Jindal Journal of Business Research

http://brj.sagepub.com/ Following Your Virtual Trail: A Multistakeholder's Approach to Privacy Protection

Sylvester Ng Jindal Journal of Business Research 2012 1: 53 DOI: 10.1177/227868211200100105 The online version of this article can be found at: http://brj.sagepub.com/content/1/1/53

Published by:
http://www.sagepublications.com

Additional services and information for Jindal Journal of Business Research can be found at: Email Alerts: http://brj.sagepub.com/cgi/alerts Subscriptions: http://brj.sagepub.com/subscriptions Reprints: http://www.sagepub.com/journalsReprints.nav Permissions: http://www.sagepub.com/journalsPermissions.nav Citations: http://brj.sagepub.com/content/1/1/53.refs.html

>> Version of Record - Jun 1, 2012 What is This?

Downloaded from brj.sagepub.com by guest on February 1, 2013

A Global Threat Article Military-Madrasa-Mullah Complex

53 53
Jindal Journal of Business Research 1(1) 5363 2012 O.P. Jindal Global University SAGE Publications Los Angeles, London, New Delhi, Singapore, Washington DC DOI: 10.1177/227868211200100105 http://jjbr.sagepub.com

Following Your Virtual Trail: A Multistakeholders Approach to Privacy Protection

Sylvester Ng

Abstract Privacy has been a constant concern to online users since the Internet arrived as a consumer medium. Different stakeholders have tried to mitigate the concern of Internet privacy. The purpose of this article is to examine the tension between different stakeholders with competing interests, and sometimes, competing interests even arise amongst the same stakeholders. A model for online privacy protection for Singapore is introduced. Keywords Concern to online users, Internet privacy, online privacy protection, Singapore

Introduction
The advent of the Internet and the rapid technological advancement have made the transmission of personally identifiable information more convenient, common, and often unintended by the user. In the midst of this research, it was reported that a location tracking software embedded in iPhone and Android keeping the movement records of every individual without notifying and all the data is stored in computers unencrypted, seriously blenching the privacy of users was discovered (The New York Times, 2011). As personal information becomes more accessible, individuals worry that businesses misuse the information that is collected while they are online. Privacy has been a constant concern to online users since the Internet arrived as a consumer medium (Rubicon Project, 2010). A survey by Infocomm Development Authority of Singapore (IDA) (2009) has reported that 21 percent of those surveyed cited trust and privacy concerns as the primary reasons for not engaging in any online commercial transaction. These concerns arise from uncertainty or incomplete information about corporate actions regarding customer information. For example, security breaches may occur due to inadequate online privacy protection or internal controls; retailers may engage in unauthorized secondary uses, such as using information that is collected for one purpose for a different purpose.

Sylvester Ng is at Wee Kim Wee School of Communication and Information, Nanyang Technological University, Singapore. E-mail: sylvesterng@gmail.com

India Quarterly, 66, 2 (2010): 133149

Downloaded from brj.sagepub.com by guest on February 1, 2013

54

Sylvester Ng

The need to protect consumers interests and confidence in e-commerce and other transactions online has generated concerns on the privacy issue. This concern is also reflected in findings from various studies by scholars (Brown & Muchira, 2004; Culnan & Armstrong, 1999; Squicciarini, Xu, & Zhang, 2011). Different stakeholders have tried to mitigate the concern of Internet privacy but tension often arises between different stakeholders with competing interests, and sometimes, competing interests even arise among the same stakeholders. This article is structured as follows. First, it discusses the background and motivation for this research topic followed by a review of the relevant literature. The article then examines the views of different stakeholders and highlights their competing interests on this subject. Lastly, a model of online privacy protection for Singapore is be recommended.

Background
If one walked into a store, and the security personal at the store recorded his name; if hidden cameras tracked his every step, noting what items he looked at and what items he ignored; if the service staff watched him at a corner, and recorded what items were put into his shopping cartif any or all of these things happened in real space, he would have noticed. Knowing that this enables him to decline giving information if he does not want that information known he could make a choice as to whether he wanted to shop in such a store. Real-space architecture makes surveillance generally self-authenticating. On the other hand, the architecture of cyberspace does not similarly flush out the spy. One wanders through cyberspace, unaware of the technologies that gather and track his online consumption behavior (Kang, 1998). At the other end of the terminal, online sites are connecting the dots between different times and places that a consumer is online and build a profile of what the consumer is doing. The data collection practices differ, depending on the site and its objectives. Organizations can now build an accurate and comprehensive profile of consumers and make projections of their future purchasing plans by using data storage and data mining techniques. This has led to the development of a dataveillance culture (Clarke, 1988) in which individuals, unknown to them, are subjected to the monitoring of organizations. Internet users view such practices as an infringement of their privacy, but to consent being tracked, one must at least know that data is being collected; the online architecture disables ones ability to know when one is being monitored, and to take steps to limit that monitoring. Therefore, as such practices become more prevalent, Internet users try to protect themselves by avoiding unveiling personal information such as consumption patterns or credit details on the Web. This will eventually hinder the development of online commercial development. Given the worldwide increase in Internet users and the slow take-off in e-commerce in Singapore, it becomes imperative that the privacy issue be studied a little more closely. The number of Singapore Internet users has increased dramatically, from 57 percent in 2003 to 71 percent in 2009 (IDA, 2009), but the same rate of growth does not reflect in the e-commerce sector in Singapore. Lau (1998) pointed out that the lack of trust and confidence in online transactions remains a significant roadblock to the immense potential of the Internet. Jindal Journal of Business Research, 1, 1 (2012): 5363
Downloaded from brj.sagepub.com by guest on February 1, 2013

Following Your Virtual Trail

55

Literature Reviews
Technological advances over the last decade have not just eroded individual privacy, but have submerged it (Weiss, 2004). Cookies, Flash cookies, and beacons, which are Web-tracking and informationgathering technologies, enable personal information to be easily obtained from Web users, often without their knowledge. The privacy controversy over this is primarily based upon the potential for misuse of information, through secondary use of the information, either by the party who collected it or by a third party who purchases or otherwise obtains it. As quoted in a paper by Ang (2009), Larry Irving, assistant secretary of commerce in the Clinton administration, whose role is to promote the Internet for economic development, observed that without rules could slow down the growth of what is likely to be a major boon for consumers and business (Yang, 1996). Is the use of tracking technologies an intrusion upon an expectation or right to privacy? The difficulty in answering this question is that globally, privacy is a dynamic and ambiguous concept, varying widely across time and individual cultures (Farrall, 2008). The definition of privacy also varies, it ranges from managing of personal information such as the rights of persons to control the distribution of information about themselves (Westin, 1976), to being isolated and avoid interference by any external party such as the right to be left alone (Warren & Brandeis, 1890). Besides that, Americans and Europeans conceive data privacy in fundamentally different way, the former tend to use the term privacy while Europeans discuss data protection (Munir & Hajar, 2009). Privacy or data protection approaches can be generally categorized into three groups according to how and to what degree these fair information practices are implemented. The first category being the most liberal approach, which is literally let the buyer beware, corporations are under no obligation to post a privacy notice or obey fair information practices. But, if they post privacy policies, they are required by law to abide by them. On the other extreme of the spectrum will be the second category which is the government-mandated standards approach, where governments intervene and enact strict privacy protection standards. Lastly, the seal-of-approval programs such as TRUSTe, is an intermediation between the previous two extreme categories. The seal-of-approval program is a self-regulating program. Corporations can choose to join the program administered by a seal granting authority. The program gives the corporations the right to display a logo that certifies it and follows a set of information practices to protect consumer privacy. This article will focus mainly on the government-mandated standards approach and the selfregulatory seal-of-approval approach.

Overview of Privacy Regulation

In this section, the article first looks into the contrasting privacy regulations in the United States and the European Union. Following that, it provides a brief introduction to the present privacy regulation in Singapore.

Privacy Regulation in the United States

The US approach to privacy protection relies significantly on industry self-regulation (Munir & Hajar, 2009). It does not have comprehensive privacy rights (Sessler, 1997). The only specific privacy Jindal Journal of Business Research, 1, 1 (2012): 5363
Downloaded from brj.sagepub.com by guest on February 1, 2013

56

Sylvester Ng

protection in the US Constitution is the Fourth Amendments guarantee that the right of the people to be secure in their persons, houses, papers and effects against unreasonable searches and seizures shall not be violated. There is no overarching legal protection of the use of personal information. Instead the privacy laws are fragmented, incomplete and discontinuous (Gellman, 2002). For example, some acts that affect privacy include Bank Secrecy Act, Childrens Online Privacy Protection Act, Electronic Funds Transfer Act and Telemarketing and Consumer Fraud Act just to name a few. The privacy laws that have been passed in the US are mainly sectorial and generally aimed at the public sector. Recently, the Federal Trade Commission (FTC) reported that the zeal to self-regulate tends to wane when it is not backed by government rules and enforcement (The New York Times, 2011). This governments top consumer protection agency recommended a broad framework for commercial use of Internet consumer data, including a simple and universal do not track mechanism that would essentially give consumers the type of control they gained over marketers like unlisted registry for telephone numbers (International Herald Tribune, 2010). Though these measures have not been enforced, it may be an indication that a privacy protection regime in the US is heading more towards government legislation.

Privacy Regulation in the European Union

The European Union passed the EU Data Protection Directive in 1995, requiring member states to adopt national laws with equivalent provisions by 1998. As opposed to that of the US, this directive is more consumer focused and provides privacy protection to data collected about individual data subjects and prohibits the transfer of data from the European Union to other third countries that are not in compliance (Harbert, 1998). Also, unlike the US that uses a sectorial approach which depends on a mix of legislation, regulation, and self-regulation, European Union relies heavily on comprehensive legislation to approach the data protection issue. The EU Data Protection Directive has listed clear boundaries on when and how a company can collect and use consumer information (Harbert, 1998). First a company should have a legitimate and clearly defined purpose to collect information. Second, that purpose must be disclosed to the person from whom the company is collecting information. Third, permission to use information is specific to the original purpose. Fourth, the company can keep the data only to satisfy that reason. Should the company need the information for another purpose it would have to initiate a new information collection. Only a few US companies could satisfy. In order to bridge the two privacy approaches, the US Department of Commerce has developed a safe harbor framework mainly for the US companies to engage in business dealings with the EU under European laws. The US Safe Harbor framework includes seven key principles: notice, choice, onward transfer, access, security, data integrity, and enforcement. These are voluntary principles for the US-based corporations to follow if they want to do business with the EU.

Privacy Regulation in Singapore

Presently, privacy regulations in Singapore are closer to those in the US. There is no overarching general online data protection or privacy law in Singapore. Data are protected under sector-specific laws and industry codes. It is mainly guided by a self-regulated, non-legislative code of practice. Jindal Journal of Business Research, 1, 1 (2012): 5363
Downloaded from brj.sagepub.com by guest on February 1, 2013

Following Your Virtual Trail

57

The National Internet Advisory Board (NIAB) in Singapore set up the E-Commerce Consumer Protection Code in 1998 with the objective of establishing public confidence in e-commerce transactions over the Internet through industry self-regulation (Wong & Chia, 2001). In 2001, The National Trust Council (NTC) formed an industry-led committee with government support to ensure that relevant concerns from industry are addressed especially for building the consumer confidence in e-commence. The Council which represents a self-regulatory body implemented nationwide TrustMark Programme, TrustSg, whereby appropriate organizations, such as trade associations, chambers of commerce and businesses will be accredited as Authorized Code Owners (ACO). Upon accreditation, the ACO will be granted a license to use the TrustSg seal, and they can thereafter award the TrustSg seal to merchants who adhere to their stringent codes of practice (IDA, 2011). In 2002, IDA developed the Model Data Protection Code (MDPC). This Code is for use in a voluntary co-regulation online privacy protection scheme. In it, it highlights 11 online privacy protection principles which include accountability, specifying purposes, consent, limiting collection, limiting use, disclosure and retention, accuracy, safeguards, openness, individual access and correction, challenging compliance and trans-border data flow (IDA, 2011) . In 2005, the Internet Industry Association of Singapore (IIAS) was launched which kicked off nationwide initiatives regarding privacy on the Internet. This non-profit organization representing the views of the Internet industry, established a privacy portal for consumers about spam and other security issues.

Stakeholders
In this section of the article, three key stakeholders: the corporations, users, and government are discussed individually. The notion of stakeholder in the context of this article is intended to reflect the closely-knit relationship between the parties and also the complexity of the competing interests driven by these three stakeholders in privacy protection.

Corporations
According to a study undertaken by the Wall Street Journal, one of the fastest growing businesses on the Web is that of collecting data from online users (Angwin, 2010). Online companies are collecting highly focused information about consumers that can be used to deliver personalized advertising and services to them (Financial Times, 2011). It makes sure dog food advertisements are targeted to dog owners, weight loss advertisements be targeted to users who want to lose that extra pound, and offering jet setters more hotel package advertisements to help pick the best deal. Corporations justify their act by stressing that it will lead to less wastage for advertisers and help users filter off unnecessary advertisement that crowd the Web space. Furthermore, they argue that privacy-protection regulation could undermine the free Internet and hinder the future development of online commerce depriving it of advertising revenue by reducing advertisers ability to target consumers. This argument is valid but may be overstated. Eventually, advertisers will still need to advertise. If many people opt out of behavioral targeting, the firms will find other ways to do it. Jindal Journal of Business Research, 1, 1 (2012): 5363
Downloaded from brj.sagepub.com by guest on February 1, 2013

58

Sylvester Ng

Even within the corporate stakeholders, many believe that abuse in usage of information for marketing is simply a short-term approach; eventually consumers will lose confidence and trust when they discovered that their personal information is tracked and used as a marketing tool. The pro-data protection camp of corporate stakeholder stress that only by building long-term confidence and trust between users and corporations will online transaction be encouraged. It is only through massive growth in purchasing from companies on the Internet, will this be translated to long-term revenue. Some companies began to introduce chief privacy officers (Awazu & Desouza, 2004) as one of the self-regulatory measures. Their tasks include gathering information about social and legal aspects of privacy, devising the companys privacy strategy, disseminating information about corporation data handling practices to internal and external stakeholders, and representing the companys commitment to privacy. Other corporations respond to self-regulation by using third-party entities such as TRUSTe to raise consumer confidence with the website by including the Seal of Approval.

Users
One of the greatest concern of public users is that data collected online, in particular, some sensitive information such as personal health data will be abused. For example, should health records fall into the hands of an insurance company, the insurance agent may not want to insure client with a poor health record. Eventually, there may be a bias treatment between the healthy and those with poor health who really need the insurance protection. Though users are one of the major stakeholders in data protection what they can do is limited. First, for the consumer to consent being tracked he must at least know that data is being collected. As mentioned above the architecture of the virtual world does not enable him to know when he is being monitored or tracked. Second, in most countries, there is no civil society group that campaigns for users rights. Most individual online consumers feel powerless, even when they know that their data is being exploited. One self-administered method that the consumers can do to protect their own data is to use technological software to protect their data from being collected. Previously, users used Zero Knowledge Systems which uses sophisticated encryption software called Freedom to disguise the identity of an Internet user with up to five pseudonyms. The latest version of Internet Explorer 8 is also equipped with robust privacy features such as In Private Browsing and In Private Filtering. This allows the user to browse the Internet without being tracked. But one of the shortcomings is that it requires the user to set those enhanced privacy controls at the start of every new browsing session (IHT, 2010). In addition, another Web browser Firefox also has a feature called private browsing. It would install a piece of software onto the consumers browser that signals to online marketers whether that consumer has chosen to make available his browsing habits in return for targeted advertising (Lee, 2010). Nevertheless, such self-protection technologies used by consumers would more likely play a complementary role to the law or industry self-regulation rather than as substitute.

Government
Government plays a role in educating consumers about privacy protection. As mentioned previously, the tracking and collection of consumer data happens out of the sight of consumers, and it is not surprising Jindal Journal of Business Research, 1, 1 (2012): 5363
Downloaded from brj.sagepub.com by guest on February 1, 2013

Following Your Virtual Trail

59

that most users are unaware that they are being tracked. It is thus important for the government to play a role in creating awareness among Internet users. At a macro level, the government has a role in providing a healthy environment that enhances the countrys competitive advantages as a location for data hosting and management activities by entrenching its reputation as a secure location for data, and giving assurance to businesses looking also for safeguards to protect sensitive data sets.

Proposed Singapore Privacy Regulation Regime

This part of the article will further analyze the different data protection regimes. At one end of the spectrum, there is self-regulation and at the opposite end of the intervention spectrum government-mandated regulation. Finally, it will analyze the possibility of co-regulation between different stakeholders as an alternative to the two extremes.

Self-regulation Privacy Protection Regime

Self-regulation refers to industry regulating industry. Industry players are likely to have the most indepth understanding of trade practices and technical requirements and is thus in the best position to formulate and implement their own rules. This bottom-up and community-driven approach is advocated as the preferred mode of regulation of Internet content (Ang, 2005). Self-regulation involves the regulated party both prescribing and voluntarily complying with its own standards. In an idealized sense, the underlying basis of this is trust, namely, the idea that the regulated party can be trusted to know and do what is right, without having to be coerced. As mentioned above, there are several advantages for privacy protection to be self-regulated. One major advantage is that the development of the Internet is a fast moving industry. The less formal process of self-regulation makes it more flexible (Ang, 2001) and more adaptive to market changes as compared to stiff legislation that will take a long time to be adopted. Second, in such a specialized industry, it is important for participants to be able to control quality and carry out the same with efficacy potential course of action. Lastly, when the industry is in a position to regulate, enforcement and compliance costs will be low. Self-regulation is not totally new to Singapore. Self-regulation is used in the advertising regulation regime in Singapore since 1973. The self-regulating committee Advertising Standards Authority of Singapore (ASAS) is an Advisory Council to the Consumers Association of Singapore (CASE). It was set up to promote ethical advertising in Singapore (CASE, 2011). Self-regulation is perceived as where industry players will follow the regulations and will not go against the interest of the regulator. However, this is often not the case (Ang, 2001). Self-regulation is often seen as lacking in reliability, credibility, and transparency. Individual profit-driven industry players may not always have the interest of the industry or the consumers at heart. When such occasions arise, the lack of incentives to control and enforce standards may be one of the greatest barriers for the selfregulation regime to work effectively. Any external intervention, including self-regulation, just like government intervention may lead to conflict and discourage market competition also. Nevertheless, for such a self-regulation regime to be effective, it has to be a small industry, made up of a small number of major players, homogeneous, cohesive and a motivated group of industry players. Jindal Journal of Business Research, 1, 1 (2012): 5363
Downloaded from brj.sagepub.com by guest on February 1, 2013

60

Sylvester Ng

In e-commerce, this is not always the case. There are no major players that dominate online commerce. It is made up of large number of small players in a big industry, because the products are highly heterogeneous ranging widely from online shopping, filling tax forms to simply participating in an online survey. As the online commerce is still in its infant stage, it is driven by many profit-driven independent companies whose motivation may be for earning great revenue rather than concern for the industry well-being. Third-party intervention has emerged as part of the development of the self-regulation process. The third-party entity such as TRUSTe, the Online Privacy Alliance and the Council of Better Business Bureaus, Inc. (BBB Online), has formed to provide legitimacy and trustworthiness to websites through Seals of Approval that are designed to confirm adequate privacy compliance. Nevertheless, the effectiveness of this seal of approval has been questioned. The scope of their enforcement programs and compliance is the major concern. Most of the third-party entities do not provide the muscle required to set up an environment that benefits consumers given the enormity of the Internet. For example, it was reported in 1999 that TRUSTe failed to reprimand Microsoft (reported as a $100,000 corporate partner) for putting an identifier on Windows 98 (Wired, 1999). In the case of the US, which has relied heavily on self-regulation, the FTC has recently indicated its move towards direct legislation as the industry fails to make significant progress with self-regulation regime.

Government Privacy Protection Regime

One of the main reasons for having a government privacy protection regime is that self-regulation by the industry lacks incentives to control. In such a case government regulation can give teeth to enforcing industry standards. Under a government protection regime, the government sets minimum standards for protecting consumer privacy and requires all firms to follow these standards. In the US, legislation has been passed to require minimum privacy protection standards for consumer credit reporting, health information, marketing data about minors and financial transactions (Hahn & Layne-Farrar, 2001). In such cases, the government can penalize firms that violate mandatory standards specified through legalization. In both the US and Singapore, there are no overarching laws that oversee all privacy protection issues; rather they are covered in sectorial laws. Some have argued that new laws need to be created to oversee all privacy issues in the virtual world. But this argument was rebutted by Easterbrook (1996) who pointed out that there is no law of the horse, so there is no need for separate law for the Internet (Ang, 2009). Some have argued that government involvement would hurt rather than help consumers and businesses (Miller, 1998). First, consumers might get a false sense of privacy if passed laws could not be enforced because of the dynamic nature of the website creation (James, 1998). Second, government legislation may lead to reduced consumer choice. The argument is as follow. One of the major concerns is the cost of compliance with government regulation. At this point of time, there is no study on the cost of government regulation against self-regulation, but there are examples of sites closing down due to high compliance costs. When the USs Childrens online Privacy Protection Act came into effect in April 2000 (USA Today, 2000), the aim of privacy is to protect the end-users and thereby encourage greater activity on the Net. If a site has to close down because of the high compliance cost after government regulation, leading to less consumer choice than, in such cases, that aim is defeated (Ang, 2001). Jindal Journal of Business Research, 1, 1 (2012): 5363
Downloaded from brj.sagepub.com by guest on February 1, 2013

Following Your Virtual Trail

61

Third, restrictions on the sale of customer information could create barriers to entry that would favor older, more established companies that have been collecting information and developing databases for years (Brandt, 1998). It may create barriers to free competition, especially for new companies. Fourth, with a mandatory government policy protection regime, consumers would lose their right to choose their desired level of privacy. Some consumers may welcome the collection of their information in exchange for more targeted advertisement or in exchange for other incentives. In addition, another concern is that such a top-down approach to data protection always takes time, and it is not possible for the law to keep pace with the rapid development of technology. Lastly, some have argued that government legislation may sharpen competition. The argument against this debate is that just like any intervention, it will tend to affect free market competition. A government intervention can help to give teeth to the regime, it may help to eliminate a market of lemons (Akerlof, 1970) and provide the platform for healthy competition.

Co-regulation Privacy Protection Regime

From the discussion above, one can see that there are strengths and weaknesses in both regimes. The self-regulating regime may be flexible but lack muscle to carry out measures for players to comply with the industry code. On the other hand, legislation by government may not be flexible enough to adapt to the fast-developing Internet industry. Thus, it is important for both the government and corporations to co-regulate the privacy protection regime. The government acts as the arbiter in this case. The government should introduce a data protection law that will provide a baseline standard for data protection in Singapore in particular in the area of unauthorized use and disclosure of profit. A flavor of self-regulation in the shadow of the light touched law can thus be discerned. Should self-regulation prove ineffective, legislative controls might have to be enacted. In addition, the government should also set up a committee to oversee the implementation of the legislation and ensure that all the industry players comply with the data protection law. The committee should include different stakeholders such as consumers, industry players, government, and academia. Because of the rapid development of the Internet, the committee will review the market development and evaluate the relevance of the co-regulation regime over time, preferably annually. In addition, the committee should also emphasize educating data subjects and users of their rights and obligations under the law. Various promotional activities and exhibitions should also be conducted to improve public awareness of privacy issues. A multi-pronged approach is thus required, with public education and committee consultation continuing alongside rigorous enforced compliance.

Conclusions
It is clear that consumers want more assurance on data protection online. Both the government and corporations will play a major role in this process. At the time of this report, there is speculation that the self-regulatory data protection movement of the US may move towards more government regulations Jindal Journal of Business Research, 1, 1 (2012): 5363
Downloaded from brj.sagepub.com by guest on February 1, 2013

62

Sylvester Ng

under the Obama administration. It once again emphasizes the weakness of self-regulatory regime without government enforcement. The article suggests a co-regulation regime between the industry players that understand this fastmoving industry, and also the need for government to give more muscle to enforcement. In addition, users need to be educated and informed of the issue of data privacy and they can complement the data protection regime by using technology such as anti-tracking software. Finally, users should be encouraged to participate in the data protection regime, and be empowered to play a role in the co-regulation process.

References
Akerlof, G. (1970). The market of lemons: Qualitative uncertainty and the market mechanism. Quarterly Journal of Economics, 84, 488500. Ang, P.H. (2001). The role of self-regulation of privacy and the Internet. Journal of Interactive Advertising, Spring. (2005). Ordering chaos: Regulating the Internet. Singapore: Thomson. (2009). Growing up: The maturing of the Internet and the implications for Internet governance. The Korean Journal of Policy Studies, GSPA, Seoul National University. Angwin, J. (2010). The webs new gold mine: Your secretsa journal investigation finds that one of the fastestgrowing businesses on the Internet is the business of spying on consumers; first in a series. Wall Street Journal (Eastern Edition), July 31. Awazu, K., & Desouza, K.C. (2004) The knowledge chiefs: CKOs, CLOs and CPOs. European Management Journal, 22(3). Brandt, J.R. (1998). What price Privacy? Industry Week, 9(May 4). Brown, M., & Muchira, R. (2004), Investigating the relationship between Internet privacy concerns and online purchase behavior. Journal of Electronic Commerce Research, 5(1), 6270. CASE (2011). ASAS introduction. Retrieved April 22, from www.case.org.sg/ asasintroduction.html Clarke, R.A. (1988). Information technology and dataveillance. Communications of the ACM, (31)5, 498512. Culnan, M., & Armstrong, P.K. (1999). Information privacy concerns, procedural fairness and impersonal trust: An empirical investigation. Organisation Science, 10(1), 104115. Easterbrook, Frank H. (1996). Cyberspace and the law of the horse. U. Chi. Legal F. 207. Farrall, K.N. (2008). Global privacy in flux: Illuminating privacy across cultures in China and the US. International Journal of Communication, 2, 9931030. Financial Times (2011, April 15). Online advertisers issue tracking code. Retrieved April 22, from www.ft.com/ cms/s/0/7e9e1368-66ce-11e0-8d88-00144feab49a.html Gellman, R. (2002). How the lack of privacy costs consumers and why business studies of privacy costs are biased and incomplete. Retrieved April 27, 2011, from www.epic.org/reports/dmfprivacy.html Hahn, R.W., & Layne-Farrar, A. (2001). The benefits and costs of online privacy legislation (Working Paper 01-14). Washington, DC: AEIBrookings Joint Center for Regulatory Studies. Harbert, T. (1998). None of your business. Electronic business. Highlands Ranch, 24(9), 3844. Infocomm Development Authority of Singapore (IDA) (2009). Annual survey on Infocomm usage in households and by individuals for 2009. Retrieved April 22, from www.ida.gov.sg/doc/Publications/Publications_Level3/ Survey2009/ HH2009ES.pdf . (2011). Consumer protection access. Retrieved April 22, from www.ida.gov.sg/Policies%20and%20 Regulation/20060627155443.aspx

Jindal Journal of Business Research, 1, 1 (2012): 5363

Downloaded from brj.sagepub.com by guest on February 1, 2013

Following Your Virtual Trail

63

International Herald Tribune (IHT) (2010), F.T.C. backs plan to honor privacy of online users, December 1, 2010. Retrieved April 27, 2011, from www.nytimes. com/2010/12/02/business/media/02privacy.html James, F. (1998, June 5). FTC Urges Internet privacy. Chicago Tribune. Kang, J. (1998). Information privacy in cyberspace transactions, developments in the law, the law of cyberspace. 112 Harvard Law Review, 15741643. Lau, S. (1998). Electronic commerce, consumer rights and data privacy, NetAsia Internet Commerce Expo (ICE). Retrieved April 22, from www.pcpd.org.hk/english/infocentre/speech_19980730.html Lee, Edmund (2010). Government says self-regulation of online privacy is coming up short. Advertising Age, 81(43). Lui, T.Y. (2011). MICA parliamentary questions, Notice Paper 9 of 2011. Notice for the sitting on 14 Feb 2011, Question no. 683 for written answer. Retrieved April 22, from http://app.mica.gov.sg/Default.aspx?tabid=231 Miller, L. (1998, January 19). Net can give false sense of privacy. USA Today. Milne, G.R., & Culnan, M.J. (2004). Strategies for reducing online privacy risks: Why consumers read (or dont read) online privacy notices. Journal of Interactive Marketing, 18(3), 1529. Munir, A.B., & Hajar, M.Y. (2009). Information and communication technology law: State, Internet and information (legal and regulatory challenges). Sweet and Maxwell Asia, Thomson Reuters. Oliver, N., & Lunt, P. (2004). Privacy versus willingness to disclose in e-commerce exchanges: The effect of risk awareness on the relative role of trust and control. Journal of Economic Psychology. Rubicon Project (2010). Online advertising market report Q2: Emerging trends and outlooks. Los Angeles, CA. Sessler, J.B. (1997). Computer cookie control: Transaction generated information and privacy regulation on the Internet. Journal of Law and Policy, 5, 627677. Squicciarini, A.C., Xu, H., & Zhang, X.L. (2011). CoPE: Enabling collaborative privacy management in online social networks. Journal of the American Society for Information Science and Technology, 62(3). The New York Times (1999, March 19). Microsoft offers to fix for privacy Problems. (2011, March 18), A new Internet privacy law? Retrieved April 22, from www.nytimes.com/2011/03/19/ opinion/19sat2.html (2011, April 26), Concerns over iPhone tracking data. Retrieved April 22, from http://topics.nytimes.com/ top/reference/timestopics/subjects/i/iphone/index.html USA Today (2000, September 14). Net privacy law costs childrens sites. Warren and Brandeis (1890). The right to privacy. Harvard Law Review, IV(5). Weiss, A. (2004, June). Spying on ourselves. Networker, 8(2), 1824. Westin, Alan F. (1976). Computers, health records, and citizen rights. Washington: U.S. Dept. of Commerce, National Bureau of Standards. Wired (1999, December 3). Is microsoft tracking visitors? Retrieved April 22, from http://www.wired.com/science/ discoveries/news/1999/03/18405 Wong, K.K., & Chia, K. (2001, January). E-com legal guide. Singapore: Baker and McKenzie Singapore. Yang, C. (1996, May 6). Law creeps onto the lawless Net. Business Week, 5884.

Jindal Journal of Business Research, 1, 1 (2012): 5363

Downloaded from brj.sagepub.com by guest on February 1, 2013

Downloaded from brj.sagepub.com by guest on February 1, 2013