The Internet Advertising Bureau has issued voluntary guidelines for online privacy, to help its members develop their own privacy policies and to set minimum acceptable standards for the protection of
users. Among its general recommendations:
- Post privacy policies before collecting personal identifiable information (PII)
- Give users access to policies at the information collection point
- Develop and incorporate awareness programs to educate business partners and site visitors on privacy
- Take steps to make sure corporate privacy policies are consistent with the online privacy statement
- Include an "as of" date noting when the policy was last changed.
The IAB guidelines specify the type of information a privacy policy must include, such as the nature of the data being gathered, how it will be used, whether third parties will have any access, and
what steps the company takes to protect the information. The guidelines recommend that users be given information on cookies and log files, and be given the opportunity to opt out. There also should be a
clear statement that PII will be used only for its original purpose, that the company will contact individual users if the use changes in any way, and that users can opt out of the new information
use.
The text of the guidelines can be found at http://www.iab.net/privacy/privacy_guidelines.html.
An Internet privacy survey of current online users in the U.S. has found that overall, 32% of users are at least somewhat uncomfortable providing personal information online, though 55% are at least
somewhat comfortable with the practice. The study was commissioned by Arthur Andersen and conducted by Knowledge Systems & Research Inc.
Online users are least comfortable sharing Social Security numbers, credit card numbers and business contact information.
Almost all online users are at least somewhat concerned about privacy when shopping or browsing online. For one-fifth, this level of concern has recently increased. Among those indicating increased
concern regarding privacy, most cite recent media attention on improper business use of personal information, as well as on hackers, as reasons. Junk mail/spam is also cited.
One out of eight online users have configured their browsers to reject cookies, generally because of privacy concerns. Of those rejecting cookies, one-quarter have recently made this adjustment to
their browser configuration.