Privacy Glitches: Is Anyone Safe Online?

Reports of security glitches and inadvertent revelations of user identities on Web sites no longer carry the shock value they once did.

That's because they have materialized time after time, causing consumers to become a bit more numb with each incident. By now it is almost de rigeur to hear of hundreds of innocent computer users having their personal information exposed for all to see.

Recently, the culprit was venerable pharmaceutical company Eli Lilly (NYSE: LLY), whose spokespeople cited a "programming error" as the reason for approximately 600 Prozac users having their e-mail addresses displayed for all to see.

Now that we're a Prozac nation, some might say the recent mishap was neither surprising nor significant. However, while consumers are not easily shocked anymore, they are still concerned with their rights to privacy.

Nothing Sacred

These mistakes were not supposed to happen, particularly with companies dealing in medical data.

After all, some might say it's bad enough we can't even keep our tastes in music and selection of books to ourselves anymore. In any case, when it comes to health issues, no compromise of personal information is acceptable.

Earlier this year, the Health Insurance Portability and Accountability Act was finally put into use after being initiated in 1996. HIPAA, in part, was designed to prohibit discrimination against employees and dependents based on their health status. Some observers argue that an exposure of data by a pharmaceutical company could violate parts of HIPAA.

However, even if it does not reach the level of such violations, any type of exposure of highly personal information is clearly unacceptable.

Governmental Gaffe

Meanwhile, as legislators in Washington D.C. toss about various ideas to safeguard the privacy and security of Internet users, the government suffered its own unfortunate security breach this month.

It seems a U.S. Department of Commerce Web site, designed to help businesses comply with the international "Safe Harbor" program, accidentally left proprietary information from those companies exposed for nearly one year.

Ironically, the Safe Harbor program was created to provide U.S. companies protection from stringent European laws regarding the transfer of personal data. Some observers are now left wondering if this particular governmental snafu could set international e-commerce back a giant step.

Elusive Solutions

The Bush administration is reportedly floating an idea to convene a panel of experts to oversee Internet security. Such a panel might be a solution, since it is clear no single agency or individual can manage the gargantuan task of protecting public privacy on the Internet.

The old concept of a "privacy czar" is far too limited, even if that individual would be willing to call on industry experts and IT gurus. Any creation of new privacy standards and legislation has to be a team effort of IT specialists, research and development personnel, business owners and legislators.

Each brings a level of expertise to the table, and each deserves to be heard.

Meeting of Minds

With the curtain down on Act I of e-commerce, the call for more efficient privacy measures among Web sites has taken on a new sense of urgency.

Act I had everything to do with pioneering efforts to simply show the public a new way of conducting commercial transactions.

Now that investor capital has all but disappeared, so those companies still in the game must re-double their efforts to keep their customers loyal. Any compromise of customer personal data could be the first step toward the dot-com graveyard.

As fast as industry pundits can prophesize about security solutions and legislators about the need for laws, new security glitches are being discovered. The urgency for a solution is there, even if -- or especially if --the revelations no longer shock us.

The Snowball Effect

Right after the Eli Lilly debacle and the Commerce Department's embarrassing glitch, Check Point Software Technologies reported it had discovered a flaw in its FireWall-1 and VPN-1 security software -- products that it had touted as the ultimate security solution. The flaw, if left undetected, could have launched denial of service attacks, among other disasters.

Check Point moved quickly to offer a "patch" for this particular hole, but users who haven't read about the problem here or elsewhere may be sitting targets for hackers.

Therein lies the problem for anyone doing business on the Internet. How many other undetected security holes already exist, and how many more consumers will have their privacy compromised as Internet technology and e-commerce mature?

What do you think? Let's talk about it.