Information Technology Reference
In-Depth Information
including a reasonable opportunity to review information and to
correct inaccuracies or delete information.
4. Security : Websites would be required to take reasonable steps to
protect the security of the information they collect from consumers.
The Commission recognizes that the implementation of these prac-
tices may vary with the nature of the information collected and the
uses to which it is put, as well as with technological developments.
For this reason, the Commission recommends that any legislation
be phrased in general terms and be technologically neutral. Thus,
the definitions of fair information practices set forth in the statute
should be broad enough to provide flexibility to the implementing
agency in promulgating its rules or regulations.
Third-party privacy seals are a good way to gain the trust of consumers
because these third-party consumer privacy protection organizations cer-
tify the enterprise's privacy policy. There are two types of privacy seal pro-
grams. One has strict guidelines that prohibit sites from sharing consumer
information they collect with other business partners or from using it for
direct marketing programs. Secure Assure, which has 200 member compa-
nies, offers an audit program but requires members to adhere to a stringent
privacy guideline stating that the e-business will never share a consumer's
private information with a third party. Other privacy seal programs award
stamps-of-approval to sites that simply stick to whatever privacy policy
promises they have made. The oldest and most well known privacy seal pro-
gram is Electronic Frontier Foundation's TRUSTe (www.truste.org), which
was started in 1997 and has more than 1300 companies as members.
The threat to information privacy and security can never be eliminated,
but controls and technologies can be applied to reduce the risks to accept-
able levels. The challenges faced by the various enterprises in this regard are
described below.
19.1.4 Trust
Trust in the context of cloud computing is intimately related to the general
problem of trust in online Activities. The Internet offers individuals the abil-
ity to obscure or conceal their identities. The resulting anonymity reduces the
cues normally used in judgments of trust. The identity is critical for develop-
ing trust relations; it allows us to base our trust on the past history of interac-
tions with an entity. Anonymity causes mistrust because identity is associated
with accountability, and, in the absence of identity, accountability cannot be
enforced. The opacity extends immediately from identity to personal charac-
teristics. It is impossible to infer whether the entity or individual we transact
with is who it pretends to be, since the transactions occur between entities
separated in time and distance. Finally, there are no guarantees that the enti-
ties we transact with fully understand the role they have assumed.
Search WWH ::




Custom Search