 |
 |
 |
 |
|
 |
 |
|
 |
security practices for companies and individuals (Hurley, 1999).
Privacy
Computer technologies like the Internet facilitate the exchange of personal
information that can be collected, aggregated and sold across the world. As
companies can easily take advantage of personal information that becomes
accessible on information networks, e.g., through direct marketing (Wang, et al.,
1998), several issues are at stake. The most important concern is whether
information is collected, aggregated or sold with the individual’s explicit consent.
There are several private organizations (Better Business Bureau onLine
(BBBOnLine), Worldwide Web Consortium (W3C), TRUSTe) that try to address
the issue by giving a privacy ‘seal’
to Web sites that are fulfilling some set criteria
of privacy protection. These include the responsibility to make visitors to web sites
aware of what data is collected and giving them choice about making this data
available to third parties. The TRUSTe white paper (http://www.truste.org/about/
about_wp.html) also emphasizes that Web sites bearing their Privacy Seal “must
provide reasonable security to protect the data that is collected”. Security is seen
as the technological aspect of the broader social issues that are related to privacy.
Privacy is particularly important for the protection of sensitive personal data
such as medical records, credit records, government data and personal data about
children. The US government has taken an untied regulatory approach to protect
such information. In other words the aim is to enable Internet users to choose for
themselves what level of privacy protection they want (Nelson, 1999). In Europe,
in contrast, data protection is stricter and has been articulated at a pan-European
level (Allaert & Barber, 1998). In the United States, the EU directive (EC, 1995)
has been perceived as being overprotecting for European companies, raising
barriers to the free exchange of electronic data between Europe and other countries
(Swire and Litan, 1998). Indeed, the European directive on data protection
challenged electronic transactions and data exchanges internationally, as it banned
the export of personal data from the EU to those countries without strict federal data
protection laws. This included the U.S., and resulted in severe trade disputes at an