Data Privacy in Online Businesses - Research Paper Example

Running Head: DATA PRIVACY IN ONLINE BUSINESSES Data Privacy in Online Businesses Data Privacy in Online Businesses IntroductionDoing business online brings into sharp focus ethical questions about privacy and sharing data. Are information professionals in todays organizations prepared to respond to these challenging questions? For information technology professionals and management in organizations, it is not unusual to lack awareness of the organizations data policies. As the debate over data privacy grows louder and more bitter, information technology professionals are increasingly finding themselves in the middle of the controversy because it is the information technology that facilitates the collection, manipulation, and dissemination of data (Wilder & Soats, 2001). A perspective shared among the technology providers and the companies collecting and mining data is that ethical, privacy-respecting practices simply make good business sense. Are there guidelines in developing privacy policies to help organizations in establishing ethical responsibilities of the organization and the data professionals? How does an organization develop a data privacy policy that provides the environment for trust on the part of the consumers? A major focus needs to be the incorporation of fair information practice principles of notice, choice, access, and security. Management and information technology professionals need to develop an understanding of how to manage data ethically and communicate the policy effectively to the consumers (Samuelson, 1999). More information and experience is needed by students and professionals in management and information technology in the development of a data privacy policy. This research project serves to provide the needed information and experience for both students and professionals. Purpose of Study Current technology makes the threats to privacy less tangible and less visible. It is difficult to know when and for what purposes individuals are being watched or information is being gathered and used for purposes that are not endorsed by the individuals. While many organizations have the capacity to collect data from consumers, businesses have a profit motive that adds a greater threat to the privacy dilemma. It is not only the continual compilation of data about individuals that poses privacy trepidation, but the ways in which data can be transformed and sold to other organizations. This consumer profiling can be misleading and damaging. If e-commerce is to succeed, businesses must work to develop a trustworthy, secure online environment. Developing a privacy policy is the first step in creating that trust. Incorporating a privacy policy into an organization requires the organization to examine its data needs, analyze its current data practices, and establish clear guidelines regarding the use of collected information. In creating a policy, an organization can build on existing corporate standards or develop new guidelines. Whether a company chooses to build from existing procedures or start anew, it is important that the necessary due diligence be undertaken to ensure that both customer and corporate needs are met. This is not a task that should be taken without due consideration. The purpose of this study is to identify and analyze online privacy policy incorporation of fair information practice principles utilizing a multiple case study approach with the goal of extending knowledge. The primary purpose of this research study is to depict an organizations privacy policy and conceptualize it. The research will also incorporate evaluation of the privacy policy. With this purpose, the goal of the research is to create a rich, thick description of a privacy policy being evaluated and identify salient constructs, themes, and patterns. Literature Review Compelling forces that are fueling the new economy drive the Information Age. Increasingly powerful computers in conjunction with sophisticated data mining techniques are giving businesses massive volumes of valuable data about their customers (Samuelson, 1999). The problem is the fact that consumers, employees, the media, and elected officials now realize that their personal data is often sold or exploited without their knowledge or consent. To ensure consumer confidence in this new marketplace and its continued growth, consumer concerns about privacy must be addressed. In just the last ten years, there has been an unprecedented and explosive growth in the use of the Internet to conduct research, communicate with others, and purchase merchandise and services. Information is the currency of this new medium. Consumers do not pay a fee for many Internet services; in place of this fee individuals provide information about themselves online, occasionally voluntarily and sometimes without being aware of it, and that information is compiled, bought, and sold (Petronio, 2002). Much of the data collected and bartered online is information that is considered personal: financial and medical data, and information about personal habits, preferences, and interests (Alderman & Kennedy, 2000; Fromholz, 2000). The public alarm about online privacy is growing nearly as fast as the Internet. There appears to be a mounting consensus that protecting privacy on the Internet makes good business sense. Companies that voluntarily move quickly to meet the privacy concerns will gain in both market share and customer loyalty. In addition, as threats to information privacy increase, it appears that consumers consider safeguarding personal information to be a basic right and that protecting such privacy rights, like other civil rights, may be a cost of conducting business on the Internet. Reconciling this new interactive, information driven medium with privacy concerns is certainly a complex task (Alderman & Kennedy, 2000). During the last few years, an overwhelming majority of consumers report that they have lost control of their personal information and that current laws are not strong enough to protect their privacy. These fears are having an impact on the New Economy; according to a poll, over half of Internet users in the United States have at least occasionally altered their online behavior because of fears about their privacy. For this reason, Congress is gearing up to debate online privacy legislation (Ham & Atkinson, 2001). The fair treatment of personal information and consumer confidence are each necessary conditions for electronic commerce over the next decade. Information Economy Brings Challenges The transition to todays new information economy brings enormous challenges. The leaders of contemporary organizations are trying to rethink their roles and to create new ways of organizing in a world where turbulence and change are daily realities. In this new economy, the view of information technology can be grouped into three categories: (a) technology as a knight in shining armor, (b) technology as a menace, and (c) technology as a source of power (Chircu and Kauffman, 2000). The challenge is to utilize the benefits of technology while minimizing the threats and risks. The redirection of technology will not be an easy task since modem-day technology is closely linked to industry, government, and the structures of economic power known as the information economy. Information technology is becoming a core resource for organizations in todays global economy, and is impacting, if not determining, what organizations produce and how they are managed. Information technology is influencing the whole of society, not just the business arena. Information technology is rapidly changing society and this process of change is ongoing. (Martin, Brown, DeHayes, Hoffer, & Perkins, 1999). The rapid pace of technological advances combined with the growth of Web usage provides opportunities for organizations to gather personal information on an unprecedented scale. Online privacy is an area of growing concern for consumers, marketers, and the government. The advent of electronic commerce brings with it a host of ethical issues surrounding customer privacy (Kelly & Rowland, 2000). Protecting personal privacy on the Internet and establishing information rights represent one of the challenging, new ethical issues raised by the information economy. Other issues in the Information Age include protecting intellectual property rights; establishing accountability for the consequences of information systems; setting standards to safeguard system quality that protect the safety of the individual and society; and preserving values and institutions considered essential to the quality of life in an information society. The development of information technology will produce benefits for many individuals and organizations. Along with those benefits come costs. The new economy is referred to as the Information Age because information is now used as an asset and a tool, which makes issues dealing with privacy very critical. The privacy concerns of individual consumers are driving the public debate. Businesses that ignore the privacy concerns of their customers or fight the guidelines concerning the use of personal information will be forced to endure hazing in the marketplace and will never realize the full potential of e-commerce. Why is Ethical Computer Use a Special Challenge? Fundamentally, computer-based systems are little more than enablers for information misbehavior. Many of the newer information technologies enable persons to perform unethical or illegal actions more rapidly than in the past, to perform more clever or deceitful actions that might not have been manageable before the technology emerged, and to perform illicit activities without being easily identified (Chircu and Kauffman, 2000). With computers and networks being so ubiquitous and accessible in todays workplace, the numbers of people who might knowingly perform an inappropriate act with them has grown rapidly. Since there are so many new functions and processes that the computer can perform or assist, it is difficult to devote the time to reflect on problems and unintended consequences that may be arising from all of the various new uses of the computer technology. Individuals often lack enough historical perspective to understand the unintended consequences of some computer applications. Consequently, computer and telecommunication systems bestow a unique twist to ethical issues. There will likely be improper or inappropriate conduct committed by information professionals and by those with whom they work; acts which, as yet, have not even been labeled "unethical" (Pemberton, 1998). Managing computers ethically-that is, acting ethically and assisting others to do likewise-is no easy task for either an individual or an organization. Donn Parker, Susan Swope, and Bruce Baker (all of SRI International), claim that the application of ethics in information science, technology, and business is more difficult than in other disciplines (parker, Swope, & Baker, 1990). Methodology This study focused on the three privacy policies using a multiple case methodology and multiple measures for sources of evidence approach. This particular multiple case study will be researched and presented in a way that is relevant and applied to the current concern of information privacy in the electronic marketplace. This study provides an opportunity to seek a greater understanding of the privacy policy to appreciate the uniqueness and complexity of the policy utilized by different organizations). In analyzing the privacy policy, two key questions will be used as key to this research study. In this multiple-case study, the primary questions are both "how" questions: (a) How does an organization promote trust in their data practices utilizing a privacy policy disclosure? And (b) how does the privacy policy disclosure incorporate notice, choice, access, and security-the four key elements of fair information practices? In utilizing the multiple sources of evidence in this study, these two questions will remain the focus of the research. The quantitative research into the existence of privacy policies validates the fact that more organizations are posting privacy policies but a research project is needed that evaluates the content of these policies. Is it true that the majority of these policies are barely comprehensible? The case study research methodology provides the foundation for a study into the content and readability of the policies selected for this research project. In past investigations, utilizing only quantitative techniques tended to obscure some of the important information that the researchers needed to uncover (Tellis, 1997). Since very limited empirical research in the area of online privacy policies has been conducted, a qualitative case study methodology will be utilized to execute this research project in order to gain a deeper understanding of privacy policy disclosures. As a qualitative method, case study research excels at providing an understanding of a complex issue or entity and can extend experience or add strength to knowledge discovered through previous research. This multiple case study is designed to bring out the details from the viewpoint of the participants by using multiple sources of data while investigating the privacy policy disclosures of three organizations. References Alderman, E., & Kennedy, C. (2000). The Internet, consumers and privacy. Technical report, Internet Policy Institute, Washington, DC, USA, 2000 Chircu A. M. and Kauffman R. J. Reintermediation strategies in business-to-business electronic commerce International Journal of Electronic Commerce vol. 4 no. (4) (2000) pp. 7–42. Fromholz, J. M. (2000). The European Union Data Privacy Directive. Berkeley Technology Law Journal. 15(1),461. Ham, S., & Atkinson, R. D. (2001). Online privacy and a free Internet: Striking a balance. Retrieved from http://www.privacyexchange.org Kelly, E. P., & Rowland, H. C. (2000, May). Ethical and online privacy issues in electronic commerce. Business Horizons. 43(3), 3-12. Martin, E. W., Brown, C. V., DeHayes, D. W., Hoffer, J. A., & Perkins, W. C. (1999). Managing information technology: What managers need to know. Upper Saddle River, NJ: Prentice Hall, Inc. Parker, D., Swope, S., & Baker, B. (1990). Ethical conflicts in information and computer science, technology, and business. Wellesley, MA: QED Information Sciences. Pemberton, J. M. (1998, January). Through a glass darkly: Ethics and information technology. Records Management Quarterly, 32(1), 76-85. Petronio, S. (2002). Boundaries of privacy: Dialectics of disclosure. New York: State University of New York Press. Samuelson, P. Data privacy law: A study of United States data protection. California Law Review vol. 87 no. (3)(1999, May). pp. 751. Tellis, W. (1997, July). Introduction to case study. The Qualitative Report. 3(2). Wilder, C., & Soat, J. (2001, February 19). A question of ethics. InformationWeek. Retrieved from http://www.informatioDweek.com/837/dataethics.htm Read More