{"title":"A study of web privacy policies across industries","authors":"Razieh Nokhbeh Zaeem, Suzanne Barber","doi":"10.1080/15536548.2017.1394064","DOIUrl":null,"url":null,"abstract":"ABSTRACT Today, more than ever, companies collect their customers’ Personally Identifiable Information (PII) over the Internet. The alarming rate of PII misuse drives the need for improving companies’ privacy practices. We thoroughly study privacy policies of 600 companies (10% of all listings on NYSE, Nasdaq, and AMEX stock markets) across industries and investigate 10 different privacy pertinent factors in them. The study reveals interesting trends: for example, more than 30% of the companies still lack privacy policies, and the rest tend to collect users’ information but claim to use it only for the intended purpose. Furthermore, almost one out of every two companies provides the collected information to law enforcement without asking for a warrant or subpoena. We found that the majority of the companies do not collect children’s PII, one out of every three companies lets users correct their PII but does not allow complete deletion, and the majority post new policies online and expect the user to check the privacy policy frequently. The findings of this study can help companies improve their privacy policies, enable lawmakers to create better regulations and evaluate their effectiveness, and finally educate users with respect to the current state of privacy practices in an industry.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"43 1","pages":"169 - 185"},"PeriodicalIF":0.5000,"publicationDate":"2017-10-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"20","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Information Security and Privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1080/15536548.2017.1394064","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}
引用次数: 20
Abstract
ABSTRACT Today, more than ever, companies collect their customers’ Personally Identifiable Information (PII) over the Internet. The alarming rate of PII misuse drives the need for improving companies’ privacy practices. We thoroughly study privacy policies of 600 companies (10% of all listings on NYSE, Nasdaq, and AMEX stock markets) across industries and investigate 10 different privacy pertinent factors in them. The study reveals interesting trends: for example, more than 30% of the companies still lack privacy policies, and the rest tend to collect users’ information but claim to use it only for the intended purpose. Furthermore, almost one out of every two companies provides the collected information to law enforcement without asking for a warrant or subpoena. We found that the majority of the companies do not collect children’s PII, one out of every three companies lets users correct their PII but does not allow complete deletion, and the majority post new policies online and expect the user to check the privacy policy frequently. The findings of this study can help companies improve their privacy policies, enable lawmakers to create better regulations and evaluate their effectiveness, and finally educate users with respect to the current state of privacy practices in an industry.
期刊介绍:
As information technology and the Internet become more and more ubiquitous and pervasive in our daily lives, there is an essential need for a more thorough understanding of information security and privacy issues and concerns. The International Journal of Information Security and Privacy (IJISP) creates and fosters a forum where research in the theory and practice of information security and privacy is advanced. IJISP publishes high quality papers dealing with a wide range of issues, ranging from technical, legal, regulatory, organizational, managerial, cultural, ethical and human aspects of information security and privacy, through a balanced mix of theoretical and empirical research articles, case studies, book reviews, tutorials, and editorials. This journal encourages submission of manuscripts that present research frameworks, methods, methodologies, theory development and validation, case studies, simulation results and analysis, technological architectures, infrastructure issues in design, and implementation and maintenance of secure and privacy preserving initiatives.