Showing posts with label security. Show all posts
Showing posts with label security. Show all posts

Friday, December 21

Self-Regulating The Net: FTC


The Federal Trade Commission released five proposed principles and guidelines for self-regulation in the behavioral advertising industry, which includes the tracking of consumer activities online (searches, page visits, viewed content, etc.).

While the FTC has been looking at privacy issues related to the Web for more than a decade, it was expected that the high visibility of privacy issues recently created, in part, by Facebook, that the FTC would be taking a Facebook hard look at privacy issues in 2008.

In sum, the FTC suggests that companies involved in tracking and targeting consumers always inform consumers of the data they collect, how it is to be used, that they have a choice to opt-in, and that any changes to this agreement are stated, which would require their expressed consent.

Here are five principles for behavioral advertising (paraphrased):

Transparency and consumer control. Every Web site where data is collected for behavioral advertising should provide a clear, concise, consumer-friendly, and prominent statement that (1) data about consumers’ activities online is being collected at the site for use in providing advertising about products and services tailored to individual consumers’ interests, and (2) consumers can
choose whether or not to have their information collected for such purpose.

Reasonable security, and limited data retention, for consumer data. Companies should retain data only as long as is necessary to fulfill a legitimate business or law enforcement need. (The FTC staff is also seeking comment on how long companies should retain such data.)

Affirmative express consent for material changes to existing privacy promises. Companies must keep any promises that it makes with respect to how it will handle or protect consumer data, even if it decides to change its policies at a later date. Any changes in how collected data is used requires obtain affirmative express consent from affected consumers.

Affirmative express consent to (or prohibition against) using sensitive data for behavioral advertising. Companies should only collect sensitive data for behavioral advertising if they obtain affirmative express consent from the consumer to receive such advertising. (The FTC staff is also seeking input defining sensitive data and whether some data should never be collected.)

Call for additional information: Using tracking data for purposes other than behavioral advertising. FTC staff also seeks comment on what constitutes “sensitive data” and whether the use of sensitive data should be prohibited, rather than subject to consumer choice. (Comments will be received through Feb. 22.)

The latter suggests carrot dangling (perceived benefits) for sensitive information (like social security card numbers) might not be an option.

Overall, the FTC has been very balanced in its approach to online advertising, recognizing there is a fine between protecting consumers and allowing companies to develop advertising programs that fund content and benefits for consumers.

But what is most important is to consider that self-regulation is generally maintained by the willing participation of companies to adhere to these principles. Every abuse, especially by visible companies, will move these principles toward permanent federal regulation. You can find the complete FTC guidelines here.

Digg!

Wednesday, September 27

Increasing PDA Security


GFI, a international developer of network security, content security, and messaging software, recently launched a new white paper about the new and increasing threat of "Pod Slurping."

The paper explores the threat posed by portable storage devices and considers security measures that should be implemented in addition to perimeter solutions such as firewalls and anti-virus software. Easy connectivity and high speed data transfer means that by simply plugging a device into a USB or FireWire port, a data thief can get away with more information than ever before. This increasing leakage, ciphering and disclosure of corporate data have been coined the term "pod slurping."

There is no denying that these devices are increasingly popular -- by 2009 it is expected that shipments of iPods and other MP3 players will surge to nearly 124 million units.

"Data slurping is a very simple and automated process. It doesn't require any special technical expertise to steal a company's data using a portable storage device," said Simon Azzopardi, MD EMEA, GFI. "A company needs to protect its network by introducing technological barriers that enable control over data transfers throughout the network."

To download a copy of the White Paper, visit Pod Slurping White Paper.
 

Blog Archive

by Richard R Becker Copyright and Trademark, Copywrite, Ink. © 2021; Theme designed by Bie Blogger Template