The battle between the customized web and protecting privacy

With the internet being such a vast expanse of information, there is a desire to customize the internet to the individual, to be able to quickly find or access what one is looking for. Companies want to drive perspective customers to their sites, and then to make it easy for them to spend money. These seem like worth while goals, but is the a cost to facilitating navigation through the web?
  

PII, Cookies, and Deep-packet Inspections, Oh my

To begin, let's define a few terms:

PII, or Personally Identifiable Information, is any information that can be used to distinguish a person's identity.
 More on PII on www.gsa.gov
 

A cookie is a piece of text that a web server can store on a user's hard disk. Cookies allow a Web site to store information on a user's machine and later retrieve it. The pieces of information are stored as name-value pairs.

 Article on cookies

Deep-packet Inspection - Through Internet service providers, companies are able to gather information on full extent of computer usage. Every site visited, every search, even every email sent can be harvested. This information is then used to profile a person’s interests, and then sold to advertisers to allow for targeted ads. Companies involved say that customers’ privacy is protected because no PII are released.

 Washington Post article on Deep-packet inspection

Companies Selling information on their Customers

Whether we are aware of it or not, many of the companies we do business with sell information on us.  Any information they have access to (items searched for, location, gender and so for) has the potential to be used or sold to a third party. Often on their site is a privacy policy outlining what they collect and how they use it and share it with other companies. With information passing between companies, how is that information safe guarded? How many customers take the time to educate themselves on these practices? If kept anonymous, at what point does this packaged information lead to a detail profile that can lead back to the user and therefore be view as PII? Do the companies with these practices have a clear way for their customers to opt out?

 Walmart's Privacy Policy

Insight from two Business owners

As part of my research I asked some business owners for their views of these practices. The following are their responses.

Adrian Dayton, founder of ClearView Social, Inc 

"1. Should people buy and sell this information? Absolutely. Not because it is creepy or weird, but because it helps us understands somebody's needs better. Take Facebook for example, through seeing what you look at, they can tailor adds to your liking. Contrast this with news sites that share with everyone the same article to help reduce belly fat. I have some belly fat, but certainly not enough to want to spend money to get rid of it. 

2. The limitations are pretty obvious in my opinion. Information must be anonymized. This is the only way to guarantee that you maintain the privacy of individuals.  This is the pact, we share our information and in exchange they keep in anonymous and sell us the things we have demonstrated we are interested in. 

3. There needs to be some disclosure and some way for consumers to opt out. There is something similar to this that exists right now, where you can disable cookies, but you can only take advantage of that if you are familiar with the way this data is collected and used. In my opinion there should be far better disclosure for all users of this information."

Drew Payne, owner of Payne Brothers Custom Knives

He started off his response by saying he would not sell information without the customers knowledge, he would not sell it period. He stated, "I don't want to loose a potential customer because word got around that I do that." He went on to say how he hates being inundated by spam email, junk mail, phone calls, or other forms of ads just because he has done business online. As a small business, in order to do much of the data collection, an outside company would have to be brought in for that. Just because they state that their databases are done by client ID and does not contain person information, it does not mean they do not come across that or that their information is not enough to create a profile to get that. Gathered or sold information finding it's way into the wrong hands can cause severe issues to his customers. He concluded by stating that, "I would suffer through being a new small business than to do that to someone."

Conclusion

Businesses that participate in ecommerce should make every effort to protect those who do business with them. There is much that can be done to protect personally identifiable information. Through search engines, prospective customers are able to shop around, not only for the best price and quality, but also for a business they are willing to trust. At a time when one mistake can kill a reputation and business, it becomes important to be transparent in dealings with customers. If a company is going to collect or sell information gathered from their costumers, they need to make sure that they clearly state what is collected, with whom and how it is shared, and how it is protected. 

Individuals should take the time to understand how and what information is being collected on them. When seeking the best deal, make sure that PII is not part of the cost.