Is Your Private Data Safe on the Web?
July 30, 2002 — -- Do you know what's happening with your personal data on the Web? Chances are, you don't.
"A lot of people have no idea that when they fill out a form on the Web site what happens to that data," says Lorrie Cranor, a researcher with AT&T Labs in Florham Park, N.J. "That [information] might be used in research and development, it might be shared with other companies, it might be used to develop a profile to help [the site] develop what [other content] to offer them."
Many Web companies have so-called privacy policies — agreements with the users about what can and can't be done with any sensitive data they may disclose online. But privacy advocates note that such policies are hardly ever read — or understood — by consumers.
"Privacy policies are supposed to address what companies do with a user's information," says Ari Schwartz, associate director of the Center for Democracy and Technology in Washington, D.C. "But they're often too confusing and filled with legalese."
And sometimes amid that confusion, potential for abuses (or "mistakes") can occur.
For example, nearly one million visitors had entered personal medical histories on the once-thriving DrKoop.com Web site with the understanding that such data would not be shared with other companies.
But when the Web site went bankrupt last year, company executives attempted to sell such customer information along with other company assets to Vitacost.com, another online consumer health site and potential suitor.
Users — along with several states attorneys general — managed to successfully bar the sale of such sensitive information by filing suit. (Last week, Vitacost bought the Dr.Koop.com Web site and trademarks but the only information about former members it received was their e-mail addresses).
"Most people think that nothing bad is ever going to happen to them [and their data]," says Cranor. "But you don't know when you're going to be the one that has to suffer the consequences until something happens."