When users visit any Web site, their computer exchanges data with remote servers hosting the site. In doing so, sites may anonymously track user activity, including time spent viewing a page, what links were clicked, etc. This allows sites to tailor advertising and even content they believe suits their users best.
Companies should clearly disclose their policies concerning information collection. The AAF has outlined the steps all companies should take in establishing an online privacy policy: 1. An organization’s privacy policy must be easy to find, read and understand. 2. It must be available at or before the time that information is collected or requested. 3. The policy must state clearly what information is being collected, how it will be used and who else will have access to the information. 4. Individuals must be allowed to decide whether the site can use their information. 5. Individuals must be assured their data is secure. 6. The company must take steps to ensure that information is accurate.
Some legislators have introduced broad online privacy laws that do not distinguish between sensitive financial or medical data and other benign data, such as saving a mailing address in order to expedite future purchases.
Last Updated: August 2007