Your Privacy Online

When you buy something from a company online, that company collects information about you. The information it collects is not necessarily limited to what the company needs to process your order, such as your name and address. It may also collect information about the products you buy, how much you paid, when you bought the product, where you shipped it and which website pages you visited. The company may even track which website you came from and which website you go to when you leave their site.

Is there a law that protects my privacy online?

Online sellers are generally not required by law to maintain the privacy of people who shop at their sites, which means that they can share or sell any of the information they collect from and about you with other companies. As a result, you may receive more direct-mail advertising, spam, or calls from telemarketers. You may also see more "targeted" ads, which are ads that are selected for you based upon your recent online purchases and browsing habits. Some companies may offer different prices for the same products based upon what a shopper has purchased in the past and even which websites that shopper has visited!

What should I look for in a website's privacy policy?

Surveys have shown that many consumers are concerned about what companies know about their online shopping habits, and what they are doing with this information. Consumers are also confused about how much information companies are collecting about them and often don't know what companies do with this information. In response, government regulators have encouraged online sellers to post privacy policies on their websites.

If a site does not have a privacy policy posted, you may not want to do business with that site. If it does have a privacy policy, there will probably be a link to it from the seller's home page. The privacy policy may have its own link or be included under other titles such as "Terms and Conditions" or "Legal Terms."

A seller's privacy policy should indicate:

  • What information the seller is gathering about you;
  • How the seller will use this information; and
  • Whether and how you can "opt out" of these practices.

Keep in mind that the fact a website posts a privacy policy does not necessarily mean that it does a good job of protecting your personal information. A policy that says the company can do whatever it wants with your information is still a privacy policy.

What about the privacy disclosures I receive from financial institutions?

Federal law requires financial institutions (such as banks, credit card companies, investment advisers, and tax preparers) to tell you what kinds of information they collect from you, with whom they share it, and in some cases to give you an opportunity to prevent or "opt out" from their sharing it with others. These disclosures are often found on a piece of paper enclosed with the monthly bill or statement you receive in the mail. If you wish to prevent sharing of your information with other entities, you need to thoroughly read the privacy notices you receive and comply with the opt-out instructions (which may be difficult to find and read).

Some websites display a seal of approval from a privacy organization. What do these mean?

Although it may seem reassuring to find on a seller's website a logo, icon, or seal of an independent organization that monitors privacy policies and practices, you should also check the seller's privacy policy for yourself. These organizations may not require the seller to adopt any specific level of privacy protection. Instead, they might only require the seller to comply with whatever practices the seller has chosen to make part of its privacy policy.

Also, these organizations are not financially responsible if the seller breaches the terms of its privacy policy (although they might help you to arrange a settlement with the seller). If you see a certification or a logo of such an organization and want more information, try clicking on the logo and you may be taken to its website.

What are cookies, adware and spyware?

Many websites are programmed to insert a small file-commonly called a "cookie"- onto the hard drive of your computer, that carries identifying information. Some cookies serve to identify you to the website and may be required to use the site. Some function to save you the trouble of retyping information every time you visit. Others keep track of what sites you visit and what things you look for on the web and may even be able to obtain your email address from your visit. Marketers are interested in such information and may use it to tailor ads to send to you. Programs that send you targeted advertisements are called "adware."

A bigger problem is when you download free programs or visit certain websites and programs are added to your computer without your knowledge. These programs, often referred to as "spyware," may not only keep track of what you do online, they may even be used to keep track of what you type on your keyboard, including your personal information and passwords.

How can I avoid cookies?

You can change the preferences in your web browser to prevent or limit the use of cookies and/or to block certain types of websites. How to do this varies depending on which browser you use. You can find instructions by looking in the help documentation for your browser or by searching on "how to disable cookies" in a search engine.

If you use Internet Explorer, you can delete cookies manually by clicking on "Tools" in the menu bar, clicking on "Internet Options," going to the "General" tab, and pressing the "Delete" button to delete cookies, passwords and other stored data. You can also customize your browser setting to accept cookies, block them, or prompt you for a decision about each cookie. To do this, click on "Tools," click on "Internet Options," click on the "Privacy" tab, and then click "Advanced." You may want to allow first party cookies but block or prompt third party cookies. You may be surprised at how many advertising companies are tracking your online activity.

If you use Firefox, you can change your cookie preferences and delete stored data by clicking on "Tools," "Options," and then "Privacy."

What are some signs that my computer may be infected with spyware?

If your computer starts to act oddly, it might be a computer virus at work. If your computer sounds like it is running too fast or heating up, or if your cursor starts to move around by itself, you should immediately disconnect from the Internet and shut down your computer. When you reboot, you should run an anti-virus scan. As a precaution, you may want to reset any passwords (using another machine, of course).

How can I visit a website without revealing my identity?

There are various services that offer to mask your identity when browsing the web. Some of them offer free services, while others require payment. You can locate these services by searching for them with a search term like "anonymous browsing." But be aware that absolute anonymity online is probably impossible and that someone who is skilled enough will most likely be able to trace your online activity to you.

How can I prevent my online activity from being saved on my computer?

Current versions of the most popular browsers (such as Firefox, Internet Explorer, and Chrome) offer a "private browsing" mode. Using this mode prevents your browser from saving data generated by your online activity, such as browsing history, passwords, cookies, and search terms. This can be useful for protecting your privacy if you share your computer with somebody else. Private browsing mode does not, however, make you anonymous to the websites you visit.

For the Lawyers

The Federal Trade Commission ("FTC") offers a trove of information about online privacy on its website. Much information that may be useful in advising businesses about compliance with privacy laws and rules can be found here.

How To Comply with the Privacy of Consumer Financial Information Rule of the Gramm-Leach-Bliley Act

Privacy Rights Clearinghouse