Chapter 15 • Social, Ethical, and Legal Issues 581companies for the purpose of enticing the unwary to give
their personal identifying information and credit card num-
ber to potential identity thieves. But we might not be aware
that legitimate, trusted businesses are collecting personal
information about us and our shopping activities and selling
them to others. As described in Chapter 7, some companies
participate in independent certification programs, such as
TRUSTe, and note this association on their Web site (such
as by displaying the TRUSTe seal).
When you visit a Web site, that site might deposit a
cookieon your computer in a cookie file provided by your
Web browser. The cookie is a small record that identifies you
to the Web site you visited and allows it to set up a file on its
computer that can record information about the actions you
take with that site. When you visit that site again, the cookie
is retrieved, and that data are used to access your file on the
site. This can be very helpful to you. For example, if you
have made a purchase from that store, it might have saved
your name, address, and credit card number so you do not
have to enter that information again (but only verify it) when
you wish to make another purchase. The Web store might
also maintain a record of the particular items you looked at
and the purchases you made and analyze that information to
determine your interests and target its advertising and pro-
motions to those interests. As described in Chapter 7, this
type of personalization was pioneered by Amazon.com, and
today it is considered a characteristic of a good retailing site.
From the standpoint of your privacy, this use of cook-
ies is relatively benign. Furthermore, it provides the basis
for “target marketing” that is very beneficial to the marketer
and also helps provide you with promotional material that
might be of interest to you instead of just junk mail.
However, you might not know about the cookie or the infor-
mation that the Web site maintains about you. Further, if the
Web site sells that information to others without your per-
mission, that is a definite violation of your privacy because
you have lost control of your personal information. This
information, along with similar information from other
Web sites that you visit, might end up in the database of a
data broker whose business is building comprehensive
dossiers on people and selling them. You might or might
not care about whether a comprehensive picture of your
buying habits and interests is freely available, but some
people consider this to be a gross invasion of their privacy.
Cookies can also be used to develop more compre-
hensive information on your interests and preferences as
you surf across a number of Web sites. For example,
DoubleClick Inc., a leading Internet advertising service,
places ads for thousands of advertisers on thousands of
Web sites that employ their services. When you visit one of
these client Web sites, a cookie is deposited on your com-
puter that identifies you as described previously. However,
that cookie also identifies you when you visit any other
DoubleClick client Web site, so your record in
DoubleClick’s computer includes information about your
viewing and purchasing behavior across all of
DoubleClick’s client sites. This information is extremely
valuable to advertisers, for they can then display ads to you
that fit your interests and you have a higher than normal
probability of responding to their ads. Any improvement in
the response rate is of great value to an advertiser, and you
might also benefit by not being subjected to as many ads in
which you have no interest.
The data collected by the use of a cookie is
anonymous—the cookie only identifies your browser to
DoubleClick’s computers. However, in 2001 DoubleClick
made a strategic investment in Abacus Direct, a direct mar-
keting service that served direct mail and catalog marketers.
Abacus had buying information on 88 million households,
including name, address, telephone number, credit card num-
bers, income, and purchases. DoubleClick soon announced a
product that provided advertising services based upon merg-
ing its Internet database with the Abacus database to serve
cross-channel marketers. When this linking of databases was
publicized by the news media, it elicited a storm of protest,
and DoubleClick announced that it was withdrawing that
product until suitable privacy standards had been developed.
After the addition of some privacy guidelines, the product
was returned to DoubleClick’s product line. In 2008, Google
purchased DoubleClick for $3.1 billion. As would be
expected, the combination of the information that Google
maintains on your search history with DoubleClick’s infor-
mation is very disturbing to some privacy advocates.
Except for the financial industry, in the United States
there are no laws regulating the collection and sharing of
such data. Many companies on the Web do not post a pri-
vacy policy, and many other companies post privacy poli-
cies that do not fully explain what data they collect or how
they use or share the data. Furthermore, companies can
change their privacy policies at any time without notifying
those whose data they have collected.Workplace Privacy
There is no expectation of privacy in the workplace. The
U.S. courts have held that a company can monitor anything
done using company computers. Employees need to be
aware that e-mail is archived on company computers and
preserved for a long time, so deleting an e-mail message
does not remove it from company records. Furthermore, if
the company is investigated by a government agency, the
e-mail archives might be turned over to the investigating
agency. Enron employees were dismayed in March 2003
when 1.6 million personal e-mails and documents were