MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Privacy Forder & Quirk Chapter 11.
-
Upload
geoffrey-taylor -
Category
Documents
-
view
215 -
download
0
Transcript of MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Privacy Forder & Quirk Chapter 11.
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE
Privacy
Forder & Quirk Chapter 11
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE
Privacy Governments are concerned with protecting citizens
from unscrupulous ‘data thieves’ who may misuse the information or gather it in illegal way.
Governments are also keen to preserve their own surveillance powers for the sake of ‘national security’.
The business community wants to encourage the use of e-commerce and are concerned with the building relationships of trust with their customers.
Customers are eager to use e-commerce, but usually only when they can be sure corrupt operators will not take advantage of them”.
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE
The problemWhen you are using the Internet you may think youranonymous………BUT there are various ways that theinformation about you or your activities can be collectedwithout your knowledge or consent. Cookies Browsers Pre-existing information Internet Commerce E-mail Spam
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE
US survey in 1998 92% of web sites collected personal information Only 14% provided a privacy statement 89% of children’s web sites collected personal
information on children Only 23% instructed children to get parental
permission to provision of personal information
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE
Browsers: Security bugs in browsers allow hackers and web sites to access your personal information while you are surfing the web.
Pre-existing information: Governments, schools, businesses and other organisations may have already collected personal information about you.
E-mail: ‘e-mail is more like a post card than a letter in an envelope. Anyone who intercepts your e-mail can read it if it’s sent as plain text’.
Spam: Spam is junk E-mail. Spam is the use of you e-mail address for a purpose that you don’t agree to and are paying to have delivered.
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE
Internet Commerce If you buy something from a commercial web site you
will probably have to use a credit card. Is this SAFE? Governments and businesses are keen to encourage
Internet commerce but there is resistance by consumers due to concerns about security and privacy.
E-businesses seem to require you to provide more personal information than you would for over the counter purchases.
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE
Technical Solutions Intelligent Agents
Automatically negotiate a privacy agreement Requires an international standard (e.g. P3P)
Trust Marks (e.g. www.trustee.org) – signifies that site adheres to standards for: Privacy Dispute resolution
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE
Technical Solutions (cont.) P3P
Uses XML Schema that acts as a set of “multiple choice
questions” on privacy Present a snap shot of site’s privacy policy Backed by W3C
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE
Legal Solutions Common Law
Traditionally no right to privacy (Victoria Park Racing v Taylor (1937) 58 CLR 479)
Recently, High Court has left open the possibility of a right to privacy (ABC v Lenah Game Meats [2001] HCA 63
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE
Legal Solutions (cont.) Common Law (cont.)
Other common law rights Trespass Implied terms of commercial confidentiality
Other countries do recognise a common law right to privacy New Zealand
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE
Legal Solutions (cont.) Statute
Privacy Act (Cth) State legislation
e.g. Information Privacy Act 2000 (Vic) Not as comprehensive as Federal
legislation Generally applies only to the public sector
(i.e. government)
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE
Legal Solutions (cont.) Statute (cont.)
Other Legislation Telecommunications (Interception) Act Freedom of Information Act Data Matching Program National Health Act
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE
Privacy Amendment Act Originally covered only Commonwealth government Extended to private industry Strikes a balance between encouraging IT developments
electronic commerce generally and protecting the individual’s right to protect personal information.
Major element of the Government’s strategy to increase public confidence in doing business online and to position Australian businesses globally to take full advantage of electronic commerce opportunities.
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE
Privacy Amendment Act Requires website operators that collect personal
information online to take reasonable steps to ensure that internet users know who is collecting their information and how it is used, stored and disclosed.
The legislation establishes minimum standards for the protection and handling of personal information and applies in both the conventional and electronic environments
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE
Privacy Amendment Act Collection Use and Disclosure Data Quality Data Security Openness Access and Correction Anonymity Sensitive Information
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE
CollectionAn organisation must: not collect information unless the information is
necessary for one or more of its functions or activities. collect personal information only by lawful and fair
means and not in an unreasonably intrusive way. If it is reasonable and practicable to do so, collect
personal information about an individual from that individual.
take reasonable steps to ensure that an individual is or has been made aware of the information if it collects personal information about the individual from someone else.
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE
CollectionThe individual must be made aware of: the identity of the organisation and how to contact it the fact that he or she is able to access the information the purpose for which the information is collected the organisation (or types of organisations) to which the
organisation usually discloses information of that kind any law that requires the particular information to be
collected the main consequences (if any) for the individual if all or
part of the information is not provided.
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE
Use and DisclosureAn organisation must not use or disclose personal information about an individual for a purpose other thanthe primary purpose of collection unless the individual has consented to the use or disclosure the information is not sensitive information and is for
the secondary purpose of direct marketing the information is health information and the use or
disclosure is necessary for research, the compilation or analysis of statistics, relevant to public health or public safety
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE
Use and Disclosure (cont.) it reasonably believes that the use or disclosure
is necessary to lessen or prevent a serious and imminent threat to either individual or public health and safety.
The organisation has reason to suspect that unlawful activity has been, is being or may be engaged in
the use or disclosure is required or authorised by or under law
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE
Data Quality An organisation must take reasonable steps to
make sure that the personal information it collects collects, uses or discloses is accurate, complete and up-to-date.
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE
Data Security An organisation must take reasonable steps to
protect the personal information it holds from misuse and loss and from unauthorised access, modification and disclosure.
An organisation must take reasonable steps to destroy or permanently de-identify personal information if it is no longer needed for any purpose for which the information may be used or disclosed.
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE
Openness An organisation must set out, in a document,
clearly expressed policies on its management of personal information. The organisation must make the document available to anyone who asks for it.
On request by a person, an organisation must take reasonable steps to let the person know, generally, what sort of personal information it holds, for what purposes, and how it collects, holds, uses and discloses that information.
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE
Access and Correction If an organisation holds personal information
about an individual, it must provide the individual with access to the information on request by the individual.
However, where providing access would reveal evaluative information generated within the organisation in connection with a commercially sensitive decision the organisation may give an explanation of the decision rather than direct access to the information
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE
Access and Correction (cont.) If the organisation is not required to provide the individual
with access to the information, the organisation must, if reasonable, consider whether the use of mutually agreed intermediaries would allow sufficient access to meet the needs of both parties needs.
If an organisation charges for providing access to personal information, those charges: must not be excessive must not apply to lodging a request for access.
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE
Access and Correction If an organisation holds personal information
about an individual and the individual is able to establish that the information is not accurate, complete and up-to-date, the organisation must take reasonable steps to correct the information so that it is accurate, complete and up-to-date.
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE
Access and Correction If the individual and the organisation disagree
about whether the information is accurate, complete and up-to-date, and the individual asks the organisation to associate with the information a statement claiming that the information is not so accurate, complete or up-to-date, the organisation must take reasonable steps to do so.
An organisation must provide reasons for denial of access or a refusal to correct personal information.
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE
Anonymity Wherever it is lawful and practicable, individuals
must have the option of not identifying themselves when entering transactions with an organisation
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE
Sensitive Information
Information or opinions about an individual's: racial or ethnic origin; political opinions; membership of a political association; religious beliefs or affiliations; philosophical beliefs; membership of a professional or trade association; membership of a trade union; sexual preferences or practices; or criminal record;
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE
Sensitive Information (cont.) An organisation must not collect sensitive information
about an individual unless: the individual has consented the collection is required by law the collection is necessary to prevent or lesson a
serious and imminent threat to the life or health of an individual
if the information is collected in the course of the activities of a non-profit organisation
the collection is necessary for the establishment, exercise or defence of a legal claim or equitable claim
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE
Sensitive Information (cont.) if an organisation collects health information
about an individual the organisation must take reasonable steps to permanently de-identify the information before the organisation discloses it.
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE
Privacy Codes Must be at least equivalent to National Privacy
Principles Approved by the Privacy Commissioner
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE
Privacy Codes (cont.) Examples
Australian Direct Marketing Association Internet Industry Association Telecommunications Industry Code of Banking Practice Smart Card Industry Code of Conduct Electronic Funds Transfer Code of Conduct
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE
Privacy Codes Advantages
Avoid onerous and costly implementation Less rigid Easy to adjust to changed circumstances More likely to be adhered to Policed by industry peers
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE
Privacy Act Exemptions Businesses with less than $3 million pa turnover
other than: health service providers Federal contractors Not for profit organisations
State or Territory authorities Political parties and political representatives Media organisations
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE
International Perspective OECD encourages trade in order to support
growth of eCommerce Guidelines for the Protection of Privacy and
Trans-border Flows of Personal Data (1980) S17 International Covenant on Civil and Political
Rights “No one shall be subjected to arbitrary and
unlawful interference with privacy…”
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE
International Perspective European Union Privacy Directive (1995)
Being adopted by member countries Transfer of personal information to third
countries only permitted if third country Ensures an adequate level of protection Level is assessed “in all of the
circumstances” (F&Q p344) To date, France, Germany, Luxembourg &
Ireland have not complied
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE
International Perspective (cont.) USA negotiated with EU for “safe harbours” where
businesses voluntarily subscribe to a code of 7 principles that the EU has deemed adequate Notice Choice Onward transfer Access Security Data integrity enforcement
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE
International Perspective (cont.) Australian Response to EU Directive
EU says Australian privacy laws “not adequate”
EU concern with “co-regulatory” approach Australian Government disagrees Aust legislation goes further than US “safe
Harbours” Only 2 countries outside EU have adequate
privacy laws according to the EU
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE
International Perspective USA
No legislation Ineffective codes (unsupported by legislation) Failure to comply with code may be
prosecuted as an unfair or deceptive act (similar to s52 Trade Practices Act)
Growing push for legislation