Internet Changes Everything

Pressure For Better Privacy

June 22, 1998

Pressure For Better Privacy
Business moves to fend off regulation of Internet data
By Gregory Dalton
ost companies seek more intimate relationships with their customers, and many are turning to the Internet to facilitate them. But customers' concerns about data privacy on the Internet are rising, and the federal government is looking hard at what it should do in response.
The Department of Commerce is holding a two-day fact-finding session on Internet privacy this week. The government's interest has mobilized vendors: In anticipation of the Commerce session, several leading computer and data companies will unveil a strategy for self-regulating Internet data privacy.
The heightened sensitivity to privacy has even the most ambitious businesses treading lightly. "Privacy is clearly at the forefront of our minds in the online arena," says Sandy Herndon, manager of online marketing at American Airlines, which this week is unveiling a major overhaul of its Web site for frequent fliers. American is using the latest version of BroadVision Inc.'s One-To-One, which generates personalized Web pages by monitoring and responding to customers' activities while on the Web site. That process is known as personalization.
The American site represents one of the most aggressive uses of personalization to date. Each time a person visits the site, he or she will see Web pages driven by data from three sources: American's existing database, a detailed questionnaire submitted by customers, and observation of what they do while they're on the site.
American's cross-marketing partners--Citibank, Hertz, and Hilton--will also participate in the site. A person who requests a quote for a flight to Boston will receive extra information on the same Web page as the ticket price, such as for a Hertz car and a Hilton hotel room during that same period.
To head off customer worries about the new site, American says it has made its privacy policy more explicit in terms of what data the company is collecting and whom they're sharing it with. But the policy is still vague. It states, for example, that American "may provide customer lists or prospective customer lists" to its cross-marketing partners--but it doesn't name those companies, nor does it specify what type of personal information will be included in the lists. The policy is posted on American's Web site.
American is aware of the need to be sensitive to customers' concerns. "We're going to test the waters to decide how much we should infer from what we know and how much we should get users' permission," says Herndon. "It could be quite damaging if we go too far."
Step By Step
That's why some companies are taking personalization one step at a time. "You simply can't ignore the fact that people on the Web have strong privacy concerns," says Ken Hittel, an assistant VP at New York Life, which plans to ease into personalization by letting its sales agents create personal folders for visitors to the insurance company's Web site. The idea is to store information in those Web folders over time as customers research insurance options. Agents can put documents into folders but can't view the entire contents of folders.
First Chicago NBD is planning to introduce personalized service to its site when it upgrades later this year to Story Server 4, the latest version of Vignette Corp.'s content-management server that adds features for developing personalized relationships with customers. Mindy Kall, an assistant VP at First Chicago, says the bank is interested in "implicit" personalization, which tracks user behavior, rather than asking customers to complete online forms.
But other companies say it's too early for that. "Customers are a little bit leery about having too much information and power in the hands of banks," says Colin Henderson, senior marketing manager at Mbanx, a division of Bank of Montreal. Mbanx is using forms to gather information to be used for generating personalized Web pages.
Internet companies have dealt with customer concerns over data privacy for a while. "If you're a little too explicit about what you know about a person, and that comes across, you can turn that person off and he or she may never come back to that site," says George Campbell, senior VP of interactive services at Brierley & Partners, a direct-marketing firm that has helped customers such as United Airlines do personalization using Brierley's proprietary technology. "We are in a big learning curve in finding out where the limits are."
Proof Of Privacy
A handful of Internet companies want to show their customers how serious they are about privacy. Those companies, such as MatchLogic, a database marketing firm owned by Excite Inc., have hired accounting firms to conduct audits to ensure they're complying with internal privacy policies. "It's an extremely expensive proposition," says MatchLogic CIO Steve Lucas. "But if you raise the bar, consumers have a higher level of confidence."
Lucas is a board member ofTrustE, an Internet industry association promoting the audit strategy. "I'm seeing more and more companies dedicating resources to privacy," Lucas says. Those companies realize that beefing up their privacy policies will enhance, not hinder, electronic commerce.
In all, 72% of people who buy products on the Web say it's "very important" to have a policy explaining how personal information is used, according to a survey of 1,011 adults conducted by Louis Harris and Associates and Dr. Alan Westin of Columbia University. Dave Pearson, director of IT infrastructure at the Boston Globe, says his company is in the process of formulating its policy. "We have to have a policy statement that people will feel comfortable with and that is extremely clear in terms of what information we collect and what we will or won't do with that," he says. However, the Federal Trade Commission found privacy policies were posted at only 14% of the 1,400 Web sites it recently surveyed.
That lack of explicitness has privacy advocates worried. "Privacy law as it relates to technology is significantly behind the technology itself," says Barry Steinhardt, president of the Electronic Frontier Foundation. And industry self-regulation has been inadequate, he says.
The Commerce Department meeting will probe that question and gather input from industry observers and privacy advocates for a July report on how the government might regulate privacy matters. The FTC is also considering action, and there are about 70 laws before Congress regarding various aspects of Internet privacy, according to Thomas Martin, an associate professor at Syracuse University's School of Information Studies in Syracuse, N.Y.
The European Union has already passed a data-protection directive that, beginning in October, will require firms transporting data across national borders to have certain privacy procedures in place. That would affect virtually any company doing business in Europe; the directive is driving much of the attention being given to privacy in the United States.
Most user companies and computer vendors are wary of the federal government's dictating Internet privacy standards. A group calling itself the Online Privacy Alliance will announce this week a voluntary code of conduct backed by companies such as AT&T, Dun & Bradstreet, the Lexis-Nexis division of Reed Elsevier Inc., Microsoft, and Netscape. The alliance's guidelines will call on companies to notify users when they are collecting data at Web sites, to gain consent for all uses of that data, to provide for the enforcement of privacy policies, and to have a clear process in place for receiving and addressing user complaints.
The Online Privacy Alliance's aim is to convince U.S. and European regulators that government moves aren't necessary because industry is capable of regulating itself. Says Tess Koleczek, Netscape's Web-site data-protection manager--a new position created to handle data privacy--"Everyone fears legislation because you never know what they're going to come up with until it happens."
--with additional reporting by Justin Hibbard, Beth Davis, and Clinton Wilder

April 24, 2007 at 08:52 PM in | Permalink | Top of page | Blog Home