Hack26.Web Measurement and Visitor Privacy

Previous page
Table of content
Next page

Hack 26. Web Measurement and Visitor Privacy

The relationship between web measurement and visitor privacy is complex due to the extensive use of cookies, making it essential that you both understand the issues and establish a robust privacy policy that describes your use of cookies for measurement.

Web site measurement and online marketing offer the allure of infinite measurement possibilities. Because of this, digital marketers sometimes rush to collect and use all the visitor information they can without considering the privacy implications. It is easy to forget that visitors to your web site have the same need to feel safe and secure as they would if they were visiting your real-world office or store. If you are to be successful in convincing visitors to do business with you, you will need to gain their trust. Privacy and security therefore are not about compliance or nice-to-haves, but essential trust-building activities that will help you gain and retain visitors or customers.

2.14.1. It's Not About the Technology, It's About the Practices

As with most technology, web measurement technology may be used in good and reputable ways, or in ways that will cause harm to unsuspecting individuals. Whether it's a video camera or a browser cookie, it's not the technology that is the problem, but the way in which it may be used or misused that presents the real danger. Unfortunately, early debate and legislative work in the area of digital privacy spent much time focused on technology such as cookies and failed to address the real issues surrounding how this technology is used.

In May 2000, the FTC published a report to the U.S. Congress: "Privacy Online: Fair Information Practices in the Electronic Marketplace" (http://www.ftc.gov/reports/privacy2000/privacy2000.pdf). Although controversial, this paper gave the online community a useful framework and an important set of guidelines. Privacy professionals today use this framework as a way to discuss the major online privacy issues: notice, choice, access, and security.

2.14.1.1 Notice.

The idea that sites should have a privacy policy comes from the idea that users deserve to understand what sort of information you are collecting from them and how you are using it. Although most sites agree with this, there's still much debate about when and how notice should be given. Of course, most web sites would like to simply create a privacy policy and link it to their home page. However, some privacy advocates would argue that when you are collecting personal information or sensitive personal information you should provide greater notice with special messages in places where information is collected. Of course, in the case of web site measurement, this would be problematic because information is collected at potentially every interaction with the web site.

2.14.1.2 Choice.

Users should have a choice about what information is collected about them. There are two types of choice you hear about: opt-in and opt-out. Opt-in refers to the users' choice to actively provide information to the site when consent is explicit or it is obvious that the information will be collected through a web form. Opt-out refers to the users' ability to decide that they do not want any more data collected about them by the web site. This typically refers to data that is collected by sites where it is not necessarily obvious that it is happening. This is extremely important for web data collection when implicit consent is necessary. Implicit consent refers to the users' knowledge of a site's practices through the notice provided in the privacy policy.

2.14.1.3 Access.

This is perhaps one of the most controversial areas of privacy practice today. The reason has less to do with the concept than the practicality of providing complete access. This concept says that users should be able to gain access to all the data collected about them. While this may be practical for simple things like contact details, it is much less practical for things like web data when massive amounts of behavioral data may be collected for an individual. For this reason, most sites today do not provide full access to an individual user's web data, but will often provide access to the less dataintensive personal information the site has collected.

2.14.1.4 Security.

It is clear that privacy and security are joined at the hip, for you cannot have privacy without proper security of the information collected. We've all seen stories in the news about massive breaches of security when credit card numbers and other personal information were compromised at a site. This certainly speaks to the trust that you wish to gain from your visitors. If you collect personal information yet leave yourself vulnerable to attack by hackers who will use this information in unscrupulous ways, then you will most certainly lose those customers who have entrusted you in the past.

2.14.2. How to Assemble a Good Privacy Policy

The key to putting together a good privacy policy is knowledge and communication: knowing what you're collecting and what you're going to do with that information, and then clearly conveying your intentions (Figure 2-8).

Figure 2-8. Privacy policy at eBay.com


2.14.2.1 Know where you're collecting personably identifiable information.

Personally identifiable information (PII) is data that can be used to identify or contact a person, including name, address, telephone number, and email address. PII also includes any other data, such as, but not limited to, anonymous identifiers, demographics [Hack #77], and behavioral data when such data is linked to PII and identifies a person to the party holding such data.

2.14.2.2 Explain clearly and truthfully what you're going to do with the data.

Even if you aren't collecting personal information, you should disclose all of your data collection practices. It is a good idea to disclose the use of technologies like cookies [Hack #15] or web beacons [Hack #29]. When you are collecting personal information, you should tell users exactly what information it is that you will collect, how it will be used, and with whom you will share it. If you outsource your web measurement to a service provider, you should disclose that you do so.

2.14.2.3 Consider third-party privacy certification.

Although the United States has two industry-specific privacy laws governing the financial and health care industries, a general omnibus law has not yet been adopted. Therefore, privacy practices are largely self-regulated. Depending on your audience, you may want to certify your privacy practices through TRUSTe or BBBOnline. These organizations help you assess your privacy policies and provide an extra level of assurance to your visitors. Any sites that collect personal information or who are in the financial or healthcare industries should seriously consider these seal programs.

2.14.2.4 Beware of the spookiness factor.

Many privacy-related problems occur when something happens that a user does not expect. If information is used in a way that differs from the expectations of your users and they realize it, you have a certain spookiness factor that may make users uncomfortable or doubt your intentions. For instance, if you told your users that you would collect personal information for billing purposes, but then they started receiving large amounts of email from you, they might then become disillusioned.

2.14.3. P3P Technology

In 1997, the World Wide Web Consortium (W3C) started work on a technology that could be used to describe the privacy practices of a site in an automated way. This technology could then be used by browsers to give users more control over their personal information. The Platform for Personal Preferences (P3P) [Hack #27] gives users of browser technology a way to assess your site's privacy policies and make decisions about how to react to them through browser controls. Today, Microsoft Internet Explorer uses P3P technology to decide how to treat cookies issued by sites (Figure 2-9). So if your site sets cookies with personal information in them, the user can set preferences to reject those cookies on the basis of the privacy preference, and not simply because the site may use cookies or not use them.

2.14.4. For More Information

Table 2-3 contains a list of sites providing more information about web privacy, privacy policies, and legislation that may affect your site's ability to collect and use personally identifiable information.

Figure 2-9. P3P in Microsoft Internet Explorer 6.0


Table 2-3. Privacy resources on the Internet

Site and URL

About the resource

Network Advertising Initiative (NAI)

www.networkadvertising.org

The NAI is an industry group that works to build consensus on privacyrelated issues, build best practices, and educate industry and lawmakers.

Search Engine Marketing Professional Organization (SEMPO)

www.sempo.org

This industry trade group is concerned with search-engine marketing issues.

Internet Advertising Bureau (IAB)

www.iab.net

The IAB sets standards for online advertising and web analytics.

TRUSTe

www.truste.com

TRUSTe is the most thorough third-party privacy certification organization.

BBBOnline

www.bbbonline.com

Part of the long standing Better Business Bureau. BBBOnline is a third-party certification entity.

International Association of Privacy Professionals (IAPP)

www.privacyassociation.org

This professional organization deals with worldwide privacy issues of all types.

W3C P3P Platform for Privacy Preferences

www.w3.org/P3P/

P3P technology is a robust way to describe your privacy policy through automated means.

NAI Web Beacon Guidelines

www.networkadvertising.org/Web_Beacons_11-1-04.pdf

This document describes the best practices surrounding the use of web beacon technology.

Federal Trade Commission Report on Privacy Online

www.ftc.gov/reports/privacy2000/privacy2000.pdf

The FTC report that acts as a framework for much of the privacy discussion in the online world.


At the end of the day, as long as you're clear and intentional about how you collect and use visitor data, you're unlikely to have any problems, legal or otherwise. Remember to place a link to your privacy policy on every page, highlighting it on those pages where it's especially important (any page through which you're collecting personal or financial information). Also, don't forget to use your web measurement application from time to time to see how many visitors are reading your policy; a big spike in readership can indicate a looming problem.

Jay McCarthy and Eric T. Peterson


    Previous page
    Table of content
    Next page
    Web Site Measurement Hacks
    Web Site Measurement Hacks: Tips & Tools to Help Optimize Your Online Business
    ISBN: 0596009887
    EAN: 2147483647
    Year: 2005
    Pages: 157
    Authors: Eric T. Peterson
    BUY ON AMAZON
    MySQL Stored Procedure Programming
    CISSP Exam Cram 2
    Making Sense of Change Management: A Complete Guide to the Models, Tools and Techniques of Organizational Change
    Cisco CallManager Fundamentals (2nd Edition)
    Competency-Based Human Resource Management
    Java All-In-One Desk Reference For Dummies
    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net
    Privacy policy