June 20, 2006
—
CSO
—
Be careful with the secrets you reveal to online retailers. You just don’t know where your personal data could end up and how it might be used.
This was the warning issued by Ottawa-based Canadian Policy and Public Interest Clinic following its release of a survey that showed “widespread noncompliance with federal privacy laws.”
Funded by the Privacy Commission of Canada, the survey, titled "Compliance with Canadian Data Protection Laws: Are Retailers Measuring Up?" questioned 64 online retailers on their observance of legal requirements for accountability, openness and consent in collecting customer data.
It also polled 72 online and offline retailers on their compliance with “individual access”—the PIPEDA requirement to inform individuals of the existence, use and disclosure of their personal information upon request, and to give individuals access to that information.
The survey’s findings are hardly encouraging.
While 94 percent of retailers surveyed did have privacy policies, these tended to be lengthy, ranging from 1,000 to 2,000 words. In most cases, policies were not conspicuously visible to consumers.
The survey also found 48 percent of the retailers share information with other companies for purposes beyond those necessary for the transaction or service originally sought by the customer. Furthermore, only one of these companies restricted data sharing to its affiliates. Yet 34 percent did not offer consumers a choice regarding this practice during the registration or ordering process.
Some 78 percent of the sample companies rely on opt-out methods to obtain consumer consent to secondary use or disclosure of their personal information.
In at least 18 cases, the assessors were not sure whether consent to secondary use or disclosure was mandatory because the privacy policy was either unclear or nonexistent. Thus, 39 percent of the companies were found in violation of PIPEDA’s rules.
-Nestor E. Arellano, CIO Canada (June 2006)
Keep checking in at our CSO Security Feed page for updated news coverage.
$firstKeyword
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Upgrading to VMware vSphere with vWire
- Removing Barriers To Better Server Virtualization Efficiency
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Staying A Step Ahead of the Hackers: The Importance of Identifying Critical Web Application Vulnerabilities
- Managing A Growing Threat: An Executive's Guide to Web Application Security
- The Forrester Wave™: Web Filtering, Q2 2009
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
