E-Privacy for Electronic Commerce Implementing E-Privacy - An Enterprise Approach Tony LAM Deputy...
-
date post
19-Dec-2015 -
Category
Documents
-
view
216 -
download
0
Transcript of E-Privacy for Electronic Commerce Implementing E-Privacy - An Enterprise Approach Tony LAM Deputy...
E-Privacy for Electronic CommerceE-Privacy for Electronic Commerce
Implementing E-Privacy - Implementing E-Privacy -
An Enterprise ApproachAn Enterprise Approach
Tony LAMTony LAM
Deputy Privacy Commissioner for Personal Data, Hong Kong SARDeputy Privacy Commissioner for Personal Data, Hong Kong SAR
Conference on E-Privacy in the New EconomyConference on E-Privacy in the New Economy
March 26, 2001March 26, 2001
1
Why the concern about E-PrivacyWhy the concern about E-Privacy
It’s a core value of an organisation in any E-
Business initiative
“It is not whether an organisation can afford to adopt an E-Privacy policy, but whether it can afford not to do so”
2
E-Privacy : A Business issueE-Privacy : A Business issue
How can organisations improve key processes in an increasingly competitive environment?
How can organisations maximise the benefit of information in the new information age?
Can E-Commerce maximise its value to consumers and simultaneously retain their trust and confidence?
3
E-Privacy : A Management issueE-Privacy : A Management issue“Failure to deal with privacy issues can present frightening risks to the E-Business enterprise”
Loss of competitive advantage
Loss to potential business
4
E-Privacy : A Management issueE-Privacy : A Management issue
“When the client of a major bank can have $900,000 stolen from his account despite all the protections that are written into the system, it seems that even the biggest companies are vulnerable against the skills of a determined Internet criminal.”
Source : South China Morning Post, February 22 2001
Unfavourable publicity
Customers walk away
5
E-Privacy : A Management issueE-Privacy : A Management issue
“In 1998, a federal jury in the US awarded an identity theft victim $50,000 in actual damages and $4.7 million in punitive damages against a major credit-reporting agency. Jurors found that the company failed to follow reasonable procedures to maximise accuracy and that it, in doing so, willfully defamed the defendant”
Source : Privacy Times Magazine, May 29 1998
Other costs of remedy
Direct costs of litigation
6
E-Privacy : A Consumer issueE-Privacy : A Consumer issue
“Despite the fact that the majority of the sites collected personal information from the user, only a tiny minority provided a privacy policy that gave users meaningful information about how that data would be used. Sites both in the US and EU fall woefully short of the standards set by international guidelines on data protection”
Source : Consumer International Privacy@net Report, 2001
Trust and confidence are not yet the hallmarks of E-Commerce
7
E-Privacy : A Consumer issueE-Privacy : A Consumer issue
“Fewer than 2% of all respondents have bought goods or services or traded securities online. The main reason cited by respondents for not using the Internet to shop or trade was concern about security”
Source : Census & Statistics Department Survey, 2000
“Of all the respondents, about 52% gave a rating of 8 or more on a scale of 0 to 10 to indicate their privacy concern about purchasing online. The highest privacy concern was “money loss due to interception of your credit card (84%), followed by “misuse of personal data by third parties (72%)””
Source : PCO Opinion Survey, 2000
8
E-Privacy : Consumer ConcernsE-Privacy : Consumer Concerns
Security threatsSecurity threats– Insecure transmission of Insecure transmission of
sensitive datasensitive data
– Unauthorised access, Unauthorised access, modification of informationmodification of information
Privacy intrusionPrivacy intrusion– Unlawful & unfair collection of personal dataUnlawful & unfair collection of personal data
– Disclosure of data for fraudulent purposesDisclosure of data for fraudulent purposes
– Misuse of data for unintended purposes without consentMisuse of data for unintended purposes without consent
– Unsolicited commercial e-mailsUnsolicited commercial e-mails
9
E-Privacy : A Regulatory compliance issueE-Privacy : A Regulatory compliance issue
E-Privacy data practices should operate on the principle that what
is illegal offline is illegal online
Hong Kong Privacy Law
Personal Data (Privacy) Ordinance
International and National Regulation
EU Directive on Trans-border Data Flow
International Conventions and Codes of Practice
10
Privacy StoriesPrivacy Stories Real Networks - online software distributorReal Networks - online software distributor
– Collect musical tastes of users without their knowledge
– TRUSTe announced to review its licence agreement
DoubleClick - online advertising agency– Profile users’ browsing habits with data of Abacus, a
direct marketing firm it had acquired
– FTC investigation ~ a drop of one-third in its share price
Toysmart - a toy retailer– Intended sale of a bankrupt business’ customer database
– Court injunction to prevent the sale taking place
11
E-Privacy : A Policy FrameworkE-Privacy : A Policy Framework
Stage I
E-Privacy Drivers
Stage II
Strategic Planning
Stage III
Strategy Implementation
Stage IV
Pursuit of Excellence
12
E-Privacy : A Policy FrameworkE-Privacy : A Policy Framework
Stage I
E-Privacy Drivers
Organisation Culture
Privacy Core Value
E-Privacy Policy
13
E-Privacy : A Policy FrameworkE-Privacy : A Policy Framework
Stage II
Strategic Planning
Identify E-Privacy issues
Formulate strategies
Privacy Impact Assessment
14
E-Privacy : A Policy FrameworkE-Privacy : A Policy Framework
Stage III
Strategy Implementation
E-Privacy Policy Statement
Privacy Enhancing Technology
Compliance & Audit
15
E-Privacy : A Policy FrameworkE-Privacy : A Policy Framework
Stage IV
Pursuit of Excellence
Manage & Review
Enhance Compliance
Continuous Improvement
16
E-Privacy Policy StatementE-Privacy Policy Statement
Privacy policies and accurate public statements outlining such policies are a vital step
towards encouraging openness and trust in E-
Commerce among consumers
“They can help consumers to make informed choices about entrusting an organisation with personal data and doing business with it”
17
Core elements of an E-PPSCore elements of an E-PPS General statement of personal data policyGeneral statement of personal data policy
– your overall commitment to protecting the privacy your overall commitment to protecting the privacy interests of your consumersinterests of your consumers
Statement of data handling practicesStatement of data handling practices– the kind of personal data heldthe kind of personal data held
– main purposes for which personal data are usedmain purposes for which personal data are used
Notice of other practicesNotice of other practices– data disclosure practicedata disclosure practice
– data retention and security policydata retention and security policy
– choice & consent in Internet marketingchoice & consent in Internet marketing
18
Making an Effective E-PPSMaking an Effective E-PPSWhenever a web site collects personal data of consumers
• A prominent “hotlink” from the home page
• A linked page from any data collection forms
• Written in simple and easy to understand manner
• Conforming with acceptable privacy standards
• Relevant to the online environment of the site
• Reflecting the core values of privacy protection
Avoid “over-commitment” and “under-delivery”
19
E-Privacy : The Pay-offE-Privacy : The Pay-off
Building trust & confidence Building trust & confidence in the E-Economyin the E-Economy
Gaining competitive Gaining competitive advantageadvantage
Enhancing corporate Enhancing corporate governancegovernance
20
Contacting PCOContacting PCO
Hotline - 2827 2827Hotline - 2827 2827 Internet - http://www.pco.org.hkInternet - http://www.pco.org.hk
Email - [email protected] - [email protected] Correspondence -Correspondence -
Unit 2001, 20/floor, Office Tower,Unit 2001, 20/floor, Office Tower,
Convention Plaza, 1 Harbour RoadConvention Plaza, 1 Harbour Road
Wanchai Hong KongWanchai Hong Kong
21