News

Online Retailers Flouting Privacy Laws

By Dave Gradijan

June 20, 2006CSO — Be careful with the secrets you reveal to online retailers. You just don’t know where your personal data could end up and how it might be used.

This was the warning issued by Ottawa-based Canadian Policy and Public Interest Clinic following its release of a survey that showed “widespread noncompliance with federal privacy laws.”

Funded by the Privacy Commission of Canada, the survey, titled "Compliance with Canadian Data Protection Laws: Are Retailers Measuring Up?" questioned 64 online retailers on their observance of legal requirements for accountability, openness and consent in collecting customer data.

It also polled 72 online and offline retailers on their compliance with “individual access”—the PIPEDA requirement to inform individuals of the existence, use and disclosure of their personal information upon request, and to give individuals access to that information.

The survey’s findings are hardly encouraging.

While 94 percent of retailers surveyed did have privacy policies, these tended to be lengthy, ranging from 1,000 to 2,000 words. In most cases, policies were not conspicuously visible to consumers.

The survey also found 48 percent of the retailers share information with other companies for purposes beyond those necessary for the transaction or service originally sought by the customer. Furthermore, only one of these companies restricted data sharing to its affiliates. Yet 34 percent did not offer consumers a choice regarding this practice during the registration or ordering process.

Some 78 percent of the sample companies rely on opt-out methods to obtain consumer consent to secondary use or disclosure of their personal information.

In at least 18 cases, the assessors were not sure whether consent to secondary use or disclosure was mandatory because the privacy policy was either unclear or nonexistent. Thus, 39 percent of the companies were found in violation of PIPEDA’s rules.

-Nestor E. Arellano, CIO Canada (June 2006)

Keep checking in at our CSO Security Feed page for updated news coverage.

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Data Center Directions Virtual Conference

Data Center VCAttend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.

» Learn more and register here

WHITE PAPER
Maximizing Site Visitor Trust Using Extended Validation SSL

VeriSignNow with Extended Validation (EV) SSL available from VeriSign, you can show your customers that they can trust your site. Learn about EV SSL benefits in the free VeriSign white paper.

» Read the Paper

Featured Sponsors
Sponsored Links

E-LOAN Maintains Reputation as a Privacy Leader with Symantec

Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands

Prudential Financial Protects its Brand with Symantec

Efficient - Flexible - Compliant

Envision Identity-Based Access Control for the Datacenter

Using Likewise to Comply with PCI Data Security Standard

When Customer Relationship is Everything, Businesses Bank on SSL Solutions

The Case for Business Software Assurance ~ Securing Your Applications

Maximizing Site Visitor Trust Using Extended Validation SSL

Solving Online Credit Fraud Using Device Reputation

Understanding Data Location is Imperative for Data Loss Prevention

Secure your virtual and physical environments with the same software

Manage your IT more effectively

IDC Defines an Identity and Access Management Submarket

IDC Defines an Identity and Access Management Submarket for Managing Privileged User Accounts and Meeting GRC Requirements

Everything Today's CISO Needs to Know About Using SSO to Succeed in the Web 2.0 Era

7 Requirements of Data Loss Prevention

Information Security: Data Drains and How to Prevent Loss

CA's IT Security centralizes your identity management to turn security into a proactive, business-building tool

How Are Open Source Development Communities Embracing Security Best Practices?

Digital Identity Protection and Data Security Get Personal

Simplify your data center with Juniper Networks. View the webcast

Managing SSL Security in Multi-Server Environments

The Latest Advancements in SSL Technology

How to Offer the Strongest SSL Encryption

Forrester Total Economic Impact (TEI) report: Save Millions in Fraud Losses.

Get in Compliance With Government Data Regulations

Taking the Botnet Threat Seriously

Any company can promise identity protection. Only Debix can prove it

Welcome to the age of Service-Oriented Security (SOS)

Enabling Compliance with Converged Mainframe Security and Storage

5 Steps to Secure Outsourced Application Development