New Worries in Ecommerce

The increasing prevalence of ecommerce, social networks and other technological advances offer unprecedented convenience and access to shopping, paying your bills and interacting with the world. With these benefits, there are dangers in putting personally identifiable information on the internet that go beyond the obvious stolen credit card or social security numbers. Responsible online businesses have lots of tools to help set their customers at ease but there is not always a perfect understanding between the parties regarding what they can and will do with private information.

The most common way for online businesses to make their clients comfortable with their online lives is a privacy policy. A privacy policy is the online business’ notice to its users that generally sets forth what information it will collect, how it will be collected, who it will be shared with and where a user can go to keep any of the aforementioned from happening (opt in/opt out options). However, even if a diligent consumer actually reads through the privacy policy of a site every time they click to acknowledge doing so, is it clear what, how and from who private, personally identifiable information is going to be protected?

Two recent instances serve as an example of how the privacy expectations of the business and consumer may not be one in the same.

Using an automated device to pay for toll roads may make commutes more convenient but there is a trade off if you are hoping to keep your travels to yourself. E-ZPass is a device used primarily in the northeastern United States, which consists of a RFID transponder being mounted in an automobile. As the E-ZPass vehicle approaches a toll booth, there is no need to slow down as the device communicates with the toll facility and debits a pre-established account for the toll. When a consumer uses the device they are also providing the agency administrating the system with a time stamp of where they were at a specific time. The Associated Press reports that of the 12 states that use the automated toll payment system E-ZPass, 7 will respond to civil court orders. This means that in divorce litigation for example, it is easy to confirm where a party was by using this technology.

In another example, a gentleman in Houston has brought suit against 1-800-FLOWERS.com alleging that the company did more with his information than he had authorized. According to a Houston Chronicle story, the plaintiff purchased some items from the online retailer with a credit card. The suit alleges that the items purchased were for a party other than his wife, whom the plantiff was separated from at the time.

Some time later, after the plantiff and his wife had reconciled, 1-800-FLOWERS.com, sent a thank you note and some coupons which were received by the wife who then requested a receipt for the transaction. 1-800-Flowers supplied the receipt along with the personal note that originally accompanied the gift. She in turn is using that information in divorce proceedings. Whether this was permissible under the privacy policy the online retailer was operating on is now a matter for the court, as is whether there are any identifiable damages resulting from this information being shared.

What is clear, however, from both of these scenarios is that setting clear privacy expectations and procedures is a must. And further, when companies utilize privacy insurance protection to transfer some of the risk, coverage for identity theft and credit/debit card fraud should not be the only concerns.