Prying Eyes

Kiplinger's Personal Finance Magazine, August, 2000 by Ronaleen R. Roha

RIGHT NOW, online privacy is a kind of no-man's-land full of minefields and with few regulations, so the main protector of your privacy has to be you. Says Charles Jennings, co-author of The Hundredth Window: Protecting Your Privacy and Security in the Age of the Internet (Free Press, $26) and co-founder of TRUSTe: "Privacy is not so much a right as it is a skill. You have to understand the consequences of providing information, and the benefits, too."

Your choices are often a trade-off between privacy and convenience. For example, you can delete all cookie files, but you run the risk that some Web sites will not run as they are supposed to, or may not run at all. Software to help you selectively delete cookie files is available (for more on fighting back with your own technology, see the box).

The best tool you can use to protect your privacy online is still common sense. Always assume that online communications are not secure unless you are running encryption software, such as free e-mail encryption from HushMail.com. Do not include sensitive personal information in chat-room discussions, e-mail or an online biography. E-mail, for example, may be archived on several servers between you and the recipient.

Other steps you can take:

Look for a privacy policy. If a Web site does not post a privacy policy, you may not want to do business on it. A good privacy policy should require that a site get your permission before collecting and sharing data, or at least let you choose not to be included by offering a so-called opt-out policy. It should also disclose what data the site will collect and state explicitly what it will be used for and with whom it will be shared. In addition, the policy should say how long the data will be on file; indicate how you may access your profile and change or delete it; give contact information for complaints; and protect the data with good security.

Check with www.privacyratings.org, a site created by Enonymous.com to post its ratings of thousands of Web sites' privacy policies. The scale runs from no stars for sites with no privacy policy to four stars for the ones it considers to be the best--typically, sites with an opt-in policy (asking whether you're willing to share your information) or those that do not collect data at all.

But don't put all of your faith in privacy policies. A site can change its policy at any time, not to mention violate it.

Look for a privacy seal. Several organizations review the privacy policies of Web sites and assign a seal icon to those that pass muster, which sites may display on their home page. There are two major privacy-seal programs. TRUSTe (www.truste.org) allows about 1,400 Web sites to display its seal, including America Online, eBay, Hotmail, E*Trade, Yahoo! and Travelocity. BBBOnline (www.bbbonline.org/consumers), which is a subsidiary of the Council of Better Business Bureaus, covers about 540 sites. Two smaller seal programs are CPAWebtrust (www.cpawebtrust.org), which specializes in financial sites, and Secure Assure (www.secureassure.org).