دانلود رایگان مقاله انگلیسی مطالعه سیاست های حفظ حریم خصوصی وب در صنایع - تیلور و فرانسیس 2017

ABSTRACT

Today, more than ever, companies collect their customers’ Personally Identifiable Information (PII) over the Internet. The alarming rate of PII misuse drives the need for improving companies’ privacy practices. We thoroughly study privacy policies of 600 companies (10% of all listings on NYSE, Nasdaq, and AMEX stock markets) across industries and investigate 10 different privacy pertinent factors in them. The study reveals interesting trends: for example, more than 30% of the companies still lack privacy policies, and the rest tend to collect users’ information but claim to use it only for the intended purpose. Furthermore, almost one out of every two companies provides the collected information to law enforcement without asking for a warrant or subpoena. We found that the majority of the companies do not collect children’s PII, one out of every three companies lets users correct their PII but does not allow complete deletion, and the majority post new policies online and expect the user to check the privacy policy frequently. The findings of this study can help companies improve their privacy policies, enable lawmakers to create better regulations and evaluate their effectiveness, and finally educate users with respect to the current state of privacy practices in an industry.

Conclusions

We studied privacy policies of 10% of all the North American companies listed on NYSE, Nasdaq, and AMEX stock markets. We manually assigned green/yellow/red risk levels for how the policy treats any of the following 10 privacy pertinent factors: E-mail, Credit Card Number, Social Security Number, Ads and Marketing, Location, Children, Sharing with Law Enforcement, Notice, Choice, and Aggregation. The study revealed interesting statistics in each of the ICB industries as well as overall. Most importantly, we saw an inclination to collect users’ PII but to use only for the expected service of the company. These statistics can assist companies in advancing their privacy practices, regulators in judging the effectiveness of related laws, and users in raising their awareness. We found that:

(1) Strikingly, 31% of these companies do not have any form of privacy policy or notice on their websites.

(2) The companies that did post a privacy policy showed a consistent inclination to toe the line— playing it safe so as to minimize their risk, while simultaneously choosing to gather personal information to increase their utility and value. For instance, 81% of the companies (ranging from 53% to 93% across industries) collect e-mail addresses and 64% of the companies use PII (including e-mail addresses) to promote their own services or products.

(3) Regulation, e.g., protecting children’s PII (COPPA, 1998), has positively affected privacy policies with respect to children (FTC, 2002): as little as 13% of policies studied collect PII of children under 13.

(4) The companies provide users’ PII to law enforcement, and 45% do not even ask for official documents like a warrant or subpoena.