Not from Your Grandmother’s Kitchen: Online Privacy and Cookies
For many, the thought of cookies brings back fond memories of Nestle Toll House chocolate chips and tall glasses of milk, but in the world of online privacy, the consequences of cookies are greater than extra mile on your morning run – they can have a much more diabolical meaning. A cookie, also known as a web cookie, browser cookie, and HTTP cookie, is a piece of text stored on a user’s computer by their web browser. A cookie can be used for authentication, storing site preferences, shopping cart contents, the identifier for a server-based session, or anything else that can be accomplished through storing text data.
While that all sounds very technical, many of us will be familiar with the online “cookie experience.” If you have shopped at popular site for books or music, you may have wondered how the store “remembers” you when you visit more than once and begins to “suggest” items that you may be interested in purchasing. Typically this is done through the use of cookies as well as other tracking technologies that are used to identify consumer behavior and utilize that information to provide targeted advertising towards them.
Not everything about cookies is bad. Cookies can save you time online. It may be because of cookies that your user name and password are already filled our when you return to a particular website, or that the online shopping site welcomes you upon your return. This kind of convenience and even shopping suggestions may be perfectly acceptable to some folks. In many ways cookies can create a more pleasant shopping experience. It can be akin to when you are in a brick-and-mortar shop that you visit regularly and a store clerk suggests items based on what they have learned about your taste and shopping habits, much like a personal shopper.
However, there are multiple concerns regarding online cookies and consumer privacy. Some cookies are “bad” and can be used as spyware. Cookies can be set up on a web page by third-party companies such as advertising agencies to track visitor behavior across multiple websites. Cookies can be hijacked and used for security attacks on a visitor’s computer, and cookies have been used by several US government agencies to track information about citizens on their websites. As a result of this, the federal government has enacted strict privacy legislation that regulates the use of cookies on government websites. This requirement was modified in 2010 to allow more flexibility in government agencies’ use of cookies and tracking technologies to provide an “enhanced” web visitor experience.
Most modern browsers allow users to decide whether to accept cookies and the time frame to keep them, but rejecting cookies also makes some web sites unusable. It’s important to understand the tradeoff that you are making when you “accept” the default settings for any website or even your web browser. Browsers like Microsoft Internet Explorer 9 have introduced new privacy protections to allow you to limit information the browser provides to the websites that you visit. These enhancements, sometimes referred to as “do not track” features, represent an important advancement in privacy protection for consumers. However these features have to be reviewed and then selected by each computer user. They may not be selected for you by default (unless you are using certain browsers like Internet Explorer 9). Regardless, you should always check for yourself!
In the same way that you protect your identification and credit cards by securing them in your wallet or purse and keeping them properly protected, remember to take the same care with your identification and financial information online. Don’t choose to have websites “remember you” unless you are fully confident in their privacy and security practices. Do select to use the most protective settings in your web browser of choice. While you may have to fill out online forms more than once – and you won’t have that “special item” suggested and waiting for you when you return to the online shops you frequent – just think what you may find when you look across everything available instead of what someone else chose for you. In general, being in control of your privacy is always better.
For consumers and organizations alike, AvePoint provides Compliance Detector, which allows you to “check” the web sites you visit before you share your information with them to be sure that they are properly protecting your personal information. Compliance Detector is a free, educational, and non-commercial solution powered by AvePoint Compliance Guardian. Visit www.compliancedetector.com and try it out for yourself today!
Compliance Guardian is an enterprise compliance management solution that allows enterprise organizations to scan, audit, and report on data within their enterprise file systems, websites, web systems, web applications, and Microsoft SharePoint deployments. Compliance Guardian can not only assess Office files, HTML files, and PDFs to ensure branding compliance as well as protect against privacy (PII/PHI) or accessibility (Section 508) violations, but also can evaluate Images, AutoCAD files, Zip files, and hundreds of file types for privacy and information security issues. Compliance Guardian provides continuous scheduled and real-time monitoring of your web systems to identify non-compliant data across a broad framework of organization-specific or regulatory requirements, including Personally Identifiable Information, Information Assurance, Operations Security, Sensitive Security Information, Accessibility, Brand Management and Site Quality.
So if you are looking to ensure that your organization’s website and web systems are complying with privacy requirements and secure collection practices for personal and sensitive data, appropriate use of tracking technologies, as well as proper use and implementation of your Privacy Statements, be sure to contact AvePoint to learn more about Compliance Guardian.
Dana Louise Simberkoff is the Chief Risk, Privacy and Information Security Officer at AvePoint. She is responsible for AvePoint’s privacy, data protection, and security programs. She manages a global team of subject matter experts that provide executive level consulting, research, and analytical support on current and upcoming industry trends, technology, standards, best practices, concepts, and solutions for risk management and compliance. Ms. Simberkoff is responsible for maintaining relationships with executive management and multiple constituencies both internal and external to the corporation, providing guidance on product direction, technology enhancements, customer challenges, and market opportunities. Ms. Simberkoff has led speaking sessions at data privacy and security events around the globe. She was featured in Forbes, writes a monthly column for CMSWire, and was highlighted in the CSO Online list of “12 Amazing Women in Security”. She is a current member of the Women Leading Privacy Advisory Board and a past member of the Education Advisory Board for the International Association of Privacy Professionals (IAPP). Ms. Simberkoff holds a BA from Dartmouth College and a JD from Suffolk University Law School. LinkedIn: www.linkedin.com/in/danalouisesimberkoff/en Twitter: http://www.twitter.com/danalouise
