¶ … Integrity: Privacy Protection in e-Commerce Websites Privacy Protection in e-Commerce Websites

Back in the 90s, websites were more or less digital brochures that did little more than serve their registered users with monthly electronic newsletters. Today, however, websites are powerful and complex information platforms that not only store and process data, but also allow for the sharing of information across a wide range of online platforms. We share personal data on these websites, and unfortunately, the same passes on to numerous other parties, compromising our own security as well as that of our families in the process. The situation is even worse in the case of e-commerce websites. Whilst they have made shopping a whole lot easier by bringing specialty retail within a few clicks, they have also sprawled up opportunities for thieves who now find it a whole lot easier to obtain personal information and credit card numbers from unsuspecting shoppers. A 2001 study by Culnan (as cited in Ackerman & Davis, 2003) found that the reason most people provide false information on e-commerce websites is because they either do not believe that their information is well-protected from unscrupulous persons or because they feel that they have very little control over how their personal data is used by businesses. For this reason, companies are increasingly adopting fair information practices directed towards safeguarding user information. This text outlines some of the fundamental privacy protection features put in place by some key e-commerce companies to protect information revealed on their corporate websites.

Privacy Protection Features

Privacy Controls

In a bid to address the problem of users not having control over the information they reveal on e-commerce websites, companies have adopted privacy control features that give users substantial control and specificity over data-sharing activities performed on their corporate websites. Most websites allow users to choose whether or not to provide personal information, and also define whether or not they wish to receive legal notice or terms of use from the company. More sophisticated websites such as Amazon.com actually give the user the power to decide whether the information they provide can be used to personalize advertisements displayed to them (Amazon, 2014). Barnes & Noble.com and Amazon.com grant their users substantial control over the acceptance or rejection of cookies (Barnes & Noble, 2014).

Privacy Policies

A company's privacy policy is meant to communicate its privacy practices to outsiders. It is often a lengthy document detailing among other things, the personal information that the company collects, reasons why such information is collected, the manner in which such information is collected, how the company uses such information, how such information is secured, who it is shared with, and so on (Amazon, 2014; Barnes & Noble, 2014). Privacy policies go a long way in helping website users understand the inherent data relationships on the site. The FTC requires all websites to have a privacy policy, and as such, it advises users to i) look for a privacy policy whenever they are asked to provide personal information or register onto a website, and ii) ask the company to post the same in case they cannot find one.

Security Seals

Any website that treats personal information provided by its users ethically will put in place stringent measures to ensure that its third party providers, who also have access to the information, treat it in a manner that does not compromise the privacy and security of users. Third party seals are meant to ensure that third party providers, affiliated to the primary corporation, take personal information entrusted to them by users seriously. The five classes of security seals common in e-commerce websites, and their respective security assurance indices on a scale of 1-5 are listed below:

Reliability website seals: these vouch for the company's identity by validating its email addresses, telephone number(s), and mailing addresses. They simply give an assurance that the company is indeed what it claims to be (TRUSTe, 2014). Towards this end, they signify that the entity is an incorporated company. However, reliability seals have an extremely low security guarantee index (1 of 5) - first because they provide no information on how the company uses its users' personal information, and secondly, because they provide no safeguards barring fake companies from setting up fake contacts and posing as legitimate entities. Comodo Authenticity and BBB Online Reliability Seal are two of the most commonly-used reliability seals in e-commerce websites (TRUSTe, 2014).

Security seals (SSL Certification): these include GeoTrust, Comodo, and VeriSign. They seek to validate that an entity has SSL (Secure Socket Layer) protection safeguarding...

They are represented by such symbols as 'https://' in the address bar or the 'lock' feature at the foot of the browser window. This basically means that criminals cannot intercept information transmitted through the website. Nonetheless, the security assurance index is still relatively low (2 of 5) because the seal only offers protection for data in transit, and offers no such protection once the data is in the site's database (TRUSTe, 2014).
Vulnerability website seals: they have a 3/5 security assurance index and include SquareTrade and HackerSafe. They offer some form of assurance that the site is scanned for vulnerabilities on a regular basis (TRUSTe, 2014).

Privacy seals: these include ESRB Privacy, BBB Online Privacy, and TRUSTe. They have a 4.9 security index, and extensively cover internal data usage as well as data collection processes, allowing users to file complaints in case they feel that their sensitive information has been mishandled (TRUSTe, 2014).

Consumer ratings seals: these basically are reviews from other shoppers who have interacted with the company's website. Such seals offer a security assurance of 4 out of 5, and often go a long way in giving shoppers a glimpse of what to expect from the site (TRUSTe, 2014). However, they offer no guarantee that the site is indeed free from security and privacy risks.

Anonymity Services

E-commerce websites need to provide anonymity services for online payment, surfing the web, and also for email exchanges. The main idea behind anonymity services is to equip users with self-defense tools by which to hide their sensitive information from unscrupulous collectors and privacy violators (Head & Yuan, 2001). They include:

Anonymous email: in this case, an anonymous remailer chain is used to transmit email messages while hiding the personal details of the sender and recipient (Head & Yuan, 2001). Message encryption is included at various stops within the chain to keep the information being transmitted away from eavesdroppers (Head & Yuan, 2001).

Anonymous web-surfing: in this case, proxy servers are included in the site such that web servers are only able to capture the proxy's identification, and not users' personal information (Head & Yuan, 2001). Cookies are the most commonly-used tool in this regard; almost all e-commerce websites use cookies, but give their users the discretion to either accept or reject the same in their interactions with the website.

Anonymous payment: in order to maintain anonymity in payment, e-commerce websites need to adopt smart cards or digital cash. This would go a long way in ensuring the privacy of transactions since there would be no way for the bank to link a user's identity to the electronic coin (Head & Yuan, 2001).

A Comparison of Key E-Commerce Websites in Terms of Privacy Protection Features

Amazon.com -- in its privacy statement, Amazon reiterates its commitment to secure any sensitive information provided by its website users and maintains that any such information is used solely for the purpose of customizing individual users' shopping and maintaining communication with users. Information collected includes that on user location, their telephone number and address, the identity of their mobile device, and so on. Cookies are used to obtain the aforementioned personal details; nonetheless, the website grants users substantial control over the information they give, allowing them to i) enable or disable cookies at will; ii) choose whether or not to receive emails from the company; and iii) decide whether the information they give to the company could be used by third party subsidiaries for telemarketing purposes (Amazon, 2014). The site protects its sensitive information through SSL software. Its attempts to maintain anonymity in payment is evident from the fact that only the last four digits of users' credit card numbers are revealed during order confirmation (Amazon, 2014). Further, having received the BBB Online privacy seal, the site maintains adherence to the Safe Harbor Privacy Principles of data integrity.

Barnes & Noble.com -- Like Amazon.com, the Barnes & Noble site uses cookies to collect sensitive personal information about its users, and grants them the discretion to choose i) whether to allow or disable cookies; ii) whether to receive promotional emails from the company; and iii) whether the information they give could be used by third party providers for telemarketing purposes. Unlike Amazon, B&N makes use of a number of other tools -- web server logs, GIFs, targeted advertising, geo-location services, wireless networks, and social networking sites - in addition to cookies to automatically collect user information. There, however, is no evidence that users have control over all of these sources. All the same,…