These articles by Caroline Calogero, Michael Schumacher, and Lynn Robbins were prepared for the December 13, 2000 edition of U.S. 1 Newspaper. All rights reserved.
Getting to know you, getting to know all about you might have been a fine idea for Anna in Siam, but such attempts by websites cause many to recoil against this invasion of privacy. Lorrie Faith Cranor of AT&T Labs-Research will discuss privacy concerns raised by current online data collection practices at the Princeton Joint Chapter of the ACM and IEEE Computer Society meeting on Thursday, December 14, at 8 p.m. at the Sarnoff Corporation. Entitled "Online Privacy: What are People So Concerned About and What is Being Done About It," the meeting is free and refreshments are served. A pre-meeting dinner is at 6 p.m. at the Rusty Scupper. For reservations, call 609-924-8704.
Cranor confirms our worst suspicions -- proprietors of websites have unprecedented opportunities to amass data about their users. "The capabilities of companies to gather large amounts of information on people easily and to correlate it and build profiles are improving," she says.
But such opportunities are part and parcel of what distinguishes a web-based transaction from its physical world counterpart. "If all my interactions with businesses are done on line, it's much easier to capture the information about what I'm doing. When I go into a physical bookstore, you don't know which books I pick up and browse. You only know the ones I purchase. In an online bookstore, you can see which ones I browse as well."
Cranor has a doctorate in engineering and policy from Washington University in St. Louis. She has been with AT&T Labs-Research for the past four years (www.research.att.com/~lorrie/). A hybrid who can talk the talk with both techies and policy wonks, her presentation will review the technical mechanisms that companies use to track people on line. She will also cover recent initiatives to help protect privacy including anonymity tools, privacy seal programs, legislation, and P3P.
P3P, or the Platform for Privacy Preferences Project, is an effort of the World Wide Web Consortium (W3C) to produce a standard format for web users to express privacy preferences and websites to declare data gathering intentions.
Cranor explains that P3P is not software itself but rather a set of instructions for software developers. "P3P is a specification. It's the recipe that tells somebody who is building a web browser how to put the privacy standard into their web browser."
P3P aims at enabling the user to set up Web browser software with personal privacy preferences and information exchange limits. P3P also allows websites to state their privacy policies in a standardized format.
With P3P, when web browser meets website, a checking process begins. Users are notified if there is a mismatch in goals. "You get to decide what your personal threshold is, and, then, what you want your browser to do," she says.
When there is a mismatch in objectives -- say if a website declares it can't function without knowing net worth or pharmacological history, and the user is a rather private person -- flashing lights and noises may sound the alarm.
But P3P guidelines are sophisticated enough not to limit users to only black and white policy statements. P3P-enhanced browsers will be able to selectively block cookies based on what the website intends to do with the information. Access to certain private bits of information might be permitted only when an order is being placed, as long it is not sold to other companies.
Websites adhering to P3P guidelines will encode their privacy policy into a standard format. Variables will include the kind of data collected, what is done with the data, and how the data is shared.
P3P-enhanced browsers will complement other privacy protection strategies. When browsing leads to buying and anonymity tools or pseudonyms reach the limit of their usefulness, P3P would take over.
Blast off for the P3P guidelines is near. Cranor anticipates the W3C will act very soon to officially issue a preliminary recommendation that the standard is ready for implementation. Cranor has been on the project since the beginning, the fall of 1996. She now heads the W3C working group that is drafting technical specifications for P3P.
Cranor says Microsoft is among the companies building software using P3P and that its product will be released next spring. AT&T is also considering involvement. "AT&T has tried to be a leader in protecting customer privacy. We're looking into the possibility of whether it would be useful to provide some software just to get P3P started," she says.
Her approach to protecting her own privacy on line is "not a whole lot. I actually do try to read privacy policies at websites, and I am very cautious about providing personal information," she says. She will avoid sites with invasive policies and does use fake names when possible.
Nevertheless, Cranor finds anonymity tools cumbersome and does not use one. She has used tools that block cookies but those tools also have drawbacks: "On many websites I really want to use cookies because I don't want to remember passwords."
She is currently working on a book about P3P, which she hopes will reach both the digitally dexterous and the hopelessly analog. "My attempt is to target a mixed audience. What I've found is that there are a lot of non-technical people who would like some background in some of the technology at a level they can understand. There are also technical people who would like the background about privacy laws."
That Cranor's graduate work focussed on electronic voting leads to a final question on a somewhat different issue -- the post-election miasma. She seconds the instincts of many Americans not associated with Florida boards of elections. "Unfortunately there's no one magic answer here. There are some things that they did that clearly asked for trouble, and using punch card ballots was the first problem."
-- Caroline Calogero
Trepidation is in the air this holiday season as traditional brick and mortar retailers brace themselves for the onslaught of business they won't receive. That's because an estimated $11.6 billion will be spent this month in Internet purchases, as projected by the Manhattan-based consulting firm Jupiter Research. That figure is up from $7 billion last year. And the number of individuals purchasing online this year is anticipated to be 35 million Americans compared with 20 million in 1999.
"I expect to do 80 to 100 percent of my holiday shopping online this year," says Laura Grigni, a financial marketing professional at First Union. "That's almost twice as much as last year for me." Like so many others, Grigni is lured by the convenience of shopping online, but also adds, "I prefer to shop from home rather than deal with the crowds at the malls, where too often merchandise has already been picked over and boxes are torn. At least online, the items are neatly packed and better suited for gift-giving."
The impact of sentiments such as Grigni's will attract business owners and marketing professionals to the two-day seminar "E-strategy: How to Build Your E-marketing and E-business Strategies," held Thursday and Friday, December 14 and 15, from 9 a.m. to 4:30 p.m. at Rutgers' University Inn and Conference Center at 178 Ryders Lane in New Brunswick. Cost: $995. Call 732-932-8274, or E-mail: ccpd@rci.rutgers.edu.
"Any business owner who is not currently thinking and addressing their business from an `E-approach' is making a mistake," says seminar leader Bill Hendricks. The learning curve is steep, he admits, "and the investment of time is as significant as the financial investment."
E-commerce is more than making money and selling something on the Internet. Instead, says Hendricks, ask the broader question: "Do I need better and more effective ways to develop relationships with my customers?"
Hendricks, a consultant in the E-business sector for over 15 years, was contracted as seminar presenter by the New York-based Orion Development Group. He earned a BA in education from the University of Northern Iowa in 1971, followed by a master's in divinity from Asbury Seminary and a doctorate from the University of Dubuque. He has worked as a management consultant for Mobil GIS, Shell Chemical, and the insurance company CGU. Hendricks is also a certified Myers-Briggs Personality Type Indicator and a deBono Creativity Instructor and lives in Overland Park, Kansas.
"Basically, there are two groups trying to capitalize on the Internet and E-commerce opportunities," says Hendricks. "Both are struggling to make sense of the maze of information and mastering the technology is nearly overwhelming for both." The key is very different for each of these two groups:
When asked how small businesses can compete with larger ones on the Internet, Hendricks says that the power of the Internet and E-commerce is that it is a great equalizer. "Small companies and mega corporations are all competing for the same `click of the mouse.' The ability to sell online is not expensive. If you compare the advertising power of Amazon.com versus a local bookstore, then there is a great gap. But that exists regardless of the Internet."
He lists challenges for those building an effective E-commerce business:
That doesn't leave much time for those businesses not yet in the fray to gear up. Those prepared to take the leap should arrive at the Rutgers seminar with a sense of what they want to do, suggests Hendricks. "Bring every piece of customer information you can, and from the first moments in the seminar, keep asking me to provide answers, not just theory."
-- Michael Schumacher
More than ever, employers need to understand New Jersey's whistleblower law, officially termed the Conscientious Employee Protection Act (CEPA), cautions Earl M. Bennett of the Carnegie Center-based law firm, Saul Ewing LLC.
Employees who complain of employers' perceived wrongdoings are likely to get increasing protection against retaliatory action, thanks to several recent Supreme Court rulings. So when an employee makes a complaint related to your business, you need to know what to do and not do, how to avoid mistakes that could constitute retaliatory action, and how to protect yourself against false claims.
Bennett and his colleague, Catherine B. Rinaldi, will give practical suggestions and case examples in a seminar titled "Retaliation in the Workplace: The Changing Contours of New Jersey Whistleblower Law" on Thursday, December 14, at 8 a.m. at Saul Ewing's offices at 214 Carnegie Center, Suite 202. Cost: $40. Call 609-452-3159 (E-mail: ebennett@saul.com).
Under CEPA, an employer cannot take retaliatory actions against an employee because he or she complains either within or outside the company about alleged misconduct. The employee is also protected if he testifies in an investigation or refuses to participate in any activity he believes is unlawful, fraudulent, or is a threat to the welfare of the public or the environment.
This New Jersey whistleblower law dates back to 1980 when the Supreme Court ruled that employers could not terminate employees for refusing to engage in activities that violate the law (Pierce v. Ortho Pharmaceutical Corp). The 1986 CEPA law further protects employees not only from termination, suspension or demotion, but also from any action that adversely affects an employee's working conditions. Since then, the Supreme Court has expanded the statute in several rulings.
As an employer, here's what you need to know:
To prevent problems resulting from employee complaints, Bennett advises: Think prevention. Adopt a written policy that addresses employee concerns about wrongdoing. If an employee does complain, establish an investigative team of at least two people. Interview the plaintiff and witnesses. Prepare a written report and clearly state that no retaliatory action will be taken if the complaint has been made in good faith.
What if an employee does accuse you of retaliatory action? Bennett cautions that the employer must show the court evidence that its actions related to the employee were not based on retaliation. The employer must have documentation showing why the employee was terminated, disciplined, or otherwise acted upon. If the employer has accurate and solid documentation, the burden of proof rests with the employee.
-- Lynn Robbins