In a class action lawsuit involving Microsoft, a U.S District Court judge ruled that IP addresses are not personally identifiable information (PII). In my original post, I made reference to the often passionate and sometimes controversial balance between online security and privacy.

Online businesses are generally focused on the security aspects of this ‘discussion’ with an emphasis on how best to protect themselves and their customers.  Businesses would be well-served to also understand the perspective of privacy advocates. You don’t necessarily have to agree or even have much sympathy for a particular perspective to potentially benefit.

I see two main themes with respect to online privacy concerns. One is more related to identity theft generally directed at how online businesses protect data that could be used to get unauthorized access to an online account or steal someone’s identity. The second theme has more to do with simple invasion of privacy. You will find much controversy here ranging from ownership rights to click stream data to whether or not Google could or does try to determine who you are from search string data.

While most people have real concern about identity theft and genuine sympathy for the victims of this crime, the majority of Internet citizens don’t seem highly concerned over issues related to privacy. Nevertheless, online businesses should not underestimate the passion and strength of the vocal minority here. Keeping this perspective in mind might help keep you out of trouble.  Encourage your employees and customers to point out potential issues. Consider hiring a privacy advocate to review user agreements and potentially sensitive aspects of data security and retention policies.  You don’t necessarily have to address every single issue they might raise, but it might be good to know where you stand and what you’re doing that could potentially create a problem for you at some point.

So what does all of this mean to the perspective on the typical Internet user?

In the world we currently live in, 100% guarantees are hard to come by, and this certainly applies to online security and privacy. However, online and off, there are reasonable steps consumers can take to make it harder for someone to steal their identity. With respect to privacy, there’s what you buy and what you do. In the case of buying something online, you will inevitably need to provide more information about yourself and likely leave a record of your activity.

Aside from making purchases, you can be reasonably anonymous on the Internet. Anyone wanting to surf the Web with an extremely high level of anonymity can simply use an anonymizing proxy service to obfuscate their IP address and apparent location. And there are many other tools and techniques that can be used depending on your level of concern.

I would argue that for the vast majority of Internet citizens there is very little to worry about in the privacy department. Your biggest risks if you’re not careful are target marketing and unsolicited emails. If you would be personally or professionally devastated if someone ever found out that you did a search for X or visited a particular website, or feel very strongly that whatever you do online is absolutely no one else’s business, then take appropriate steps to protect yourself.

But be aware that, like many things in life, tradeoffs are involved. Being more anonymous than the typical Internet user does come with a price. If you use throw-away email addresses, anonymizing proxies and other tools to increase privacy, you shouldn’t be surprised if you have to jump through a few extra hoops to use certain online services, just as you might reasonably expect to get a little extra attention if you walk into a bank to make a legitimate withdrawal wearing a ski mask.

This entry was posted on Monday, July 20th, 2009 at 3:57 pm and is filed under Technology. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.