computer_lock Title

References

We recommend the following sites for background reading about online privacy policies. We have categorized these references so that you can easily find information about a given topic of interest. Please use the navigation provided at right to browse to a specific topic of interest.

Legislation Top of Page
  1. Electronic Privacy Information Center. "EPIC Bill Track: Tracking Privacy, Speech, and Cyber-Liberties Bills in the 108th Congress." http://www.epic.org/privacy/bill_track.html.

    This web site provides a comprehensive look at many of the most recent bills impacting, among other things, the privacy rights of Internet users. Additionally, it provides links to the full text of bills for further study.

  2. United States Congress. "Online Privacy Protection Act of 2003." Washington D.C., 2003. http://thomas.loc.gov/cgi-bin/query/z?c108:H.R.69:

    Although the Children's Online Privacy Protection act of 1998 restricted the amount of personal information that could be collected from individuals under the age of thirteen, the Online Privacy Protection Act was responsible addressing the privacy concerns of adults. Additionally, this act required the Federal Trade Commission (FTC) to provide regulations for web sites that "[require] operators to provide a process for [adults] to consent to or limit the disclosure of [private] information" (Taken from the bill summary). Finally, the bill provided a strict and useful definition of "private information."

  3. United States Department of Health and Human Services Office for Civil Rights. "HIPAA." http://www.hhs.gov/ocr/hipaa/.

    This web site assembled by the Untied States Department and Human Services offers a good overview of HIPAA, which regulates the practices that health care providers must follow with respect to consumer information, privacy and information disclosure. The fact sheet entitled "Privacy and Your Health Information" and the FAQ they provide are especially useful sources for information on legislation related to privacy.

  4. Federal Trade Commission. "Financial Privacy: The Gramm-Leach Bliley Act." http://www.ftc.gov/privacy/glbact/.

    This page maintainted by the FTC does a good job of highlighting exactly what the GLBA does and explains both the Financial Privacy Rule and the Safeguards Rule that financial institutions are obligated to follow under the act.

  5. COPPA. "COPPA - Children's Online Privacy Protection Act." http://www.coppa.org/.

    This page has extremely useful information about COPPA. The "What is COPPA?" link provides the full text of the act, which is fairly readable. In addition, this page has a section on how to comply with the act, and explains in plain, readable language what web site operators must do in order to comply with the provisions in COPPA.

  6. Watchfire. "California Online Privacy Protection Act (OPPA)." http://www.watchfire.com/legislation/oppa.aspx.

    Provides an explanation of what the California Privacy Protection Act of 2003 is, who it applies to and what companies must do in order to comply with its provisions. Also mentions how even though the law was passed in California, it applies to any business that collects information from a California resident.

Online Privacy CertificationTop of Page
  1. Better Business Bureau. "Privacy Program Eligibility Requirements." http://www.bbbonline.org/privacy/threshold.asp

    The Better Business Bureau Online (BBOnLine) issues privacy seals to web sites that carefully protect the privacy of personal information obtained from users. The goal of the privacy seal is to provide end users with an understandable, recognizable, and trustworthy assurance that their privacy is protected. The requirements imposed upon web sites who wish to obtain such a seal provide a starting point for examining what components of online privacy policies are essential.

  2. TRUSTe. "TRUSTe Program Requirements." http://www.truste.org/requirements.php

    Like the Better Business Bureau, TRUSTe works to certify web sites, assuring end users that in using such sites that their personal information will be secure. For the purposes of the project at hand, we consider TRUSTe in order to determine exactly what pieces of privacy policies have been deemed essential.

  3. Privacy Alliance. "Guidelines for Online Privacy." http://www.privacyalliance.org/

    Privacy Alliance is an industry organization working together to focus on privacy issues from a united business front. The site contains recommendations for drafting a privacy policy http://www.privacyalliance.org/resources/ppguidelines.shtml (which include disclosure policies and data security issues) and advocates industry self-enforcement http://www.privacyalliance.org/resources/enforcement.shtml for privacy regulation. The site also includes special sections for dealing with children's privacy issues. The site does not contain that much actual content, but is well-indexed and does have many pointers to additional off-site resources relating to the major focus points of the site.

StudiesTop of Page
  1. Federal Trade Commission. "Privacy Online: A Report to Congress." June, 1998. http://www.ftc.gov/reports/privacy3/toc.htm

    The Federal Trade Commission conducted a survey of more than 1400 web sites in order to ascertain whether acceptable measures were being taken in order to assure the privacy of end users was sufficiently protected online. Results were surprisingly disheartening -- only 14% of those sites that collect personal information from end users provide ''any'' notice of how such information will be used. This document is a corner-stone of online privacy literature as in addition to discussing the status quo of online privacy, it describes history, and presents the central issues of online privacy protection.

  2. Business Week/Harris. "BW/Harris Poll: Online Insecurity." http://www.businessweek.com/1998/11/b3569107.htm

    In 1998, Business Week/Harris conducted a survey of end users to ascertain their feelings about privacy online. Results revealed that the number one reason that individuals were hesitant to use the Internet was the fear that their personal information would not remain private.

  3. Carlos Jensen and Colin Potts. "Privacy policies as decision-making tools: an evaluation of online privacy notices". Proceedings of the SIGCHI conference on Human factors in computing systems. Pages 471-478, 2004.

    This paper is a great source that has a lot of data that is directly relevant. In this paper, the authors analyzed 64 different privacy policies from two different groups of web sites -- high-traffic web sites and health care web sites. They assess factors such as the accessibility and readability of privacy policies on different sites and also examine factors such as the education and reading comprehension levels required by the privacy and compare that to those of the general population.

  4. Adkinson, W. F., Eisenach, J. A., and Lenard T.M. "Privacy Online: A Report on the Information Practices and Policies of Commercial Web Sites" Progress and Freedom Foundation, Washington DC. March 2002.

    This report is a good source for primary data. It reports on the results of a study on online privacy conducted by the Progress & Freedom Foundation. Because this report is the fourth one of its kind, it is a good source for seeing trends in privacy policies -- it reports that web sites are collecting less information on people, fewer web sites use third-party cookies, privacy policies are more prominent and complete, more sites are using opt-in rather than opt-out policies, and that more sites offer a combination of fair information practice elements. At a high level, the report suggests that online privacy policies and practices are still evolving and seem to be improving to some degree.

  5. Anton, A. I., Earp, J. B. and Reese, A. "Analyzing Web Site Privacy Requirements Using a Privacy Goal Taxonomy." IEEE Requirements Engineering Conference (RE'02), Essen, Germany, September, 2002.

    This paper is a little more purely academic than some of the other sources, but it still provides some good background and analysis of the goals that most privacy policies try to achieve. The authors of the report used a technique called goal-mining to analyze privacy policies and to highlight some of the implicit internal conflicts within the privacy policies and the manner in which the site operates. The tables provided in the paper that outline different parts of privacy policies and what they try to accomplish will be of particular use.

ArticlesTop of Page
  1. Wired News: Sun on Privacy. "Get Over It." http://www.wired.com/news/politics/0,1283,17538,00.html

    Scott McNealy, CEO of Sun Microsystems, made a highly publicized comment, ''You have zero privacy anyway. Get over it.'' He believes privacy issues are overblown and drawing too much focus compared to the actual issues at hand. The article has little content, beyond being a reference for a VERY famous remark.

  2. W3C P3P Initiative. "P3P Platform Overview." http://www.w3.org/P3P/

    P3P is a framework for exchanging privacy policy information as a part of a standard HTTP transaction. The specification appears to be complete, but is not widely adopted. P3P does not include any enforcement mechanisms (either legal or technical); it serves only as a common language for expressing privacy-related information - that is, a computer-readable version of a formal privacy policy on a website. The P3P initiative makes no attempts to deal with (1) enforcement or (2) what makes a good privacy policy.

  3. Thibodeau, Patrick. "FTC Official Faults Corporate Privacy Policies. But businesses say feds are partly to blame." http://www.computerworld.com/securitytopics/security/privacy/story/0,10801,60248,00.html. May 7, 2001.

    This article describes how an FTC official critiques company privacy policies as being too heavily legal and hard for ordinary people to understand and how companies argue that their privacy policies must take such a form in order to comply with various laws. This is a good source to use for examining the gap between what consumers want from a privacy policy and what privacy policies must look like to comply with various laws and regulations. Also includes the example of CitiBank, which has two separate privacy policies to address the concerns of both audiences.

  4. Gershberg, Michele. "2004 Interent ad revenue tops dot-com boom levels: Internet advertising in the U.S. surged to a record $9.6 billion." Computerworld (reprint from REUTERS). http://www.computerworld.com/managementtopics/ebusiness/story/0,10801,101406,00.html.

    As the Internet has grown, online advertising has become a lucrative source of income for many of the major online companies. We can use figures about the size of the online advertising industry to gain a sense of magnitude of the entire corporate marketplace online.

  5. Pastore, Michael. "Q1 E-Commerce Spending Matches Holiday Season." http://www.clickz.com/stats/sectors/retailing/article.php/352061.

    This article takes a look at the e-commerce revenue figures as collected during 2000. We use this information to get a sense of the size of the online marketplace and the importance of addressing users' privacy concerns.

  6. CNNMoney "FTC, Toysmart.com settle." July 21, 2000. http://money.cnn.com/2000/07/21/companies/toysmart/.

    In 2000, Toysmart.com, an online toy vendor, filed for bankrupcy and attempted to liquidate their assets. Thanks to TRUSTe, the FTC was notified of Toysmart's plans to sell its database of customer's private information and was sucessful at preventing such a sale from taking place. The main argument presented by the FTC was that such a sale was prohibited under Toysmart's posted privacy policy.

  7. Garon, Jon M. "Planning the Right Privacy Policy for You and Your Visitors." http://www.gcglaw.com/resources/tech/feb01.html.

    This site is designed as a guide for corporate websites that desire to develop an online privacy policy. Much of the information presented in this article may be disturbing to end users as it is geared towards convincing end users that their information will be secure enough and, as a result share.

  8. The Guardian. "The card up their sleeve." http://www.guardian.co.uk/weekend/story/0,3605,999866,00.html.

    A news report on supermarket Loyalty Cards, including some statistics on how effective the loyalty cards are at increasing revenue.

  9. Safeway. "Safeway Club Card Application." http://www.safeway.com/app.pdf.

    The application for Safeway club cards which enable shoppers to obtain lower prices. This application details the agreement between safeway and the customer, shopping patterns may be recorded.

HistoryTop of Page
  1. Leiner, Barry M., et. al. "A Brief History of the Internet." http://www.isoc.org/internet/history/brief.shtml.

    Because any discussion of the history of corporate privacy policies would be incomplete without a discussion of the history of the Internet itself, we must provide some information about the development of the Internet. In this article Leiner et. al. provide a brief overview of the history of the Internet and numerous links to other historical documents about the Internet's development.

  2. Gribble, Cheryl. "History of the Web Beginning at CERN." http://www.hitmill.com/internet/web_history.html.

    Although this seems to be a less scholarly article, it does provide a basic overview for the development of the World Wide Web and the first browser, Mosaic. We use this article, like all of the other articles in the History section to provide an overview of the history of the Internet, World Wide Web, and corporate privacy policies.

  3. Wikipedia. "EBay." http://en.wikipedia.org/wiki/Ebay.

    This site provides an overview of EBay.com. Perhaps most pertinant to this project, however, are the historical aspects of EBay as it is currently the largest online marketplace

  4. "What are CERN's greatest achievements? History of the WWW"http://public.web.cern.ch/Public/Content/Chapters/AboutCERN/Achievements/WorldWideWeb/WebHistory/WebHistory-en.html.

    Like the Gribble article, this provides an overview of the history of the World Wide Web and how it became the tool that we use so frequently today. This article is a direct press release from CERN (the lab at which the web was originally proposed) and thus is a somehwat more reputable source.

  5. Yahoo Finance. "Amazon.com Inc (AMZN)." http://finance.yahoo.com/q?s=amzn. Viewed 5, June, 2005.

    Website that details the current financial status of Amazon.com, one of the leading online vendors.