If you are shopping in the real world, you aren't carrying a sign with your address on it. But in the virtual world, even if you're just window shopping, more and more Web sites require that you register or accept a "cookie" so they can track your Internet travels.
The end result is that consumers are wary of the Web. They know that a social security number entered online could wind up in an identity thief's hands. They know that a phone number or e-mail address given for "questions about your order" could quickly turn into dinnertime sales pitches or junk emails flooding their in-boxes. And they want it to stop.
And so the next time consumers go to a Web site and are asked to fill in their name, address, age and income levels, they give a bogus identity to avoid being tracked -- such as Albert Einstein with an income of $5 and an e-mail address of e=mc2.
What are consumers really saying when they do that? They're saying they don't trust the security of the site, and they don't trust that the owner of the site is going to respect their privacy and not abuse or sell their personal data.
Harris Interactive says 70 percent of consumers worry their online transactions aren't secure and 75 percent are concerned companies will share their personal information with others. Those fears reduced US online purchasing by $15 billion last year, according to the latest consumer research.
It's estimated that electronic commerce would double if people had greater confidence that their privacy was protected on the Web. In fact, the lack of confidence in privacy outpaces ALL other concerns -- including price and ease of use -- in inhibiting people from buying on the Web.
That's a huge wasted opportunity. And a very clear message that we have some serious work to do to turn these percentages around.
And while serious -- very serious -- the privacy issues we're dealing with today are trivial compared to what's ahead. What are the implications for individual privacy in a world where millions of people are driving Internet-enabled cars that have their movements monitored at all times? What happens to privacy for millions of people with Internet-enabled pacemakers? Who has access to real-time data on your heartbeat, blood pressure and cholesterol levels? Your doctor? Your insurance company?
The answer must begin with a responsible marketplace. Through business policies and practices, the IT industry has to send an unambiguous message that tells people: "You can trust us. You have choices. They will be respected. And you'll know in advance how any information that you give us will be used."
If you build relationships with customers based on trust, they will ask you to add them to mailing lists, they will ask you to recommend products from marketing partners, and they will stick by you forever.
Here are some rules designed to set the stage for acceptable use of customer data:
* Give customers a choice about using data beyond what is required for transaction processing. Consumers will continue to embrace the Internet only to the degree that they trust those who use the technology to respect the privacy of their personal information. Equipping consumers with knowledge and choice about how their personal information is used is key to building such confidence and trust.
* Last, businesses must look for ways to improve their privacy practices. Consumer demand for privacy is increasing. Just as companies continually look to improve their products and services to meet customer demand, the same thing needs to be done with regard to privacy.
The good news is new technologies are coming to market that give individuals the power to prohibit or limit others from tracking their movements on the Web. For example, there's specialized software that will enable businesses to automate enforcement of company privacy policies. Another solution is emerging in open standards like the Platform for Privacy Preferences (P3P), which allows your browser to compare a Web site's privacy policies with your own preferences, thereby ensuring that you only visit or do business with Web sites that agree to meet your personal standards for privacy protection.
The IT industry needs to continue to accelerate work in this direction. But these technologies are not the only solution. The answer lies in companies instituting strict practices and behavioral standards -- and following them.
Dr. Arvind Krishna is the vice president of security products for Tivoli Software at IBM. Previously, he was the director of Internet infrastructure and computing utilities research at IBM's Thomas J. Watson Research Center. Krishna joined IBM in 1990, and since then has held executive, technical management, and research positions in the areas of Web infrastructure, network and computer security, wireless networks and distributed computing.