1 / 21

E-Privacy for Electronic Commerce

E-Privacy for Electronic Commerce. Implementing E-Privacy - An Enterprise Approach Tony LAM Deputy Privacy Commissioner for Personal Data, Hong Kong SAR Conference on E-Privacy in the New Economy March 26, 2001. 1. Why the concern about E-Privacy.

nika
Download Presentation

E-Privacy for Electronic Commerce

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. E-Privacy for Electronic Commerce Implementing E-Privacy - An Enterprise Approach Tony LAM Deputy Privacy Commissioner for Personal Data, Hong Kong SAR Conference on E-Privacy in the New Economy March 26, 2001 1

  2. Why the concern about E-Privacy It’s a core value of an organisation in any E-Business initiative E-Privacy “It is not whether an organisation can afford to adopt an E-Privacy policy, but whether it can afford not to do so” 2

  3. E-Privacy : A Business issue How can organisations improve key processes in an increasingly competitive environment? How can organisations maximise the benefit of information in the new information age? Can E-Commerce maximise its value to consumers and simultaneously retain their trust and confidence? 3

  4. E-Privacy : A Management issue “Failure to deal with privacy issues can present frightening risks to the E-Business enterprise” Damage to Bottom line Loss to potential business Loss of competitive advantage Adversely affect Stock price & Market share 4

  5. E-Privacy : A Management issue “When the client of a major bank can have $900,000 stolen from his account despite all the protections that are written into the system, it seems that even the biggest companies are vulnerable against the skills of a determined Internet criminal.” Source : South China Morning Post, February 22 2001 Damage to Customer loyalty Customers walk away Unfavourable publicity Adversely affect Business image & reputation 5

  6. E-Privacy : A Management issue “In 1998, a federal jury in the US awarded an identity theft victim $50,000 in actual damages and $4.7 million in punitive damages against a major credit-reporting agency. Jurors found that the company failed to follow reasonable procedures to maximise accuracy and that it, in doing so, willfully defamed the defendant” Source : Privacy Times Magazine, May 29 1998 Increased risk of Privacy lawsuits Direct costs of litigation Other costs of remedy Forced to modify trading practices or cease operations 6

  7. E-Privacy : A Consumer issue Trust and confidence are not yet the hallmarks of E-Commerce “Despite the fact that the majority of the sites collected personal information from the user, only a tiny minority provided a privacy policy that gave users meaningful information about how that data would be used. Sites both in the US and EU fall woefully short of the standards set by international guidelines on data protection” Source : Consumer International Privacy@net Report, 2001 7

  8. E-Privacy : A Consumer issue Source : Census & Statistics Department Survey, 2000 “Fewer than 2% of all respondents have bought goods or services or traded securities online. The main reason cited by respondents for not using the Internet to shop or trade was concern about security” Source : PCO Opinion Survey, 2000 “Of all the respondents, about 52% gave a rating of 8 or more on a scale of 0 to 10 to indicate their privacy concern about purchasing online. The highest privacy concern was “money loss due to interception of your credit card (84%), followed by “misuse of personal data by third parties (72%)”” 8

  9. E-Privacy : Consumer Concerns • Security threats • Insecure transmission of sensitive data • Unauthorised access, modification of information • Privacy intrusion • Unlawful & unfair collection of personal data • Disclosure of data for fraudulent purposes • Misuse of data for unintended purposes without consent • Unsolicited commercial e-mails 9

  10. E-Privacy : A Regulatory compliance issue E-Privacy data practices should operate on the principle that what is illegal offline is illegal online Hong Kong Privacy Law Personal Data (Privacy) Ordinance International and National Regulation EU Directive on Trans-border Data Flow International Conventions and Codes of Practice 10

  11. Privacy Stories • Real Networks - online software distributor • Collect musical tastes of users without their knowledge • TRUSTe announced to review its licence agreement • DoubleClick - online advertising agency • Profile users’ browsing habits with data of Abacus, a direct marketing firm it had acquired • FTC investigation ~ a drop of one-third in its share price • Toysmart - a toy retailer • Intended sale of a bankrupt business’ customer database • Court injunction to prevent the sale taking place 11

  12. E-Privacy : A Policy Framework Stage I E-Privacy Drivers Stage IV Pursuit of Excellence E-Privacy Stage III Strategy Implementation Stage II Strategic Planning 12

  13. E-Privacy : A Policy Framework E-Privacy Stage I E-Privacy Drivers • Organisation Culture • Privacy Core Value • E-Privacy Policy 13

  14. E-Privacy : A Policy Framework E-Privacy • Identify E-Privacy issues • Formulate strategies • Privacy Impact Assessment Stage II Strategic Planning 14

  15. E-Privacy : A Policy Framework • E-Privacy Policy Statement • Privacy Enhancing Technology • Compliance & Audit E-Privacy Stage III Strategy Implementation 15

  16. E-Privacy : A Policy Framework E-Privacy Stage IV Pursuit of Excellence • Manage & Review • Enhance Compliance • Continuous Improvement 16

  17. E-Privacy Policy Statement Privacy policies and accurate public statements outlining such policies are a vital step towards encouraging openness and trust in E-Commerce among consumers “They can help consumers to make informed choices about entrusting an organisation with personal data and doing business with it” 17

  18. Core elements of an E-PPS • General statement of personal data policy • your overall commitment to protecting the privacy interests of your consumers • Statement of data handling practices • the kind of personal data held • main purposes for which personal data are used • Notice of other practices • data disclosure practice • data retention and security policy • choice & consent in Internet marketing 18

  19. Making an Effective E-PPS Whenever a web site collects personal data of consumers • A prominent “hotlink” from the home page • A linked page from any data collection forms • Written in simple and easy to understand manner • Conforming with acceptable privacy standards • Relevant to the online environment of the site • Reflecting the core values of privacy protection Avoid “over-commitment” and “under-delivery” 19

  20. E-Privacy : The Pay-off • Building trust & confidence in the E-Economy • Gaining competitive advantage • Enhancing corporate governance Good Privacy Good Business 20

  21. Contacting PCO • Hotline - 2827 2827 • Internet - http://www.pco.org.hk • Email - pco@pco.org.hk • Correspondence - Unit 2001, 20/floor, Office Tower, Convention Plaza, 1 Harbour Road Wanchai Hong Kong 21

More Related