Tangled web of internet privacy
Sydney Morning Herald
Wednesday March 3, 2010
Think before you hand over your personal details. Websites don't just make money from goods and services. Sometimes what they sell is you, or more precisely, information about you.The way these details are collected and used can affect whether you're comfortable with submitting your personal details in exchange for whatever the website provides, be it access to a loan calculator, online banking or a social networking site such as Facebook.But how can you assess the trade-off?The answer is to check a website's privacy policy. Reputable sites - here and abroad - contain a link to their policy, typically at the bottom of a home page. It should explain what they collect, why, how it is used and if anyone else might be privy to it.Be prepared for some legal mumbo-jumbo, says the executive director of the cyberspace law and policy centre at the University of NSW, David Vaile.He doubts many people read privacy policies before handing over personal information."Privacy policies are not necessarily written for the benefit of the consumer," he says. But there are elements to look for when assessing a site's trustworthiness. Legalese can be one."Certainly if there's obfuscation, that's a real alarm bell," Vaile says. Particularly with financial services, a privacy policy can be mired in dense language to protect a company.His guiding principle is simple: consider whether the information being requested is necessary. For example, does a company need to know what car you drive or the number of your mobile phone to estimate how long your superannuation will last?Vaile says the safest place for your details is with you, not a website, no matter how trusted or reputable."You're much better off to say: 'I'm not going to give them anything I wouldn't want to see broadcast around the world until the end of history.'"It's very hard to undo damage once it has been done. There are all sorts of things that can have lifelong ramifications, including for people other than yourself."He singles out social networking sites, noting the benefits of sharing personal information are obvious but the costs may be less apparent - especially for younger users. A Facebook posting can affect job prospects; comments on a dating site can harm relationships; publication of an address can make home feel less safe.A good privacy policy also explains whether a site uses an "opt-in" or an "opt-out" approach to communicating with customers. The former means you must consent to things such as newsletters; the latter means you'll get them unless you explicitly decline.Elise Davidson, from the consumer advocacy group Choice, says one way people can protect themselves is to set up a separate email for questionable sites. This lets consumers insulate themselves from spam-like newsletters.The federal privacy commissioner, Karen Curtis, warns consumers to be especially alert to privacy policy clauses that refer to third parties. If you agree to use a website that shares or sells information to other companies, you may inadvertently consent to letting your details be used in unexpected ways. Curtis also says consumers should try to find out how long information will be retained by a website and establish whether the site is governed by Australian privacy legislation. There is limited practical recourse for sites hosted overseas by non-Australian companies.Although the Federal Privacy Commission is the key agency for privacy concerns about commercial websites, Victoria and NSW maintain privacy guardians for concerns about state and local government websites.John McAteer, a spokesman for Privacy NSW, advises people to check that a website gives contact details for someone assigned to responding to questions and disputes involving privacy.This should go beyond an online form or a generic email address such as support@example.com. It should include a phone number and address for resolving complaints about how information is used.Victoria's privacy commissioner, Helen Versey, encourages consumers to ask how details will be used. "People are often upset when they find that their personal information ... has been passed on to another organisation without their knowledge, even when this was perfectly lawful," she says."People should also be told how they can access their own personal information and who they can contact if they believe there is a problem."Vaile says people should consider how disputes are handled. But don't expect much: "The success rate of ... pursuing privacy complaints is relatively low."Signs of safetyGood privacy policy:Typically appears at the bottom of a homepage.Complies with national privacy principles.Is concise and written in plain English.Provides contact details, including phone number and street address.Tells what data is collected and how and why it is collected.Tells who else might see it.Explains how disputes are resolved.Tells how to update or revise your information.Adopts an "opt-in" approach to sending newsletters.
© 2010 Sydney Morning Herald