We recommend the following sites for background reading about
online privacy policies. We have categorized these
references so that you can easily find information about a
given topic of interest. Please use the navigation provided
at right to browse to a specific topic of interest.
- Electronic Privacy Information Center. "EPIC Bill
Track: Tracking Privacy, Speech, and Cyber-Liberties
Bills in the 108th Congress." http://www.epic.org/privacy/bill_track.html.
This web site provides a comprehensive look at many
of the most recent bills impacting, among other
things, the privacy rights of Internet
users. Additionally, it provides links to the full
text of bills for further study.
- United States Congress. "Online Privacy Protection
Act of 2003." Washington D.C., 2003.
Although the Children's Online Privacy Protection act
of 1998 restricted the amount of personal information
that could be collected from individuals under the age
of thirteen, the Online Privacy Protection Act was
responsible addressing the privacy concerns of
adults. Additionally, this act required the Federal
Trade Commission (FTC) to provide regulations for web
sites that "[require] operators to provide a process
for [adults] to consent to or limit the disclosure of
[private] information" (Taken from the bill
summary). Finally, the bill provided a strict and
useful definition of "private information."
- United States Department of Health and Human Services Office for Civil Rights.
This web site assembled by the Untied States Department
and Human Services offers a good overview of HIPAA, which
regulates the practices that health care providers must follow
with respect to consumer information, privacy and information
disclosure. The fact sheet entitled "Privacy and Your Health
Information" and the FAQ they provide are especially useful
sources for information on legislation related to privacy.
- Federal Trade Commission. "Financial Privacy: The Gramm-Leach Bliley Act."
This page maintainted by the FTC does a good job of highlighting
exactly what the GLBA does and explains both the Financial Privacy
Rule and the Safeguards Rule that financial institutions are obligated
to follow under the act.
- COPPA. "COPPA - Children's Online Privacy Protection Act."
This page has extremely useful information about COPPA. The "What is COPPA?"
link provides the full text of the act, which is fairly readable. In addition,
this page has a section on how to comply with the act, and explains in plain,
readable language what web site operators must do in order to comply with the
provisions in COPPA.
- Watchfire. "California Online Privacy Protection Act (OPPA)."
Provides an explanation of what the California Privacy Protection Act of 2003
is, who it applies to and what companies must do in order to comply with its
provisions. Also mentions how even though the law was passed in California, it
applies to any business that collects information from a California resident.
- Better Business Bureau. "Privacy Program Eligibility
The Better Business Bureau Online (BBOnLine) issues
privacy seals to web sites that carefully protect the
privacy of personal information obtained from
users. The goal of the privacy seal is to provide end
users with an understandable, recognizable, and
trustworthy assurance that their privacy is
protected. The requirements imposed upon web sites who
wish to obtain such a seal provide a starting point
for examining what components of online privacy
policies are essential.
- TRUSTe. "TRUSTe Program
Like the Better Business Bureau, TRUSTe works to
certify web sites, assuring end users that in using
such sites that their personal information will be
secure. For the purposes of the project at hand, we
consider TRUSTe in order to determine exactly what
pieces of privacy policies have been deemed
- Privacy Alliance. "Guidelines for Online
Privacy Alliance is an industry organization working
together to focus on privacy issues from a united
business front. The site contains recommendations for
http://www.privacyalliance.org/resources/ppguidelines.shtml (which include disclosure policies and data security issues) and advocates industry self-enforcement http://www.privacyalliance.org/resources/enforcement.shtml for privacy regulation. The site also includes special sections for dealing with children's privacy issues. The site does not contain that much actual content, but is well-indexed and does have many pointers to additional off-site resources relating to the major focus points of the site.
- Federal Trade Commission. "Privacy Online: A Report
to Congress." June, 1998.
The Federal Trade Commission conducted a survey of
more than 1400 web sites in order to ascertain whether
acceptable measures were being taken in order to
assure the privacy of end users was sufficiently
protected online. Results were surprisingly
disheartening -- only 14% of those sites that collect
personal information from end users provide ''any''
notice of how such information will be used. This
document is a corner-stone of online privacy
literature as in addition to discussing the status quo
of online privacy, it describes history, and presents
the central issues of online privacy
- Business Week/Harris. "BW/Harris Poll: Online
In 1998, Business Week/Harris conducted a survey of
end users to ascertain their feelings about privacy
online. Results revealed that the number one reason
that individuals were hesitant to use the Internet was
the fear that their personal information would not
- Carlos Jensen and Colin Potts. "Privacy policies as
decision-making tools: an evaluation of online privacy
notices". Proceedings of the SIGCHI conference on Human
factors in computing systems. Pages 471-478,
This paper is a great source that has a lot of data
that is directly relevant. In this
paper, the authors analyzed 64 different privacy
policies from two different groups of web sites --
high-traffic web sites and health care web sites. They
assess factors such as the accessibility and
readability of privacy policies on different sites and
also examine factors such as the education and reading
comprehension levels required by the privacy and
compare that to those of the general population.
- Adkinson, W. F., Eisenach, J. A., and Lenard
T.M. "Privacy Online: A Report on the Information
Practices and Policies of Commercial Web Sites" Progress
and Freedom Foundation, Washington DC. March
This report is a good source for primary data. It
reports on the results of a study on online privacy
conducted by the Progress & Freedom
Foundation. Because this report is the fourth one of
its kind, it is a good source for seeing trends in
privacy policies -- it reports that web sites are
collecting less information on people, fewer web sites
use third-party cookies, privacy policies are more
prominent and complete, more sites are using opt-in
rather than opt-out policies, and that more sites
offer a combination of fair information practice
elements. At a high level, the report suggests that
online privacy policies and practices are still
evolving and seem to be improving to some
- Anton, A. I., Earp, J. B. and Reese, A. "Analyzing Web
Site Privacy Requirements Using a Privacy Goal
Taxonomy." IEEE Requirements Engineering Conference
(RE'02), Essen, Germany, September, 2002.
This paper is a little more purely academic than
some of the other sources, but it still provides some
good background and analysis of the goals that most
privacy policies try to achieve. The authors of the
report used a technique called goal-mining to analyze
privacy policies and to highlight some of the implicit
internal conflicts within the privacy policies and the
manner in which the site operates. The tables provided
in the paper that outline different parts of privacy
policies and what they try to accomplish will be of
- Wired News: Sun on Privacy. "Get Over It."
Scott McNealy, CEO of Sun Microsystems, made a highly
publicized comment, ''You have zero privacy anyway.
Get over it.'' He believes privacy issues are
overblown and drawing too much focus compared to the
actual issues at hand. The article has little
content, beyond being a reference for a VERY famous
- W3C P3P Initiative. "P3P Platform Overview."
information as a part of a standard HTTP transaction.
The specification appears to be complete, but is not
widely adopted. P3P does not include any enforcement
mechanisms (either legal or technical); it serves only
as a common language for expressing privacy-related
information - that is, a computer-readable version of
initiative makes no attempts to deal with (1)
enforcement or (2) what makes a good privacy
- Thibodeau, Patrick. "FTC Official Faults Corporate
Privacy Policies. But businesses say feds are partly to
http://www.computerworld.com/securitytopics/security/privacy/story/0,10801,60248,00.html. May 7, 2001.
This article describes how an FTC official critiques
company privacy policies as being too heavily legal
and hard for ordinary people to understand and how
companies argue that their privacy policies must take
such a form in order to comply with various laws. This
is a good source to use for examining the gap between
privacy policies must look like to comply with various
laws and regulations. Also includes the example of
CitiBank, which has two separate privacy policies to
address the concerns of both
- Gershberg, Michele. "2004 Interent ad revenue tops
dot-com boom levels: Internet advertising in the
U.S. surged to a record $9.6 billion." Computerworld
(reprint from REUTERS). http://www.computerworld.com/managementtopics/ebusiness/story/0,10801,101406,00.html.
As the Internet has grown, online advertising has become a
lucrative source of income for many of the major
online companies. We can use figures about the size of
the online advertising industry to gain a sense of
magnitude of the entire corporate marketplace online.
- Pastore, Michael. "Q1 E-Commerce Spending Matches
Holiday Season." http://www.clickz.com/stats/sectors/retailing/article.php/352061.
This article takes a look at the e-commerce revenue
figures as collected during 2000. We use this
information to get a sense of the size of the online
marketplace and the importance of addressing users' privacy
- CNNMoney "FTC, Toysmart.com settle." July 21,
In 2000, Toysmart.com, an online toy vendor, filed
for bankrupcy and attempted to liquidate their
assets. Thanks to TRUSTe, the FTC was notified of
Toysmart's plans to sell its database of customer's
private information and was sucessful at preventing
such a sale from taking place. The main argument
presented by the FTC was that such a sale was
You and Your Visitors." http://www.gcglaw.com/resources/tech/feb01.html.
This site is designed as a guide for corporate websites
the information presented in this article may be
disturbing to end users as it is geared towards
convincing end users that their information will be
secure enough and, as a result share.
- The Guardian. "The card up their sleeve." http://www.guardian.co.uk/weekend/story/0,3605,999866,00.html.
A news report on supermarket Loyalty Cards, including some statistics
on how effective the loyalty cards are at increasing revenue.
- Safeway. "Safeway Club Card Application." http://www.safeway.com/app.pdf.
The application for Safeway club cards which enable
shoppers to obtain lower prices. This application
details the agreement between safeway and the
customer, shopping patterns may be recorded.
- Leiner, Barry M., et. al. "A Brief History of the
Because any discussion of the history of corporate
privacy policies would be incomplete without a
discussion of the history of the Internet itself, we
must provide some information about the development of
the Internet. In this article Leiner et. al. provide a
brief overview of the history of the Internet and
numerous links to other historical documents about the
- Gribble, Cheryl. "History of the Web Beginning at
Although this seems to be a less scholarly article, it
does provide a basic overview for the development of the
World Wide Web and the first browser, Mosaic. We use
this article, like all of the other articles in the
History section to provide an overview of the history of
the Internet, World Wide Web, and corporate privacy
- Wikipedia. "EBay." http://en.wikipedia.org/wiki/Ebay.
This site provides an overview of EBay.com. Perhaps
most pertinant to this project, however, are the
historical aspects of EBay as it is currently the
largest online marketplace
- "What are CERN's greatest achievements? History
of the WWW"http://public.web.cern.ch/Public/Content/Chapters/AboutCERN/Achievements/WorldWideWeb/WebHistory/WebHistory-en.html.
Like the Gribble article, this provides an overview of
the history of the World Wide Web and how it became the
tool that we use so frequently today. This article is a
direct press release from CERN (the lab at which the web
was originally proposed) and thus is a somehwat more
- Yahoo Finance. "Amazon.com Inc (AMZN)." http://finance.yahoo.com/q?s=amzn.
Viewed 5, June, 2005.
Website that details the current financial status of
Amazon.com, one of the leading online vendors.