Personal Data Privacy - Research Paper Example

? Full Paper This report will highlight issues related to personal data privacy and its impacts to facilitate other crimes. Introduction defines the initialization phase of personal data privacy. Study and research demonstrates legal issues personal data privacy acts for European countries and counter measures related to personal data privacy on the Internet. 1 Introduction Internet evolution has aided businesses to collect and store data in their databases from online business i.e. from the Internet. Customers visit websites and but products online. In order to do so, they provide information related to their credit cards, banking details, personal details etc. everyone do not follow an approach to provide personal information to any online organization. Nowadays, an online consumer finds a credible source of websites prior to processing online transactions. Consumers can only judge their credibility by security seals or their international presence around the globe. Unfortunately, no one knows that these organizations do, in order to protect customer data that is stored in their databases. For instance, if a security breach occurs in one of the databases of these organizations, millions of records related to customer personal information and most importantly, credit card numbers will be in control of cyber criminals and hackers. This concludes to a new term that is known as identity and data theft. This is the first major concern of data privacy. Secondly, there are issues where customers are not aware from the pros and cons of providing personal information online. They tend to provide information on unsecure social networking sites and vague online businesses. As a result, they suffer the consequences. This paper will highlight local regulations concerning personal data privacy. Moreover, some implemented counter measures in terms of web site privacy policy and access of law enforcement agencies, privacy on social networking sites, real world security breaches and surveys will be discussed. 2 Data Privacy Survey Findings from the survey include: 45% do not think that banks and online retailers do enough to protect their personal data; 83% specifying the security of their bank and credit card details as being their priority concern. 36% of consumers would not put personal information online, yet 11% of them have still been a victim of data theft. Only 5% of the UK public surveyed are not worried about data loss. As well as the security of financial data being a concern, 46% of all respondents are most concerned about protecting their medical records, and is highest amongst the 45+ ages 45-plus (52%). Data retrieved from (Lack of Consumer Trust in Data Security in the UK. 2007) After interviewing the people, most people blamed themselves, for making their personal information vulnerable and includes the rating of 60% people blamed retailers, 28% people blamed themselves as they consider that they have exposed their personal information themselves and it is their own fault. Moreover, 12% people blamed financial institutions i.e. banks (Survey Reveals Massive Incidence of Credit Card Fraud and Identity Theft; Retailers blamed for making people vulnerable to fraud. 2010). After reviewing these figures, there is also a requirement to create an awareness program for people who tends to provide personal information on the Internet. 3 Impact of Exposing Personal Data The requirement for securing personal data and privacy online is due to many reasons. The first reason incorporates not a single law of how to handle customer data. For instance, if an online company sells products and maintains databases including customer information, they can do whatever they want. Most probably, they can sell data in terms of cash. Every website has a link stated as ‘Website Privacy Policy’, but no one knows exactly, to what extent they are authentic. The practical approach to that privacy policy is a different story. The second most prominent reasons are hacking, viruses, Trojans, spywares, phishing and many more. All these threats are designed to gain administrative access to user systems and to steal confidential and personal information Due to these threats; organizations are bound to incorporate strict security procedures and compliance for databases that are incorporated with customer data. Moreover, incorporation of intrusion detection systems and expensive security devices are not new. Customers provide information online due to many reasons, but most importantly, they provide information mostly on the website. Due to lack of technology and measures of customer personal privacy, online businesses fail to protect their database by security breaches conducted by hackers or cyber criminals. The data including all the personal information of the customer is breached resulting in exposure of thousand of authentic customer personal information and financial status. In order to conduct a security breach on the web server, cyber criminals use Internet, as a carrier along with intelligent codes that are purposefully constructed to extract confidential information, the most favorable point of attack is the web server. The information that is provided online by the users is gathered in a database that is connected to the web server. Hackers and cyber criminals deploy various methods to attack web servers in order to extract information that is stored in the database. Due to this reason, business suffer severe losses from data theft issues as in 2009 investigators related to data breach reported from Verizon business that crooks nabbed 285 million records. Peter Tippett, who is the author of the report and vice president of innovation and technology with Verizon Business, says that the report includes all the IP addresses associated with the account that are used in the thefts, and criminals are identified only because of in depth investigations by collaborative support of law enforcement agencies including FBI and Scotland Yard. From this particular report, 90 security breaches were studied out of which 68 were reversed for further investigation to a specific IP address and location. The conclusions highlighted Eastern Europe as a common source followed by East Asia and North America (Larkin 2009). 3.1 Social Networking Sites Moreover, social network sites are another domain that is of prime concerned, in the context of exposing personal privacy. People are spending an enormous amount of time on these websites, and are becoming habitual of online communication, which portrays a negative impact on face-to-face communication. The teenagers are not aware that the information and published material including pictures can be retrieved even after deletion from the social networking site. By over sharing, personal information may attract cyber criminals, burglars and even employers who can evaluate values of a person by reviewing comments on the site that may compromise the individual to lose his job. There is no credibility of the user authentication of what they are claiming to be on social networking sites. Users trust textual communication from these social networking sites more than emails. The security of these websites can be compromised anytime and can publish the communication or personal pictures on the web if breached. However, the integration of email filtering and spam protection is not available on social networks as compared to the traditional email software, which can be integrated with anti viruses and anti phishing frauds. Moreover, online users are unaware of the public nature of online profiles generating security risks to the personal and confidential data that can be trade in for various purposes against cash. 3.2 A Treat for Hackers Social networking profiles are the best sources for cyber criminals to gather information, which can be used for stealing information, for example; birth days, pet names, mothers' maiden names, secret questions, names of children can be revealed from the interest column of the user profile. By posting personal information, offline crime may result. For example, an individual is discussing a vacation plan and the robbers on the other side planning for home robberies, discussing about the new laptop, which the user has purchased along with the expensive cell phone, which can also result in street crimes. Moreover, hacker traces whether, the victim is online or offline with the aid of SNS. A research was conducted in the past for evaluating data privacy issues of social networking sites. The impact of wrong identity on social networking sites has a high impact as majority of students and teenagers are addicted of cyber bullying. Impact of cyber bullying in society is immense as: “The woman linked to a fake MySpace profile of a 16-year-old boy created to start an Internet relationship with Megan Meier, the Missouri teen who hanged herself after receiving hurtful messages, is now believed to be the victim of a cyber-bullying impersonator herself” (, MySpace Mom Linked to Missouri Teen's Suicide Being Cyber-Bullied Herself - Local News ). The action was taken due to threats associated with it. Probably the credibility of information is not on the optimal level for these social networking sites that is prompting questions to the United States department of defense. 3.3 Legal Issues E-commerce has provided various benefits but losses from security breaches are severe along with legal problems. The study conducted by (Fusilier & Penrod 2009) highlighted gained versus loss prevention in terms of regulatory focus. The research shows the review of the courses that the 163 master’s programs that are offered were examined. The data was collected by the web search that was related to master’s program curriculum. After the examination of all the results from all these masters programs, the conclusion was that master's programs lack courses or modules related to security, law or ethics. As these topics highlights the issues that are currently faced by the e-commerce such as legal and security incidents, it is very important to add these courses or modules to the master’s programs. Measures in security will strengthen ways to improve some prominent issues including data theft, data privacy, identity theft, hacking etc. 4 Personal Data and Privacy Acts In order to address data privacy concerns, European Union constructed a framework to protect personal information and privacy, as “Directive 95/46/EC is the reference text, at European level, on the protection of personal data. It sets up a regulatory framework which seeks to strike a balance between a high level of protection for the privacy of individuals and the free movement of personal data within the European Union (EU). To do so, the Directive sets strict limits on the collection and use of personal data and demands that each Member State set up an independent national body responsible for the protection of these data” (Protection of personal data ). The directive 95/46/EC is applicable on automated and computerized data. For example, client information databases and data, which include involvement of non-automated filing system. Moreover, the main purpose of this directive is to protect personal data privacy by associating certain guidelines that defines the credibility of process in the context of law (Protection of personal data). Moreover, the European Union also addressed the data privacy in the context of e-commerce by further balancing it with Directives 2002/58/EC on Privacy and Electronic and Communication (DPEC), in the context of computing personal data in the domain of electronic communications sector 9 wrapping computer personal data by communication mediums and services that is publicly available (Wong, 2011). However, ‘Art. 29’ suggested an expression on ‘comprehensive and consistent data protection framework’ in order to eliminate all the remaining concerns and to dominate European Union competence (Wong, 2011). 4.1 Measures to Preserve Privacy These seals ensure data privacy for consumers who provide data online. These security seals implements certain rules and policies when they are incorporated with any website. This gives customers some assurance of their personal data, as identity theft is a debatable issue that is still rising. As the servers of these websites, contain all the personal information of the customer and most importantly credit card numbers due to e commerce transactions. Some of the seals are defined as each of them specifies their own rules and policies. 4.1.1 ‘Truste’ ‘Truste’ was the first to introduce seals on e-commerce websites. It was established in July 1996 along with a pilot program by the electronic frontier foundation and commerce net consortium. However, it was launched on 1996, but the final release was in 1997. All the websites that are incorporated with ‘Truste’ must publish a privacy policy for the website (Moores & Dhillon 2003). The policy must include (Moores & Dhillon 2003): What personal information is collected through the website How this information is utilized. How the website collected this information for example, in terms of cookies or some type of form. The personal information of the customers is shared with third parties or not? What security measures are applied to the personal data that is in the possession of the company? 4.1.2 Web Trust Similarly, after ‘truste’, in September 1997 ‘Web Trust’ was released. The American Institute of Certified Public Accountants (AICPA) launched it. Likewise, the next version 3.0 was released in November 2000. The requirements for incorporating this seal to the website are different as compared to ‘truste’ (Moores & Dhillon 2003). The requirements are (Moores &Dhillon 2003): If a website wants the seal of Web trust, ‘Licensed Chartered Public Accountants’ (CPA) will inspect the website to ensure compliance related to security, transaction integrity, business practices, confidentiality, availability and non disclaimer. The website must publish its privacy processes and to ensure for the protection of customer personal information. Customers can also contribute for the data collection process. The processes for encryption techniques, disaster recovery procedures, security breaches are mandatory when the website is also incorporating with the ‘WebTrust’ Security principle. 4.1.3 BBB Online BBB online was established in 1998, and released in March 1999 by the Better Business Bureau (BBB). BBB online contains two seals named as reliability seal and privacy seal. The reliability seal is related to the certification of companies that only operates online and do not have a physical presence. The seal ensures that the particular online business is reliable and secure for the online customers. In contrast, the privacy seal focus on privacy statement and customer choice (Moores & Dhillon 2003). As per (Moores & Dhillon 2003), if the website wants to apply any one of the two seals of BBB online on their website they should: Respond efficiently to customer complains Publish a privacy statement on their website and list all issues in one document. Annual review is required for online transactions. 4.2 Security and Trust Doing business online has changed many trends in terms of communication between external and internal stakeholders within an organization. Online business or e-business can lead to a competitive advantage for an organization and maximize profitability. Moreover, many factors play role for making e-business successful. The factor that is on top is trust. It is very important for the organization to develop trust in their customers. Customer trust can be gained by several factors. A good website, unique product offering, provides low cost services, branding, and most importantly trusted seals. The most important factor trust has many dimensions including information contents of the website, electronic transactions, technology, product and organization standing. The research conducted by Velmurugan, M. S. (2009) that highlights security issues in web services. Moreover, the study also includes the role of trust in terms of online transaction and other factors that are involved in building trust for the online customers. The results of the study were that the organization must think every time for building trust for the customers and providing them security during online transactions. The organization must protect their customers by providing and eliminating these issues: Good customer service, No misuse of technology Build customer trust Protect personal information of the customers Maintain the reputation of the organization. The study also highlighted that for creating infrastructure for securing the online business several factors are required for consideration. The factors are regulation, policies, laws, law enforcement, and technical standards. Conclusion Data privacy must be prevented as no one has right to obtain and use anyone’s personal information in terms of any business or fraudulent activity. Survey demonstrated that online users sometimes tend to be careless while providing personal information on the Internet. Hackers steal this information to obtain funds and other advantages. Moreover, websites that are not credible sell customer information, in terms of cash. Furthermore, social networking sites must be regulated in terms of data privacy and security as they are favorite for hackers and cyber criminals to track and gain knowledge to victimize anyone. However, European Union has constructed counter measures in terms of Privacy and Electronic and Communication (DPEC) and Directive 95/46/EC. Moreover, privacy seals demonstrated credibility of online businesses that are relatively secure for providing personal information. Certain improvements are required in terms of legal issues and creating awareness of data privacy on the Internet. · References Protection of personal data Retrieved 5/6/2011, 2011, from http://europa.eu/legislation_summaries/information_society/l14012_en.htm Wong, R. (2011). Data protection: The future of privacy. Computer Law & Security Review, 27(1), 53-57. doi:10.1016/j.clsr.2010.11.004 (Survey reveals massive incidence of credit card fraud and identity theft.2010) Larkin, E. (2009). Organized crime moves into data theft. PC World, 27(7), 33-34. Survey reveals massive incidence of credit card fraud and identity theft. (2010). Software World, 41(3), 26-26. MySpace mom linked to missouri teen's suicide being cyber-bullied herself - local news | news articles | national news | US news - FOXNews.com Retrieved 5/6/2011, 2011, from http://www.foxnews.com/story/0,2933,315684,00.html Fusilier, M., & Penrod, C. (2009). e-crime prevention: An investigation of the preparation of e-commerce professionals. Journal of Internet Commerce, 8(1), 2-22. doi:10.1080/15332860903341281 Moores, T. T., & Dhillon, G. (2003). Do privacy seals in E-commerce really work? Communications of the ACM, 46(12), 265-271. Security and trust in E-business: Problems and prospects. International Journal of Electronic Business Management, 7(3), 151-158. Lack of consumer trust in data security in the UK. (2007). International Journal of Micrographics & Optical Technology, 25(1), 4-4 Read More