Privacy Policy Issues and PagesPrivacy and the WebImportant LegislationLitigationPrivacy PagesPrivacy Page Design GuidesAdditional Wisdom from the FTCPrivacy Pages - ExamplesSite Design and FunctionalityPlatform for Privacy Preferences Project (P3P)Slide 11ReferencesSlide 13Slide 14Privacy Policy Issues and PagesMaria Elena BarocoSchool of InformationThe University of Texas at AustinLIS 385T Information Architecture and DesignDr. Don TurnbullFebruary 6, 2003Privacy and the WebCookies and informed consent(Millett, et al., 2001)File transferOnline commercial transactionsImportant Legislation1996 Gramm-Leach-Bliley Act–P.L. 106-102, Title V, Privacy, Subtitle A: Disclosure of Nonpublic Personal Information–Encoded in 15 (Commerce and Trade) U.S.C. Subchapter I, Sec. 6801-6809–Applies to financial institutions–Regulates the commercial use of private, personal informationLitigationMicrosoft Settles FTC Charges Alleging False Security and Privacy Promises –Settlement prohibits any misrepresentation of information practices in connection with Passport and other similar services –Requires Microsoft to implement and maintain a comprehensive information security program –Microsoft must have its security program certified as meeting or exceeding the standards in the consent order by an independent professional every two yearsPrivacy PagesIn a survey of 1,400 Web sites–85% collect personal information from consumers–14% of a random sample provide notice of their information practices–2% provide a comprehensive privacy policy(Federal Trade Commission, 1998, pp. ii-iii)Privacy Page Design Guides“An effective privacy notice includes:–a customer-based process that invites and uses consumer feedback –plain language that enables a short, simple, easy-to-read message –graphics that make a notice attractive and inviting” (Federal Trade Commission, 2002, What makes a notice effective? section)Additional Wisdom from the FTC“Remember that a user-friendly notice not only reflects user input and involvement, but also how much your company values its customers.”“hyperlink [technical terms] to a definition or use a simpler term or phrase in the text and link to the technical term.” “sans serif fonts for headings and Web” (FTC, 2002, sections User-based process & Notice language)Privacy Pages - ExamplesAmazon - http://www.amazon.com/exec/obidos/tg/browse/-/468496/002-4658874-1116038 New Zealand Yellow Pages - http://www.yellowpages.co.nz/privacy.htmleBay – http://pages.ebay.com/help/community/png-priv.htmlYahoo - http://privacy.yahoo.com/privacy/us/Site Design and FunctionalityAccuracy of online privacy statements are not guaranteedAll of those involved with a company’s online practices (design, developing, marketing, etc.) must understand applicable law and the company’s statementPlatform for Privacy Preferences Project (P3P)a W3C (World Wide Web Consortium) standard “enables websites to display a machine-readable version of its privacy policy, referred to as a ‘compact policy’ and eliminates the need for users to manually read each organization's privacy policies posted on every site they visit”Platform for Privacy Preferences Project (P3P)“automatically displays key information about what data is being collected and shared by a website” discrepancies between a site's practices and the user's privacy preferences, as set by the browser, are automatically flagged with a subtle warning message to the user (Watchfire, 2001)ReferencesFederal Trade Commission. (1998). Privacy online: A report to Congress. Retrieved February 6, 2003 from http://www.ftc.gov/reports/privacy3/priv-23a.pdfFederal Trade Commission. (2002). Getting noticed: Writing effective financial privacy notices. Retrieved February 1, 2003, from http://www.ftc.gov/bcp/conline/pubs/buspubs/getnoticed.htmReferencesFederal Trade Commission. (2002). Microsoft Settles FTC Charges Alleging False Security and Privacy Promises. Retrieved February 5, 2003 from http://www.ftc.gov/opa/2002/08/microsoft.htmMillett, L., Friedman, B., & Felten, E. (2001). Cookies and Web browser design: Toward realizing informed consent online. Proceedings of the SIGCHI conference on human factors in computing systems, 3(1), 46-52. Retrieved February 5, 2003 from http://doi.acm.org/10.1145/365024.365034ReferencesWatchfire and PricewaterhouseCoopers Announce Privacy Software and Services To Help Comply with P3P. (2001). Retrieved February 5, 2003 from
View Full Document