Securing Privacy

By Greisiger, Mark | Risk Management, October 2001 | Go to article overview

Securing Privacy


Greisiger, Mark, Risk Management


Today, technology has enhanced the capacity of most companies to collect, store, transfer and analyze vast amounts of information about consumers, in particular those who visit their Web sites. One can hardly visit a Web site today without encountering, knowingly or not, cookie or Web beacon technology. This, along with the myriad subsequent uses of the data, has raised public awareness and consumer concerns about online privacy.

To address these concerns, most organizations have drafted formal privacy policies. A major issue that remains, however, is ensuring that a company's online and offline business practices are consistent with these policies. In the Web environment--where the majority of privacy violations occur--privacy problems often arise not through malicious intent or negligence, but due to simple Web site development errors. These errors can inadvertently expose customer information, resulting in potential lawsuits and negative publicity.

New Privacy Regulations and Liability

With the laws that are coming into play it is clear that privacy management should be at the forefront of risk management concerns. The Financial Services Modernization Act of 1999 (Gramm-Leach-Bliley) mandates that banks and financial services institutions respond to these issues, and that the responsibility for information security programs rests explicitly with the board of directors and executive management at these companies. Organizations that qualify as financial institutions under the broadest possible interpretation were required to provide notice to their customers with the terms of their privacy policy and opt-out procedures by July 1, 2001. This, however, is only the first and arguably easiest step for Gramm-Leach-Bliley compliance. Actual adherence to a written privacy policy is much more challenging.

Concurrent with this process, companies must assess their internal practices and procedures for handling customer information between affiliated companies and unrelated third parties. Consider recent privacy lawsuits such as Amazon's class-action suit settlement underscoring how common business and marketing practices can infringe upon individual privacy.

Amazon stands accused of invasion of privacy under Washington state law and of violation of the Computer Fraud and Abuse Act and the Electronic Communications Privacy Act, both federal laws. The accusations stem from its implementation of technology acquired along with Alexa Internet, Amazon's Internet subsidiary, one year ago. Alexa makes software that monitors Web traffic patterns. The case alleged that its zBubbles software was collecting full Web addresses (URLs), including query strings that could include personal information such as names and addresses. The suit accuses Alexa of collecting, storing and sharing confidential information about consumers for Amazon, without the users' consent. Amazon's posted privacy policy failed to disclose this fact.

Another example is a story reported July 4, 2001 in The Washington Post. The pharmaceutical company Eli Lilly inadvertently divulged the e-mail addresses of some patients with depression, bulimia or obsessive-compulsive disorder. The American Civil Liberties Union has reportedly asked the Federal Trade Commission to investigate whether Lilly violated its privacy policy or any trade laws that govern the use of customer information.

Compare these incidents with an even more common occurrence, which, in theory, could implicate many companies in similar legal snarls: the vast amount of personal URL information that is often captured, stored and reviewed via standard computer server logs and which exists in some form on practically every system in almost every company.

D&O Exposure

New privacy infringement actions impact e-businesses and their insurance carriers. Lawsuits and resulting damages may trigger coverage under traditional comprehensive general liability (CGL) or directors' and officers' policies--and potentially result in large indemnity payouts or, at the very least, large defense cost obligations. …

The rest of this article is only available to active members of Questia

Already a member? Log in now.

Notes for this article

Add a new note
If you are trying to select text to create highlights or citations, remember that you must now click or tap on the first word, and then click or tap on the last word.
One moment ...
Default project is now your active project.
Project items
Notes
Cite this article

Cited article

Style
Citations are available only to our active members.
Buy instant access to cite pages or passages in MLA 8, MLA 7, APA and Chicago citation styles.

(Einhorn, 1992, p. 25)

(Einhorn 25)

(Einhorn 25)

1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

Note: primary sources have slightly different requirements for citation. Please see these guidelines for more information.

Cited article

Securing Privacy
Settings

Settings

Typeface
Text size Smaller Larger Reset View mode
Search within

Search within this article

Look up

Look up a word

  • Dictionary
  • Thesaurus
Please submit a word or phrase above.
Print this page

Print this page

Why can't I print more than one page at a time?

Help
Full screen
Items saved from this article
  • Highlights & Notes
  • Citations
Some of your highlights are legacy items.

Highlights saved before July 30, 2012 will not be displayed on their respective source pages.

You can easily re-create the highlights by opening the book page or article, selecting the text, and clicking “Highlight.”

matching results for page

    Questia reader help

    How to highlight and cite specific passages

    1. Click or tap the first word you want to select.
    2. Click or tap the last word you want to select, and you’ll see everything in between get selected.
    3. You’ll then get a menu of options like creating a highlight or a citation from that passage of text.

    OK, got it!

    Cited passage

    Style
    Citations are available only to our active members.
    Buy instant access to cite pages or passages in MLA 8, MLA 7, APA and Chicago citation styles.

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn, 1992, p. 25).

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn 25)

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn 25)

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences."1

    1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

    Cited passage

    Thanks for trying Questia!

    Please continue trying out our research tools, but please note, full functionality is available only to our active members.

    Your work will be lost once you leave this Web page.

    Buy instant access to save your work.

    Already a member? Log in now.

    Search by... Author
    Show... All Results Primary Sources Peer-reviewed

    Oops!

    An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.