Mark Gibbs: Protecting privacy revisited


“Protect your family against Biochemical attack. With a Quality Gas mask and water purifier you can increase your chance of surviving this real threat to our country. We offer a complete Biochemical Emergency Kit.”

– Opportunistic spam from, which wins this week’s Scuzzy Commercial Unsolicited Mailing (SCUM) award.

A few issues ago, we discussed how our privacy is being eroded in a death-by-a-thousand-cuts kind of way thanks to e-commerce, and I threatened to discuss what you need to do to ensure your organization is not guilty of breech of client trust and lack of customer care (“Privacy ants…,” NWC, November 2, 2001, page 22).

Wait a minute. Did I hear one of you say it isn’t your job to worry about privacy? Boy, you are so wrong! You’re the one who knows about computers, networking and the Internet, and if you aren’t involved your colleagues will run the company into a thousand kinds of trouble – by spamming, releasing data to the wrong people, leaving security open and so on.

Even if you have a privacy officer on staff, the post appears in most cases to be more about legal rather than technical compliance – thus, these guys can’t effectively perform their jobs without IT’s support and compliance!

You, as an IT professional, must know what is happening in your organization with customer information and be proactive about ensuring its use and safety. And, while I’m at it, the integrity of that information is crucial to maintaining privacy.

There are many ways user privacy can be breached, as you read in the previous column. Let me give you another example: The spam I quote at the beginning came through an e-mail address I haven’t used for perhaps five years!

The bottom line is that the majority of privacy violations occur through weak or deficient business processes. For instance, last month’s example about Embark Network e-mailing private information about a customer to me by mistake could have been easily avoided if someone in IT at Embark or at the Katharine Gibbs School had thought for a moment, “What could go wrong?” They would soon have found themselves asking, “What happens if an applicant enters the wrong e-mail address?”

Now the range of ways to violate a user’s privacy is enormous, so let’s just focus on three basic but major ways to avoid violating user’s privacy when you interact with them online:

    Always use double opt-in for e-mail addresses.

Whenever anyone gives you an e-mail address (the core of last month’s problem) you should send a message to that address with a Web link (or another mechanism) that must be followed to confirm reception of the message. The server should require the user to log on to confirm the e-mail address is his. After this kind of process you can say with confidence that the user entered the correct address.

2. Do not send information that doesn’t need to be sent. Again, thinking of last week’s column, the full details of the student’s application didn’t need to be sent to the student automatically. It would have been better to leave the information on a Web site and, if the student wanted a copy, provide a secure mechanism for delivery.

3. Do not send passwords in e-mail. This is so basic it shouldn’t need to be said, but the fact is many companies will do it. If you need to give a user a new password, do something like this: After ensuring that his e-mail address is his, send him a link, have him authenticate over Secure HTTP and then show him the password or let him change it.

Gibbs is a contributing editor at Network World (US). He is at