The bad news is no secret, but it bears repeating: If you have bought anything online in the past several years, your personal information, including your home address and credit card number, is probably accessible via the Internet — and available to people with less-than-noble intentions.
Driving home that stark reality, New York officials recently announced that thousands of people may have had their identities stolen through a software company that helped major corporations conduct credit checks. Although the incident proved to be an inside job, it underscored what many have long believed: Storing information online is not a secure practice. In fact, nearly three years ago, Sun Microsystems CEO Scott McNealy pronounced online privacy dead on arrival. “If you’re online, you have zero privacy,” he said.
And exposure of personal data has not yet peaked. In coming months and years, a move toward wide adoption of Web services likely will mean more sharing of information, including customer data, among companies.
Flight or Fight
Consumers apparently have gotten the message. Time after time, they have told researchers they worry about what happens to personal data provided to online merchants. For example, in a Gartner survey, 80 percent of online shoppers said they were concerned about how much data was stored or available online.
Even so, shoppers are not worried enough to close their wallets. “Consumers are definitely concerned, but they’re also apparently ready to take some degree of risk,” Gartner research director Richard Mogull told the E-Commerce Times.
One problem for many consumers is that they have freely provided information in the past without keeping a record of where it went. Experts say such actions could prove disastrous if a consumer suspects someone has obtained his or her information without authorization. The resulting confusion could make it difficult to trace the source of the breach, slowing down investigations.
Choose Aggregators Carefully
In a similar vein, although wallet systems, such as those offered by Yahoo! and others, may be convenient ways to avoid keying in the same information repeatedly, they can become targets for hackers. For example, Microsoft’s Passport system was the subject of a privacy prosecution by federal authorities.
“A site that handles credit card information and stores it permanently is just too inviting for a hacker to pass up,” Scott Nevins, CEO of database security and privacy protection firm Protegrity, told the E-Commerce Times. “Ninety percent of the time data is just sitting there, and that’s when it can be the most vulnerable from both outside and inside a company’s walls.”
Drawing the Line
Of course, there is a difference between simple invasion of privacy and the nightmare of having personal data hijacked, stolen or used to commit fraud. But even a small amount of data exposure can be problematic for certain people. For example, former Yahoo! CEO Tim Koogle found himself embarrassed by a newspaper account of how he used a screen name to bid on items up for auction on then-rival eBay.
Fortunately, as consumers continue to pour ever-greater sums into e-commerce companies’ coffers, smart shopping practices can minimize their risk of falling victim to identity theft or other data breaches. And it is never too late to start taking cautionary measures, according to online privacy experts.
The first rule of cautious e-shopping is to become more selective about providing information.
“I think this is already happening as people become aware that what they tell one Web site may not remain there forever,” Fran Maier, executive director of TRUSTe, an organization that validates Web site privacy policies, told the E-Commerce Times.
Indeed, high-profile cases like the Toysmart bankruptcy — in which the company, after much outcry, decided to destroy its customer database rather than selling it to new owners — have served as a warning to consumers to be more selective.
“Consumers are more savvy, but it’s a changing landscape, so it’s difficult for anyone to feel completely safe,” Maier noted. “The best they can do is be careful and choose wisely.”
The U.S. Federal Trade Commission (FTC) urges consumers to obtain a copy of their credit report and to realize that those same reports may be obtained by others. Other agencies note that a simple search engine check of a consumer’s own name can reveal how much information is available and where.
“We’re trying to make sure people know it’s their choice of what’s being circulated,” FTC spokesperson Claudia Farrell told the E-Commerce Times. “That starts by knowing what is already out there.”