by CIO Staff

Online Retailers Flouting Privacy Laws

Jun 20, 20062 mins

Be careful with the secrets you reveal to online retailers. You just don’t know where your personal data could end up and how it might be used.

This was the warning issued by Ottawa-based Canadian Policy and Public Interest Clinic following its release of a survey that showed “widespread noncompliance with federal privacy laws.”

Funded by the Privacy Commission of Canada, the survey, titled “Compliance with Canadian Data Protection Laws: Are Retailers Measuring Up?” questioned 64 online retailers on their observance of legal requirements for accountability, openness and consent in collecting customer data.

It also polled 72 online and offline retailers on their compliance with “individual access”—the PIPEDA requirement to inform individuals of the existence, use and disclosure of their personal information upon request, and to give individuals access to that information.

The survey’s findings are hardly encouraging.

While 94 percent of retailers surveyed did have privacy policies, these tended to be lengthy, ranging from 1,000 to 2,000 words. In most cases, policies were not conspicuously visible to consumers.

The survey also found 48 percent of the retailers share information with other companies for purposes beyond those necessary for the transaction or service originally sought by the customer. Furthermore, only one of these companies restricted data sharing to its affiliates. Yet 34 percent did not offer consumers a choice regarding this practice during the registration or ordering process.

Some 78 percent of the sample companies rely on opt-out methods to obtain consumer consent to secondary use or disclosure of their personal information.

In at least 18 cases, the assessors were not sure whether consent to secondary use or disclosure was mandatory because the privacy policy was either unclear or nonexistent. Thus, 39 percent of the companies were found in violation of PIPEDA’s rules.

-Nestor E. Arellano, CIO Canada (June 2006)

Check out our CIO News Alerts and Tech Informer pages for more updated news coverage.