Critics Press Legal Assault on Tracking of Web Users
(February 7, 2000)

Health Sites Violate Their Own Privacy Standards, Study Finds
(February 2, 2000)

But it caught government officials and privacy enforcement groups off guard with disclosures that confidential information was being disseminated through banner ads and third-party service providers. And it underscored the growing policy debate over whether federal officials and private groups can adequately police such a fast-growing and constantly changing new medium as the Net.

In the five years since the Federal Trade Commission began monitoring electronic commerce, few privacy violations have come to light. And none of the major groups formed to certify and oversee privacy practices has ever pulled a seal of approval from a member Web site.

So when the California foundation said its study had determined that all but three of 19 sites surveyed were violating their own stated practices, privacy advocates held up the results as proof of their longtime assertions that self-regulation of online privacy, as promoted by the FTC and the Clinton administration, defies effective enforcement.

"They are not keeping pace with the Internet explosion," said Jason Catlett, president of Junkbusters Corp., a privacy consulting concern based in New Jersey. "If you count the number of people in charge of enforcement and look at the growth of e-commerce sites, any way you measure it you'd come to the conclusion that protection is not keeping up -- if indeed it ever was adequate."

The California study said the problems stemmed mostly from new technology that enables some banner advertisers to pick up any personal information a customer enters on the page where an ad is displayed. In addition, the study's Internet security consultant, Richard M. Smith, said he found a leakage of information between Web sites that promise to keep information confidential and third-party companies that gain access to that information while running services on the sites.

TRUSTe, one of the first and largest privacy certification programs, acknowledged on Friday that it was surprised and alarmed to read the study, which identified potential violations by seven members of TRUSTe.

Dave Steer, a spokesman for TRUSTe, said it was investigating the sites identified in the study and was doing random audits of other members to see if they were disclosing information to advertisers and other third parties without saying so in their posted privacy policies.

TRUSTe said last week that it would alert all 1,300 of its members that they must include in their posted privacy policies disclosures of any contracts with third parties that could track the members or gain access to their personal data.

The FTC declined to comment on the health survey. But an agency employee who spoke on condition of anonymity said the agency was "taking these concerns very seriously."

On Friday, a special 40-member advisory committee held its first meeting at the FTC. It will help write a report to Congress on what steps companies should take to keep their databases secure and how much access consumers should have to the data collected about them.

Further, the commission announced that it was planning a third annual Internet sweep to survey privacy practices on the Web. But as with past studies, the FTC's announcement indicated that the agency would analyze only stated policies, not the actual practices that the California HealthCare Foundation examined.

Though the California study looked only at health sites, Catlett and Smith both said it begged the question of whether privacy problems on the Internet were widespread.

"There are similar problems on other sites," Smith said. "When you have one company working with another, that's when privacy tends to fall by the wayside."

Despite the troubling indicators, Steer of TRUSTe said the government should maintain its hands-off approach to the Internet since laws can be quickly outdated by new technologies. In contrast, he said, TRUSTe requires its members to undergo annual reviews, a process that allows TRUSTe to educate sites about challenges posed by new technologies.

Catlett, however, said baseline laws were needed to spell out for companies what they can and cannot do with private information they collect online and to allow consumers to take civil action when they think their rights have been violated.

"At the moment, with the Clinton administration saying self-regulation is the way we are going to go, that basically says, 'Do whatever you want or do as little as you want,"' Catlett said. "That's exactly the wrong message to send to companies that have strong economic incentives to collect and use personal information."

Related Sites
These sites are not part of The New York Times on the Web, and The Times has no control over their content or availability.
Ask Technology questions and tell other readers what you know. Join Abuzz, a new knowledge network from The New York Times.
 
 

Home | Site Index | Site Search | Forums | Archives | Marketplace

Quick News | Page One Plus | International | National/N.Y. | Business | Technology | Science | Sports | Weather | Editorial | Op-Ed | Arts | Automobiles | Books | Diversions | Job Market | Real Estate | Travel

Help/Feedback | Classifieds | Services | New York Today

Copyright 2000 The New York Times Company

Andersen Consulting. Click Here.