Top Banner
E-Privacy for Electronic E-Privacy for Electronic Commerce Commerce Implementing E-Privacy - Implementing E-Privacy - An Enterprise Approach An Enterprise Approach Tony LAM Tony LAM Deputy Privacy Commissioner for Personal Data, Hong Deputy Privacy Commissioner for Personal Data, Hong Kong SAR Kong SAR Conference on E-Privacy in the New Economy Conference on E-Privacy in the New Economy March 26, 2001 March 26, 2001 1
21

E-Privacy for Electronic Commerce Implementing E-Privacy - An Enterprise Approach Tony LAM Deputy Privacy Commissioner for Personal Data, Hong Kong SAR.

Dec 19, 2015

Download

Documents

Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: E-Privacy for Electronic Commerce Implementing E-Privacy - An Enterprise Approach Tony LAM Deputy Privacy Commissioner for Personal Data, Hong Kong SAR.

E-Privacy for Electronic CommerceE-Privacy for Electronic Commerce

Implementing E-Privacy - Implementing E-Privacy -

An Enterprise ApproachAn Enterprise Approach

Tony LAMTony LAM

Deputy Privacy Commissioner for Personal Data, Hong Kong SARDeputy Privacy Commissioner for Personal Data, Hong Kong SAR

Conference on E-Privacy in the New EconomyConference on E-Privacy in the New Economy

March 26, 2001March 26, 2001

1

Page 2: E-Privacy for Electronic Commerce Implementing E-Privacy - An Enterprise Approach Tony LAM Deputy Privacy Commissioner for Personal Data, Hong Kong SAR.

Why the concern about E-PrivacyWhy the concern about E-Privacy

It’s a core value of an organisation in any E-

Business initiative

“It is not whether an organisation can afford to adopt an E-Privacy policy, but whether it can afford not to do so”

2

Page 3: E-Privacy for Electronic Commerce Implementing E-Privacy - An Enterprise Approach Tony LAM Deputy Privacy Commissioner for Personal Data, Hong Kong SAR.

E-Privacy : A Business issueE-Privacy : A Business issue

How can organisations improve key processes in an increasingly competitive environment?

How can organisations maximise the benefit of information in the new information age?

Can E-Commerce maximise its value to consumers and simultaneously retain their trust and confidence?

3

Page 4: E-Privacy for Electronic Commerce Implementing E-Privacy - An Enterprise Approach Tony LAM Deputy Privacy Commissioner for Personal Data, Hong Kong SAR.

E-Privacy : A Management issueE-Privacy : A Management issue“Failure to deal with privacy issues can present frightening risks to the E-Business enterprise”

Loss of competitive advantage

Loss to potential business

4

Page 5: E-Privacy for Electronic Commerce Implementing E-Privacy - An Enterprise Approach Tony LAM Deputy Privacy Commissioner for Personal Data, Hong Kong SAR.

E-Privacy : A Management issueE-Privacy : A Management issue

“When the client of a major bank can have $900,000 stolen from his account despite all the protections that are written into the system, it seems that even the biggest companies are vulnerable against the skills of a determined Internet criminal.”

Source : South China Morning Post, February 22 2001

Unfavourable publicity

Customers walk away

5

Page 6: E-Privacy for Electronic Commerce Implementing E-Privacy - An Enterprise Approach Tony LAM Deputy Privacy Commissioner for Personal Data, Hong Kong SAR.

E-Privacy : A Management issueE-Privacy : A Management issue

“In 1998, a federal jury in the US awarded an identity theft victim $50,000 in actual damages and $4.7 million in punitive damages against a major credit-reporting agency. Jurors found that the company failed to follow reasonable procedures to maximise accuracy and that it, in doing so, willfully defamed the defendant”

Source : Privacy Times Magazine, May 29 1998

Other costs of remedy

Direct costs of litigation

6

Page 7: E-Privacy for Electronic Commerce Implementing E-Privacy - An Enterprise Approach Tony LAM Deputy Privacy Commissioner for Personal Data, Hong Kong SAR.

E-Privacy : A Consumer issueE-Privacy : A Consumer issue

“Despite the fact that the majority of the sites collected personal information from the user, only a tiny minority provided a privacy policy that gave users meaningful information about how that data would be used. Sites both in the US and EU fall woefully short of the standards set by international guidelines on data protection”

Source : Consumer International Privacy@net Report, 2001

Trust and confidence are not yet the hallmarks of E-Commerce

7

Page 8: E-Privacy for Electronic Commerce Implementing E-Privacy - An Enterprise Approach Tony LAM Deputy Privacy Commissioner for Personal Data, Hong Kong SAR.

E-Privacy : A Consumer issueE-Privacy : A Consumer issue

“Fewer than 2% of all respondents have bought goods or services or traded securities online. The main reason cited by respondents for not using the Internet to shop or trade was concern about security”

Source : Census & Statistics Department Survey, 2000

“Of all the respondents, about 52% gave a rating of 8 or more on a scale of 0 to 10 to indicate their privacy concern about purchasing online. The highest privacy concern was “money loss due to interception of your credit card (84%), followed by “misuse of personal data by third parties (72%)””

Source : PCO Opinion Survey, 2000

8

Page 9: E-Privacy for Electronic Commerce Implementing E-Privacy - An Enterprise Approach Tony LAM Deputy Privacy Commissioner for Personal Data, Hong Kong SAR.

E-Privacy : Consumer ConcernsE-Privacy : Consumer Concerns

Security threatsSecurity threats– Insecure transmission of Insecure transmission of

sensitive datasensitive data

– Unauthorised access, Unauthorised access, modification of informationmodification of information

Privacy intrusionPrivacy intrusion– Unlawful & unfair collection of personal dataUnlawful & unfair collection of personal data

– Disclosure of data for fraudulent purposesDisclosure of data for fraudulent purposes

– Misuse of data for unintended purposes without consentMisuse of data for unintended purposes without consent

– Unsolicited commercial e-mailsUnsolicited commercial e-mails

9

Page 10: E-Privacy for Electronic Commerce Implementing E-Privacy - An Enterprise Approach Tony LAM Deputy Privacy Commissioner for Personal Data, Hong Kong SAR.

E-Privacy : A Regulatory compliance issueE-Privacy : A Regulatory compliance issue

E-Privacy data practices should operate on the principle that what

is illegal offline is illegal online

Hong Kong Privacy Law

Personal Data (Privacy) Ordinance

International and National Regulation

EU Directive on Trans-border Data Flow

International Conventions and Codes of Practice

10

Page 11: E-Privacy for Electronic Commerce Implementing E-Privacy - An Enterprise Approach Tony LAM Deputy Privacy Commissioner for Personal Data, Hong Kong SAR.

Privacy StoriesPrivacy Stories Real Networks - online software distributorReal Networks - online software distributor

– Collect musical tastes of users without their knowledge

– TRUSTe announced to review its licence agreement

DoubleClick - online advertising agency– Profile users’ browsing habits with data of Abacus, a

direct marketing firm it had acquired

– FTC investigation ~ a drop of one-third in its share price

Toysmart - a toy retailer– Intended sale of a bankrupt business’ customer database

– Court injunction to prevent the sale taking place

11

Page 12: E-Privacy for Electronic Commerce Implementing E-Privacy - An Enterprise Approach Tony LAM Deputy Privacy Commissioner for Personal Data, Hong Kong SAR.

E-Privacy : A Policy FrameworkE-Privacy : A Policy Framework

Stage I

E-Privacy Drivers

Stage II

Strategic Planning

Stage III

Strategy Implementation

Stage IV

Pursuit of Excellence

12

Page 13: E-Privacy for Electronic Commerce Implementing E-Privacy - An Enterprise Approach Tony LAM Deputy Privacy Commissioner for Personal Data, Hong Kong SAR.

E-Privacy : A Policy FrameworkE-Privacy : A Policy Framework

Stage I

E-Privacy Drivers

Organisation Culture

Privacy Core Value

E-Privacy Policy

13

Page 14: E-Privacy for Electronic Commerce Implementing E-Privacy - An Enterprise Approach Tony LAM Deputy Privacy Commissioner for Personal Data, Hong Kong SAR.

E-Privacy : A Policy FrameworkE-Privacy : A Policy Framework

Stage II

Strategic Planning

Identify E-Privacy issues

Formulate strategies

Privacy Impact Assessment

14

Page 15: E-Privacy for Electronic Commerce Implementing E-Privacy - An Enterprise Approach Tony LAM Deputy Privacy Commissioner for Personal Data, Hong Kong SAR.

E-Privacy : A Policy FrameworkE-Privacy : A Policy Framework

Stage III

Strategy Implementation

E-Privacy Policy Statement

Privacy Enhancing Technology

Compliance & Audit

15

Page 16: E-Privacy for Electronic Commerce Implementing E-Privacy - An Enterprise Approach Tony LAM Deputy Privacy Commissioner for Personal Data, Hong Kong SAR.

E-Privacy : A Policy FrameworkE-Privacy : A Policy Framework

Stage IV

Pursuit of Excellence

Manage & Review

Enhance Compliance

Continuous Improvement

16

Page 17: E-Privacy for Electronic Commerce Implementing E-Privacy - An Enterprise Approach Tony LAM Deputy Privacy Commissioner for Personal Data, Hong Kong SAR.

E-Privacy Policy StatementE-Privacy Policy Statement

Privacy policies and accurate public statements outlining such policies are a vital step

towards encouraging openness and trust in E-

Commerce among consumers

“They can help consumers to make informed choices about entrusting an organisation with personal data and doing business with it”

17

Page 18: E-Privacy for Electronic Commerce Implementing E-Privacy - An Enterprise Approach Tony LAM Deputy Privacy Commissioner for Personal Data, Hong Kong SAR.

Core elements of an E-PPSCore elements of an E-PPS General statement of personal data policyGeneral statement of personal data policy

– your overall commitment to protecting the privacy your overall commitment to protecting the privacy interests of your consumersinterests of your consumers

Statement of data handling practicesStatement of data handling practices– the kind of personal data heldthe kind of personal data held

– main purposes for which personal data are usedmain purposes for which personal data are used

Notice of other practicesNotice of other practices– data disclosure practicedata disclosure practice

– data retention and security policydata retention and security policy

– choice & consent in Internet marketingchoice & consent in Internet marketing

18

Page 19: E-Privacy for Electronic Commerce Implementing E-Privacy - An Enterprise Approach Tony LAM Deputy Privacy Commissioner for Personal Data, Hong Kong SAR.

Making an Effective E-PPSMaking an Effective E-PPSWhenever a web site collects personal data of consumers

• A prominent “hotlink” from the home page

• A linked page from any data collection forms

• Written in simple and easy to understand manner

• Conforming with acceptable privacy standards

• Relevant to the online environment of the site

• Reflecting the core values of privacy protection

Avoid “over-commitment” and “under-delivery”

19

Page 20: E-Privacy for Electronic Commerce Implementing E-Privacy - An Enterprise Approach Tony LAM Deputy Privacy Commissioner for Personal Data, Hong Kong SAR.

E-Privacy : The Pay-offE-Privacy : The Pay-off

Building trust & confidence Building trust & confidence in the E-Economyin the E-Economy

Gaining competitive Gaining competitive advantageadvantage

Enhancing corporate Enhancing corporate governancegovernance

20

Page 21: E-Privacy for Electronic Commerce Implementing E-Privacy - An Enterprise Approach Tony LAM Deputy Privacy Commissioner for Personal Data, Hong Kong SAR.

Contacting PCOContacting PCO

Hotline - 2827 2827Hotline - 2827 2827 Internet - http://www.pco.org.hkInternet - http://www.pco.org.hk

Email - [email protected] - [email protected] Correspondence -Correspondence -

Unit 2001, 20/floor, Office Tower,Unit 2001, 20/floor, Office Tower,

Convention Plaza, 1 Harbour RoadConvention Plaza, 1 Harbour Road

Wanchai Hong KongWanchai Hong Kong

21