TransCoop - Privacy Protection in E-Business

The fast progress in networking and database technologies has led to an enormous amount of digital information being stored on servers widely distributed all over the world.
Organizations that wish to analyze this data are confronted with a twofold privacy problem. First, with regard to user's privacy: can the analysis of data disclose sensitive information about a user's identity against the user's will or in violation of existing privacy laws? Second, with regard to the organization's internal management of confidential information: how can an organization guarantee that information is not misused for analyses that exceed the agreed purposes? How could it secure its sensitive data from outside and inside attacks? In times where data mining is routine, it is imperative to think about adequate zones of privacy.
The analysis of sensitive data is particularly critical in online commerce, where companies are given the opportunity to learn more about their customers. Internet users increasingly transmit personal information online, either by actively sending it, or passively, by leaving traces that are registered at the server side. While yielding benefits to the companies (e.g. marketing, usability), these analyses of customer data may provoke consumer privacy concerns, which have been identified as a primary impediment for the users willingness to buy online (Pavlou 2001, Jarvenpaa 2001 et al.). According to consumer studies, the number of consumers refusing to shop online because of privacy concerns is as high as 64% (68%) (Culnan 2001, (Ipsos/Reid 2001)). While the concerns are most pronounced for e-commerce, the privacy concerns for traditional transactions are increasing as well. Some enterprises are aware of these problems and of the market share they might lose if they do not implement proper privacy practices. However, many companies have not yet implemented privacy standards and processes to adequately address consumer concerns: 55% of companies do not store personal data in an encrypted form, 40% do not provide access to personal data for verification, correction and updates and 15% even share consumer data with third parties without having obtained the user's permission (Deloitte 2001). This is often in conflict with privacy legislation in many countries.
However, privacy protection is a double-edged sword. On the one hand, digitalized personal information can be easily copied, transmitted, and integrated, often leaving individuals without control and consent about how their data is handled and processed. On the other hand, personal data could provide consumer benefits in the form of personalization. Based on detailed user profiles, companies could target services and information more specifically to the user needs and interests. Given the increasing amount of information offered on the Internet, the development of personalized services addressing the individual user needs becomes inevitable. Thus, finding the right balance between privacy protection and personalization remains a challenging task.