Showing papers on "Information privacy published in 1999"

Information Privacy Concerns, Procedural Fairness, and Impersonal Trust: An Empirical Investigation

Abstract: This research addresses the tensions that arise between the collection and use of personal information that people provide in the course of most consumer transactions, and privacy. In today's electronic world, the competitive strategies of successful firms increasingly depend on vast amounts of customer data. Ironically, the same information practices that provide value to organizations also raise privacy concerns for individuals. This study hypothesized that organizations can address these privacy concerns and gain business advantage through customer retention by observing procedural fairness: customers will be willing to disclose personal information and have that information subsequently used to create consumer profiles for business use when there are fair procedures in place to protect individual privacy. Because customer relationships are characterized by social distance, customers must depend on strangers to act on their behalf. Procedural fairness serves as an intermediary to build trust when interchang eable organizational agents exercise considerable delegated power on behalf of customers who cannot specify or constrain their behavior. Our hypothesis was supported as we found that when customers are explicitly told that fair information practices are employed, privacy concerns do not distinguish consumers who are willing to be profiled from those who are unwilling to have their personal information used in this way.

Privacy in e-commerce: examining user scenarios and privacy preferences

Abstract: Privacy is a necessary concern in electronic commerce. It is difficult, if not impossible, to complete a transaction without revealing some personal data ‐ a shipping address, billing information, or product preference. Users may be unwilling to provide this necessary information or even to browse online if they believe their privacy is invaded or threatened. Fortunately, there are technologies to help users protect their privacy. P3P (Platform for Privacy Preferences Project) from the World Wide Web Consortium is one such technology. However, there is a need to know more about the range of user concerns and preferences about privacy in order to build usable and effective interface mechanisms for P3P and other privacy technologies. Accordingly, we conducted a survey of 381 U.S. Net users, detailing a range of commerce scenarios and examining the participants' concerns and preferences about privacy. This paper presents both the findings from that study as well as their design implications.

Flaming, Complaining, Abstaining: How Online Users Respond to Privacy Concerns

Abstract: Attitudes and opinions about online advertising practices and consumer privacy concerns have been studied in both the academic and popular press. However, online consumers' response to privacy concerns have not been studied. This study examines this relationship using a national sample of individuals with personal e-mail accounts. Respondents' concerns with a series of situations which effect privacy online were assessed. This overall level of concern was subsequently correlated with the frequency that respondents adopted seven different online behaviors. Analysis demonstrates that the frequency of adopting five of the seven behaviors increased as respondents' privacy concern increased. Specifically, as privacy concern increased, respondents reported that they were more likely to provide incomplete information to web sites, to notify Internet Service Providers (ISPs) about unsolicited e-mail, to request removal from mailing lists, and to send a “flame” to online entities sending unsolicited e-mai...

Information Privacy in the Marketspace: Implications for the Commercial Uses of Anonymity on the Web

Abstract: While there is no question that the commercial development of the World Wide Web is still in its infancy and growing rapidly, this development faces a serious barrier to ultimate commercialization. In this article we develop the argument that the primary barrier to the successful commercial development of the Web is the current lack of consumer trust in this new commercial medium. This lack of trust is engendered primarily by the industry's documented failure to respond satisfactorily to mounting consumer concerns over information privacy in electronic, networked environments. We examine how such concerns are affecting the growth and development of consumer-oriented commercial activity on the World Wide Web and investigate the implications of these concerns for potential industry response. In the short run, the commercial development of the Web depends on giving consumers the opportunity to be anonymous when engaging in information exchanges and online transactions. Ultimately, however, commercial Web pro...

The limits of privacy

Abstract: * Introduction. * HIV Testing of Infants: Should Public Health Override Privacy? * Sex Offenders Privacy Versus Childrens Safety: Megans Laws and Alternatives. * Deciphering Encrypted Messages: A Prolonged Deadlock and an Unholy War. * Big Brother or Big Benefits? ID Cards and Biometric Identifiers. * Medical Records: Enhancing Privacy, Preserving the Common Good. * A Contemporary Conception of Privacy.

Privacy issues in Internet surveys

Abstract: Surveys administered over the Internet have been plagued by low response rates and at times have provoked respondent rebellions against researchers who stand accused of broadcasting noxious unwanted e-mail or “spam.” This article examines the issue from the perspective of social science research on privacy in an effort to understand the unique privacy context of Internet-based survey research. Online surveyors commit multiple violations of physical, informational, and psychological privacy that can be more intense than those found in conventional survey methods. Internet surveys also invade the interactional privacy of online communities, a form of privacy invasion seldom encountered with traditional survey methods. The article concludes with recommendations for improving response rates to online surveys using accepted privacy protection practices already found on the Internet as well as emerging Internet technologies.

The End of Privacy: How Total Surveillance Is Becoming a Reality

Abstract: From the Publisher: The Information Revolution and the rise of the networked society are reconstituting the structures of power on a global scale. In The End of Privacy, Reg Whitaker, a leading expert on government surveillance, shows that these developments pose dramatic new threats to personal privacy. Reg Whitaker shows how vast amounts of personal information are moving into corporate hands. Once there, this data can be combined and used to develop electronic profiles of individuals and groups that are potentially far more detailed, and far more intrusive, than the files built up in the past by state police and security agencies.

Legal issues concerning electronic health information: privacy, quality, and liability.

Abstract: Personally identifiable health information about individuals and general medical information is increasingly available in electronic form in health databases and through online networks. The proliferation of electronic data within the modern health information infrastructure presents significant benefits for medical providers and patients, including enhanced patient autonomy, improved clinical treatment, advances in health research and public health surveillance, and modern security techniques. However, it also presents new legal challenges in 3 interconnected areas: privacy of identifiable health information, reliability and quality of health data, and tortbased liability. Protecting health information privacy (by giving individuals control over health data without severely restricting warranted communal uses) directly improves the quality and reliability of health data (by encouraging individual uses of health services and communal uses of data), which diminishes tort-based liabilities (by reducing instances of medical malpractice or privacy invasions through improvements in the delivery of health care services resulting in part from better quality and reliability of clinical and research data). Following an analysis of the interconnectivity of these 3 areas and discussing existing and proposed health information privacy laws, recommendations for legal reform concerning health information privacy are presented. These include (1) recognizing identifiable health information as highly sensitive, (2) providing privacy safeguards based on fair information practices, (3) empowering patients with information and rights to consent to disclosure (4) limiting disclosures of health data absent consent, (5) incorporating industry-wide security protections, (6) establishing a national data protection authority, and (7) providing a national minimal level of privacy protections.

Internet privacy

Abstract: When you access our website, the routing information, and the essential and nonessential technical information listed below, is automatically collected. No other information is collected through our website except when you deliberately decide to send it to us (for example, by clicking on a link to send us an e-mail). The information you might choose to send us is listed below as \"optional information.\" Routing information: the Internet domain and Internet address of the computer you are using.

The effects of information management policies on reactions to human resource information systems: an integration of privacy and procedural justice perspectives

Abstract: The goal of the present study was to extend research on information privacy and fairness by examining these constructs within the context of human resource information systems. Using a 2 × 2 experimental design and data from 124 employed subjects in an organization that was in the process of developing a human resource information system, the present study examined the main and interactive effects of policies concerning ability to authorize disclosure (ability to authorize vs. no ability to authorize) and target of disclosure (internal to the organization vs. external to the organization) on invasion of privacy perceptions and fairness perceptions. Results of multivariate and univariate analyses of variance indicated that the independent variables had main and interactive effects on both fairness perceptions and invasion of privacy perceptions. Moreover, a confirmatory factor analysis suggested that invasion of privacy perceptions and fairness perceptions are distinct constructs. Implications of these findings for theory and practice are discussed.

Privacy in the Information Age: Stakeholders, Interests and Values

Abstract: Privacy is a relational and relative concept that has been defined in a variety of ways. In this paper we offer a systematic discussion of potentially different notions of privacy. We conclude that privacy as the freedom or immunity from the judgement of others is an extremely useful concept to develop ways in which to understand privacy claims and associated risks. To this end, we develop a framework of principles that explores the interrelations of interests and values for various stakeholders where privacy concerns have risen or are expected to rise. We argue that conflicts between the interests and values of different stakeholders may result in legitimate claims of privacy/transparency being ignored or underrepresented. Central to this analysis is the notion of a stakeholder. We argue that stakeholders are persons or groups with legitimate interests, of intrinsic value, in the procedural and/or substantive aspects of the privacy/transparency claim and subsequent judgements on that basis. Using the principles of access, representation, and power, which flow from our framework of analysis, we show how they can facilitate the identification of potential privacy/transparency risks using examples from the British National Health Service.

Privacy critics: UI components to safeguard users' privacy

Abstract: Creating usable systems to protect online privacy is an inherently difficult problem. Privacy critics are semi-autonomous agents that help people protect their online privacy by offering suggestions and warnings. Two sample critics are presented.

Privacy, the Workplace and the Internet

Abstract: This paper examines workplace surveillance and monitoring. It is argued that privacy is a moral right, and while such surveillance and monitoring can be justified in some circumstances, there is a presumption against the infringement of privacy. An account of privacy precedes consideration of various arguments frequently given for the surveillance and monitoring of employees, arguments which look at the benefits, or supposed benefits, to employees as well as to employers. The paper examines the general monitoring of work, and the monitoring of email, listservers and the World Wide Web. It is argued that many of the common justifications given for this surveillance and monitoring do not stand up to close scrutiny.

Privacy online

Abstract: I n the recent literature on privacy and technology, considerable attention has been paid to online privacy issues and concerns. For example, a number of books and scholarly journal articles, as well as reports in the popular press, have examined\" the impact of certain online activities involving the Internet and the World Wide Web for personal privacy. In this essay, I use the expression \"online activities\" to refer to those activities involving both the Web in particular and the Internet in general. And I use the tern \"Internet\" in its most generic sense to include protocols such as File Transfer Protocol (FTP) and Gopher as well as the Web (HTTP). Our concern in this study is with privacy issues arising from online activities involving any of these Internet protocols. Note, however, that we will not be concerned with privacy issues peculiar to privately owned computer systems and networks (such as privacy issues involving employee email). Nor will we be concerned with privacy issues involving the use of digital telephony, including devices such as cell phones. Instead, we will limit our analysis of privacy issues to those concerns arising from certain user activities involving Internet resources. One interesting question to considermand one that is often overlooked in the contemporary privacy literature-is: To what extent has the Internet itself generated new privacy issues, and to what extent has it merely exacerbated existing ones? It will be argued that in most cases, the privacy issues frequently associated with the Internet are issues which have their genesis in technologies that predate the Internet. It will also be shown, however, that at least two of the privacy issues currently associated with the Internet are such that they would not have arisen without the availability of certain Internet tools and techniques. Issues of the latter type are labeled Internet-specific and are contrasted with Internet-enhanced privacy issues. Another interesting, and perhaps more important, question is: How can we best resolve Internet-related privacy issues, regardless of whether such issues are unique to, or merely exacerbated by, Internet technology? In the final section of this study, we consider some policy proposals recently put forth to address current online privacy issues involving certain Internet activities. We begin our study with a brief look at the concept of privacy.

Visions of Privacy: Policy Choices for the Digital Age

Abstract: From the Publisher: What kind of privacy future are we facing? In Visions of Privacy: Policy Choices for the Digital Age, some of the most prominent international theorists and practitioners in the field explore the impact of evolving technology on private citizens The authors critically probe legal, social, political, and economic issues, as each answers the question: How can we develop privacy solutions equal to the surveillance challenges of the future?

Web Security and Privacy: An American Perspective

Abstract: Browsing the Web gives one the heady feeling of walking without footprints in cyberspace. Yet data surveillance can be both ubiquitous and transparent to the user. Can those who browse the Web protect their privacy? And does it matter if they cannot? I offer answers to these questions from the American legal tradition. The American legal tradition focuses on a right to privacy, rather than a need for data protection. To answer these questions I begin by delineating the differences among privacy, security, and anonymity. I then discuss what information is transferred during Web browsing. I describe some of the available technology for privacy protection, including public and private key cryptography and Web proxies. I then describe the American tradition of privacy in common, statutory, and constitutional law. With the support of this tradition, I close by arguing that although privacy in Web browsing has no current legal protection in the United States, the right to privacy in the analogue equivalents has...

KDD, data mining, and the challenge for normative privacy

Abstract: The present study examines certain challenges that KDD (Knowledge Discovery in Databases) in general and data mining in particular pose for normative privacy and public policy. In an earlier work (see Tavani, 1999), I argued that certain applications of data-mining technology involving the manipulation of personal data raise special privacy concerns. Whereas the main purpose of the earlier essay was to show what those specific privacy concerns are and to describe how exactly those concerns have been introduced by the use of certain KDD and data-mining techniques, the present study questions whether the use of those techniques necessarily violates the privacy of individuals. This question is considered vis-a-vis a recent theory of privacy advanced by James Moor (1997). The implications of that privacy theory for a data-mining policy are also considered.

Taming the wolf in sheep's clothing: privacy in multimedia communications

Abstract: When ubiquitous multimedia technology is introduced in an organization, the privacy implications of that technology are rarely addressed. Users usually extend the trust they have in an organization to the technology it employs. This paper reports results from interviews with 24 Internet Engineering Task Force (IETF) attendees whose presentations or contributions to IETF sessions were transmitted on the multicast backbone (Mbone). Due to a high level of trust in the organization, these users had few initial concerns about the privacy implications of this technology. However, interviewees' trust relied on inaccurate assumptions, since the interviews revealed a number of potential and actual invasions of privacy in transmission, recording and editing of multicast data. Previous research found that users who experience an unexpected invasion of their privacy are not only likely to reject the technology that afforded the invasion, but lose trust in the organization that introduced it [2,3]. We discuss a number of mechanisms and policies for protecting users' privacy in this particular application, and propose a strategy for introducing networked multimedia technology in general.

THE ARCHITECTURE OF IDENTITY: Embedding privacy in market institutions

Abstract: As the Internet becomes integrated into the institutional world around it, attention has increasingly been drawn to the diverse ways in which information technologies mediate human relationships. As an increasingly commercial Internet has been employed to capture personally identifiable information, privacy concerns have intensified. To analyse these matters more systematically, this article considers the ideas about human identity that have been implicit in the development of economics and computer science. The two fields have evolved along parallel tracks, starting with an assumption of perfect transparency and moving toward a more sophisticated appreciation of individuals' private informational states. Progress in the analysis and resolution of privacy problems will require that this evolution be taken seriously and continued.

Internet demand under different pricing schemes

Abstract: This research was supported by grants from the National Sci- ence Foundation, Cisco Systems, SBC Communications, the Califor- nia State MICRO Program and Hewlett-Packard.

Restoring Americans' Privacy in Electronic Commerce Symposium - The Legal and Policy Framework for Global Electronic Commerce: A Progress Report

Abstract: In the United States today, substance abusers have greater privacy than web users and privacy has become the critical issue for the development of electronic commerce. Yet, the U.S. government's privacy policy relies on industry self-regulation rather than legal rights. This article argues that the theory of self-regulation has normative flaws and that public experience shows the failure of industry to implement fair information practices. Together the flawed theory and data scandals demonstrate the sophistry of U.S. policy. The article then examines the comprehensive legal rights approach to data protection that has been adopted by governments around the world, most notably in the European Union, but finds that difficulties implementing these laws for online services pose important challenges for the effective protection of citizens' privacy. The lessons show that safeguarding citizens' rights requires a combination of law and technology and that a legal incentive structure is necessary to stimulate the rapid development and implementation of privacyprotecting technologies. The article concludes with a recommendation for a framework privacy law in the United States modeled on the O.E.C.D. guidelines that includes a safe harbor provision for policies and technologies and that creates a U.S. Information Privacy Commission to assure the balance between citizens' privacy, industry needs, and global competitiveness. Privacy is a critical issue for the growth of electronic commerce. During the last few years, an overwhelming majority of Americans report that they have lost control of their personal information and that current laws © 1999 Joel R. Reidenberg. t Professor of Law and Director of Graduate Program Academic Affairs, Fordham University School of Law. An earlier draft of this paper was presented at the University of California, Berkeley Symposium The Legal and Policy Framework for Global Electronic Commerce: A Progress Report held March 4-6, 1999. 1 am very grateful for the thoughtful comments of Symposium participants and of the editors of the Berkeley Technology Law Journal. HeinOnline -14 Berkeley Tech. L.J. 771 1999 BERKELEY TECHNOLOGY LAW JOURNAL are not strong enough to protect their privacy.' In 1998, Business Week found that consumer worries about protecting privacy on the Internet ranked as "the top reason people are staying off the Web above cost, ease of use and annoying marketing messages."2 The fair treatment of personal information and citizen confidence are each necessary conditions for electronic commerce over the next decade. Yet, sadly, at the political birth of the electronic commerce movement in 1997, the White House's report, A Framework for Global Electronic Commerce, 3 more commonly referred to as the Magaziner Report, missed a key opportunity to assure the protection of citizens' privacy on the Internet. For years, the United States has relied on narrow, ad hoc legal rights enacted in response to particular scandals involving abusive information practices.4 The approach has led to incoherence and significant gaps in the protection of citizens' privacy. 5 For example, substance abusers have stronger privacy rights than web users in the United States. 6 Yet, rather than revise American privacy protection, the Magaziner Report adopted a position enshrining the status quo. This paper will first examine the philosophy and sophistry behind the U.S. policy of industry self-regulation. Next, the paper examines the com1. Privacy Exchange.org, 1998 Privacy Concerns & Consumer Choice Survey, Executive Summary, at 1 (last modified Dec. 15, 1998) (reporting that 82% of those surveyed feel that consumers have lost all control over how companies collect and use their personal information); Am. Ass'n. of Retired Persons, AARP Members' Concerns about Information Privacy, Dec. 1998 (reporting that 78% of those polled found existing statutory protections inadequate to protect privacy). 2. BW/Harris Poll: Online Insecurity, BUS. WK., Mar. 16, 1998, at 102 . 3. WILLIAM J. CLINTON & ALBERT GORE, JR., A FRAMEWORK FOR GLOBAL ELECTRONIC COMMERCE (1997), available at [hereinafter FRAMEWORK]. 4. See PAUL M. SCHWARTZ & JOEL R. REIDENBERG, DATA PRIVACY LAW: A STUDY OF UNITED STATES DATA PROTECTION 10 (1996). 5. See generally FRED H. CATE, PRIVACY IN THE INFORMATION AGE (1997); SCHWARTZ & REIDENBERG, DATA PRIVACY LAW, supra note 4. 6. Federal law carefully protects the personal information of individuals who undergo treatment for alcohol or drug abuse in programs receiving federal funds or subject to federal regulation. See 42 U.S.C. §§ 290dd-1, 290dd-2 (1994); SCHWARTZ & REIDENBERG, DATA PRIVACY LAW, supra note 4, at 177-78. At the same time, only limited protection is available for Internet users. Statutory protection applies to telecommunications transaction information when collected by telecommunications service providers. See 47 U.S.C. § 222. However, if the data is collected by web sites, instead of service providers, then the statutory protection does not apply. [Vol. 14:771 HeinOnline -14 Berkeley Tech. L.J. 772 1999 RESTORING AMERICANS' PRIVACY prehensive legal rights approach to data protection that has been adopted by governments elsewhere around the world, in a movement led by the European Union. While conceptually the cross-sectoral approach is better suited to the treatment of personal information in electronic commerce, the foreign experience illustrates a number of challenges for effective protection of citizens. The concluding section argues for a more desirable policy that combines legal and technological means in order to safeguard the privacy of citizens on the Internet. I. THE PHILOSOPHY AND SOPHISTRY OF U.S. PRIVACY

Information technology in medical practice: safety and privacy lessons from the United Kingdom.

Abstract: The previous UK government's strategy for managing information technology in healthcare caused serious safety and privacy problems, which led to a government review of healthcare computing that advocated some seemingly quite radical changes. Here I offer a personal view of what went wrong, as an engineer with a background in both safety‐critical systems and computer security, and who has been involved in advising the British Medical Association (BMA) on the safety and privacy of clinical information systems.

Privacy and security on the Internet: how to secure your personal information and company data

Abstract: More and more people are logging on to the Internet. The increased use of the Internet and the World Wide Web for everyday activities is bringing new threats to personal privacy. Your activities, whether they are passive or active, in Cyberspace can give others a great deal of information about you. This paper gives an overview of where the risks lie, and how to minimize the risk to you and your work.

A language for modelling secure business transactions

Abstract: Among other areas, electronic commerce includes the fields of electronic markets and workflow management. Workflow management systems are usually used to specify and manage inter- and intra-organisational business processes. Although workflow management techniques are capable of specifying and conducting at least parts of market transactions, these techniques are not or are very rarely used for this purpose yet. In both fields, users demand security and integrity to protect for example their privacy, their property rights or digital payments. To satisfy these security demands, a variety of existing security services, mechanisms, protocols, and organisational measures may be used. On the one hand, to encourage using these techniques it is necessary to have a tool which enables a firm's executive to formulate market transaction security demands at a high abstraction level. On the other hand, executing market transactions needs a more formal, machine readable description of the transaction and its security requirements. We present a methodology to specify secure protocols, which are usable to automatically conduct business processes, as well as market transactions.

Health and the right to privacy.

Abstract: Health and the Right to Privacy^ INTRODUCTION When Louis Brandeis and Samuel Warren introduced the phrase "the right to privacy" as the title of an article in the Harvard Law Review in December 1890, they were primarily concerned about a right of privacy from the news media.l "The press," they wrote, "is overstepping in every direction the obvious bounds of propriety and of decency.2 Gossip is no longer the resource of the idle and of the vicious, but has become a trade, which is pursued with industry as well as effrontery. To satisfy a prurient taste the details of sexual relations are spread broadcast in the columns of the daily papers."3 Although you could hardly say that Brandeis and Warren's concerns were out of date, their article offers us a mixed precedent for any discussion of privacy and information today. To be sure, their idea of a right to privacy has proved to be enormously influential; it has even been extended to areas of law and policy, such as contraception and abortion, which they did not anticipate. In this general sense, their case for a right to privacy has been vindicated. But the specific cause that Brandeis and Warren took up must be judged largely to have failed. Does the news media today pursue gossip with industry? Gossip is an industry. Are "the details of sexual relations . . . spread broadcast"? They are-and with scant fear of legal repercussions. In the century since their 1890 article, the law has not followed the path that Brandeis and Warren proposed. Where claims of privacy have conflicted with the First Amendment, the U.S. Supreme Court has, with only rare exception, come down on the side of the First Amendment. It has given higher priority to the public's right to know than to the right of individuals to control access to information about themselves. There is an irony about this result. For it was Justice Brandeis himself together with Justice Holmes who in their dissents in the 1920s paved the way for the expansive interpretation of the First Amendment decades later in Sullivan v. New York Times,4 Time v. Hill,5 and a series of subsequent cases that effectively subordinated privacy rights to the First Amendment. This history holds a lesson for us. Privacy is not an all-purpose trump card; it is not the only value implicated in the rules governing the control of information. There are other legitimate interests as well-different ones, to be sure, in the case of health data from that of news. Patients have a strong interest in preserving the privacy of their personal health information, but they also have an interest in medical research and other efforts by health care organizations to improve the medical care they receive. As members of the wider community, they have an interest in public health measures that require the collection of personal data. Fortunately, these interests in medical research and public health can be pursued with far less jeopardy to privacy than upholding the First Amendment in the case of news. For unlike the news media, medical research and public health are not interested in disclosing individual identities to the public. Insofar as they need individually identifiable health information, it is as an intermediary step in the production of knowledge or protection of health. In other areas, such as the use of medical records for law enforcement, the right of privacy must be judiciously balanced against other values in finding the appropriate policy. But at least with respect to medical research and public statistical data, there ought to be not simply a balancing of interests, but a fully satisfactory way of protecting both privacy and health; and thus it would be tragic if, in the effort to safeguard privacy, we were to adopt laws and regulations that jeopardized research and data by degrading their quality or raising their cost to prohibitive levels. The goal of protecting privacy in health care underlines another limitation of the conception of privacy as Brandeis and Warren introduced it. …