no doubt received the most press regarding consumer privacy. In a previous
column, "Knock, Knock, Who's There? Authenticating Users" [March CIL,
p. 54], I explained that cookies don't exactly authenticate a user, but
rather they associate a user with a particular PC and authenticate the
PC. On the surface this may seem benign, although the potential to collect
data using cookies seems almost unlimited when it's tied to a unique identifier
residing on the company's server. Concerns arise when collected information
is used to push out additional sales information, such as via e-mail following
a purchase, or when it is shared or sold to third-party vendors or marketers
in order to influence your purchasing behaviors at other sites. Or it can
even be given to different branches of the same company. For instance,
a dot-com may share collected data with its brick-and-mortar equivalent.
Should we be concerned? Consider this ...
On Monday I get an unsolicited
e-mail message from a florist alerting me that Easter is just around the
corner and that I should buy some flowers. The message also reminds me
that Mother's Day is soon to follow. On Tuesday another unsolicited e-mail
tells me I might want to look at some new books and CDs hot off the press.
On Wednesday a financial institution tells me it's having a money sale,
and on Thursday I'm told there's a new type of tomato seed that would be
perfect for my garden this summer. All of these were unsolicited. True,
I have visited all of these sites and either made a purchase or perused
down their virtual aisles, but at no time did I ask to be reminded weekly
or monthly of newly released products or upcoming sales. This is disturbing
on several levels. First, I've been added to these companies' lists without
my knowledge. Second, they've made a choice for me—to fill my already
overflowing mailbox with unsolicited junk e-mail.
Worse yet, when one of these
companies hits hard times, I notice a little story in the newspaper about
its bankruptcy. The following week, I get 40 e-mails instead of four—my
personal information and purchasing habits data have been sold!
Where Worlds Collide
Our physical and virtual
worlds are colliding. We truly are what we eat, drink, read, and now, browse.
So many of our day-to-day interactions now take place online, and the digital
trail we leave behind reveals more and more of who we are and what we do;
we become defined by our online profiles made up of bits and bytes. Even
some of the stores where I physically shop now wish to know my e-mail address
so they can complete my profile. The bank knows my behavior from ATM transactions,
the grocery knows what I buy through my club card membership, and now the
Web sites where I visit or make transactions remind me each time there's
a sale. If I ever need an alibi, I know that the trail of electronic bread
crumbs spread behind my electronic transactions will fit the bill perfectly.
a profile as, "a set of characteristics or qualities that identify a type
or category of person or thing." A profile may be associated with an individual
by several means. A person may voluntarily provide information. Or, an
inference may be made by combining data like ZIP code and date of birth
(referred to as triangulating data). Another way is through "synchronization"
with other data sources where personal information is stored and shared
with other companies (usually for a fee). Creating a user profile when
the information is not volunteered by the end-user is most often done with
cookie files, those pesky little computer files residing on your computer
that the desktop and server pass back and forth.
Online profiling is one
of the most incendiary privacy issues on the Internet, especially when
your digital identity is used at another site because your personal information
was captured in a database and then sold or shared with companies you've
never heard of. There's a growing backlash against online profiling from
consumer advocacy groups and increasingly from concerned individuals who
are caught in the crossfire between demanding increased connectivity and
desiring to maintain their anonymity.
So why should this matter
to you and your library? Most states have enacted laws that protect the
privacy of our patrons. But the Internet didn't exist when these kinds
of laws were enacted, and they were written to protect patron information
as it related to physical materials circulation. We know that these same
laws apply to our digital library counterparts, but do our patrons?
I don't know of any libraries
that conduct true online profiling, but we do maintain records for authentication
purposes, for interlibrary loan, or when we ask patrons to define their
preferences so that information can be better tailored online to meet their
needs, such as for a personal portal page. We store much of this information
electronically in a database. Are patrons aware of information collected
from our digital library Web sites, how this information is used, and who
has access? To assure that they do know how their information is being
Consider Privacy Policies
is not a requirement for most organizations. In 1998, the Federal Trade
Commission (FTC) responded to the tremendous backlash to online profiling
and asked companies in the online industry to voluntarily explain and post
their privacy policies in more detail. The FTC's intention was to make
initial progress in creating an electronic environment with some protection
of consumer privacy, and perhaps to allow online companies to carry out
self policing as an alternative to regulating an ill-defined environment.
In response, several of the industry's heavy hitters, like Microsoft and
IBM, formed an alliance called TRUSTe to better educate the public and
to promote "fair information practices."
According to the TRUSTe
TRUSTe is an independent,
non-profit initiative whose mission is to build users' trust and confidence
in the Internet by promoting the principles of disclosure and informed
consent. Because this site wants to demonstrate its commitment to your
privacy, it has agreed to disclose its information practices and have its
privacy practices reviewed for compliance by TRUSTe. When you see our TRUSTe
seal, you can be assured that the Web site will disclose:
As the digital library becomes
a preferred route of choice for services, the need for a library privacy
policy becomes unavoidable. Perhaps those in the library field should also
form an alliance to come up with a similar privacy "seal of approval."
What personal information is
being gathered about you
How the information will be
Who the information will be
shared with, if anyone
Choices available to you regarding
how collected information is used
Safeguards in place to protect
your information from loss, misuse, or alteration
How you can update or correct
inaccuracies in your information.
If you are planning to write
a privacy statement, there are several examples worthy of note. First,
check out the policy statement for Excite based on the TRUSTe disclosure
statement at http://www.excite.com/privacy_policy.
Another example is not a privacy statement at all; it's a privacy statement
developed by the Organisation for Economic Co-operation and Development
(OECD; http://www.oecd.org). The
generator is available directly from http://cs3-hq.oecd.org/scripts/pwv3/pwhome.htm.
some issues that have no bearing in a library environment. I've paraphrased
some of the OECD high points you'll want to address in the sidebar
Two Different Hats
Currently there is no framework
to address the many legal issues that arise in cyberspace. Just to give
you an idea, consider all of these areas in a non-electronic environment:
trademark, copyright, liability, fraud and theft, defamation, disclosure,
search and seizure, invasion of privacy, evidence, and jurisdiction. Most
are pretty tangible, right? Now consider each one of these issues as it
relates to the Internet. You'll find that each has an entirely different
meaning when you try to translate it. Let's consider one issue, jurisdiction:
"the territory over which authority is exercised." As e-mail messages and
Web pages are sent or downloaded around the world, how do you define "territory"?
So, let's get back to online
profiling and consumer privacy. Is this something we should be concerned
about in our library environments?
When I put on my Webmaster
hat (a pointy hat with stars), my answer is "no." From a standpoint of
designing the most user-focused site that I can, profiling helps us to
target services better. Targeted services can mean delivering information
specific to an individual's preferences or formatting and packaging information
delivery to meet my end-user's needs (like to a PDA). Or it could mean
clustering products, content, and services to serve communities, such as
a group with common interests and needs, for example, physicians. Profiling
helps me design user-centric Web sites.
Now let me put on my librarian's
hat. Now, my answer is "yes," we should be concerned about online profiling
and consumer privacy in our libraries. Our users assume that their privacy
is protected by law. The Internet didn't exist when the laws were written
and enacted to provide protection to those who checked out materials. The
phrase "digital library" was not around, although we know these same laws
provide protection in both our traditional and digital libraries. But do
users know this? Like much of today's legislation, little case law exists
to see how the laws will actually be applied in an electronic environment.
As the law tries to keep
pace with Internet technology, we need to protect our patrons and ourselves,
to be proactive in our organizations, and to educate our patrons as best
we can. A privacy statement provides a much-needed proactive measure and
also re-emphasizes the role we play on behalf of our patrons—that of pathfinder
and trusted agent. Privacy has always been a library priority. When we
educate our users about privacy we not only help them protect it, we also
decrease our risk of liability if privacy is compromised.
|Some of the High Points from OECD's
The personally identifiable information that is collected to include both
anonymous and personally identifiable information; statement should identify
what is collected including information that cannot be tied back to a specific
person (this is information you cull from your log files reflecting server
Data Quality: Ensuring
the integrity of the data collected is maintained so that it continues
to be relevant to the purpose for which it was collected
Purpose of Collection:
Clearly defined purpose for collecting the data, including the start and
end dates if the data is used for a specific event or project
Data Use: States
how the data is to be used and if it will be used for other purposes other
than those stated
Security and Confidentiality
Safeguards: The security procedures that are in place to protect against
the unauthorized access, loss, use, or destruction or modification of data
States the rights of the individual to obtain, confirm, and challenge data
related to them personally
Provides information to visitors to include the business of your organization,
broadly who you serve, and the "legal entity which controls the processing
of personal data"
Use of Third-Party Web
Service Provider: Identifies where data may be gathered by third-party
vendors such as an outside content provider, Internet service provider,
or application service provider. (This is extremely important in a library
environment when visitors are connected to purchased content residing on
a remote server.)
of Information: "Information automatically collected, via cookies or
other means such as programming, may not be linked to an individual. However,
if you link the information that you capture automatically, via cookies
or other programming means, with personal data about a specific individual,
your visitors should be made aware of this."
of the Web Site: Information collected for the purpose of administrating
the Web site such as account login, IP, or domain name
Data captured to provide services to the customer such as account information
to process an interlibrary loan request, or address information to deliver
bibliographic search requests
Marketing: Data captured
in order to target user types for content, formatting, and delivery purposes
Kim Guenther is the director
for the University ofVirginia Health System Web Center and the Health System
Webmaster. Her e-mail address is firstname.lastname@example.org.