Online Privacy: Nowhere to Hide from Internet Tracking
If you sometimes get the feeling that you’re being watched or tracked by unknown entities, you’re not being paranoid. You’re just being observant.
In fact, a variety of public and private organizations are attempting to find out all about you: what Web sites you visit and the pages you view there, what products you buy online, what your health concerns are—even what medicines you take.
Consider this statement from the Center for Digital Democracy: “Increasingly, individuals are being electronically ‘shadowed’ online, our actions and behaviors observed, collected and analyzed so we can be ‘micro-targeted’ by advertisers.” The CDD believes this so-called behavioral marketing to be such a threat that, in conjunction with the U.S. Public Interest Research Group (USPIRG), it recently sent a 37-page letter to the Federal Trade Commission outlining the problem and claiming that the FTC “has failed to effectively protect U.S. consumer privacy in the digital marketing era.”
Behavioral advertising, which matches ads to a Web visitor’s interests, based by his or her online travels, generally includes information that is not considered to be personally identifiable. However, according to the Center for Democracy & Technology (CDT), “As the comprehensiveness of consumer advertising profiles increases, the ability to link specific individuals to profiles is growing.” The center adds, “In efforts to obtain more complete consumer profiles, some ad networks are now contracting with Internet service providers to buy the full Web streams of the ISP’s subscribers.”
Like the CDD and the USPIRG, the CDT is calling for guidelines. In “A Primer on Behavioral Advertising,” it states: “For behavioral advertising to operate in a truly privacy-protective manner, data collection needs to be limited, data retention limits should be tied to the original purposes for collecting the data and opt-out must completely remove consumers from the service.”
Privacy guidelines are especially critical when it comes to health data. Yet, despite the sensitive nature of this information, there are some gaping holes in privacy regulations.
According to the CDT, “Federal privacy rules under the Health Information Portability and Accountability Act do not cover personal health information once it moves online, out of the control of HIPAA-covered entities. Once it is posted online, personal health information may have no more legal protection than any other piece of consumer information.”
Considering the push for electronic health records, that presents a frightening scenario.
Here’s another “Big Brother” development. In “Prescription Data Used to Assess Consumers” (an August 4 article in the Washington Post), Ellen Nakashima wrote, “Health and life insurance companies have access to a powerful new tool for evaluating whether to cover individual consumers: a health ‘credit report’ drawn from databases containing prescription drug records on more than 200 million Americans.” The story said some insurers are accessing data that clinical and pathological labs have stored about individual patients.
Aside from the privacy issues raised by this “powerful new tool,” there are other serious concerns. Will some individuals have to pay higher rates for health and life insurance, potentially making it unaffordable? Will some be unable to get insurance at all? Where does that leave those individuals and their families? Could potential employers access this data?
Congress is now grappling with these issues. For example, Representative Edward J. Markey (D-Mass.) has authored electronic health record promotion and privacy legislation (H.R. 5442, the TRUST Act) that states: “Efficient access [to health records] must not become ‘open-for-all’ access. Now is the time, while these systems are in the early stages of development, to build in strong privacy standards and security safeguards that will protect patients and doctors alike.”
Clearly, the government can’t do this on its own. Corporate America must partner with federal and state entities to ensure adequate privacy protection for everyone. IT and business managers can—and should—play a major role in these efforts by ensuring that their companies develop and adhere to ethical privacy policies and practices for their employees, business partners and customers.
The Web provides great opportunities to reach out to customers. But those interactions should benefit both the company and the customer. And that can happen only if the customer’s privacy is respected and protected.