The question of privacy involves the collection of personal details about individuals as well as their financial details (www.cyber.law.harvard.edu). Customers provide this information for a particular transaction and may not necessarily authorize its transmission to other unauthorized persons. This raises the issue of maintaining the privacy of the data as well as its confidentiality, i.e., not allowing it to be accessed by unauthorized persons. Secure sites could also be compromised in some instances (Feinberg, 2006), so that personal data that is split into units and transmitted across the electronic waves may sill be accessed. The integrity of the data provided is then compromised and the disparate bits of information brought together into a coherent whole can be accessed by unauthorized persons if they gain access to the secure sites.
2. There are three basic sub-categories that can be identified under internal threats: (a) existing employees (b) former employees and (c) employees of third parties.(De Guzman, 2006). Existing employees who have access to confidential information may be of two types (a) malicious – or those employees who have some grudge against the Company and thereby compromise data security to achieve their own ends and (b) accidental – existing employees, who because of their lack of training, or because they fail to follow the correct procedures may engage in acts that compromise the security of data existing on these sites. DeGuzman (2006) has provided several examples of how such data exposure can take place, such as the incident of an employee who accidentally erased a disk containing sensitive information about consumers.
Thirdly, compromising of data may also occur through employees of third parties. Since the global environment is becoming more intense and competitive, many companies are resorting to using third parties and outsourcing their functions to these third