In this article, we will take a look at how to protect user privacy.
Under normal circumstances, if a site wants to collect users’ personal data to provide better service, it must follow the rules below:
For more icons, please refer to Aza Raskin’s personal website.* Second, websites must protect the collected user data well and the data must not be used for any purposes other than the specified range. For example, selling a user’s personal information to a third party is illegal and banned. Data security should meet all the requirements similar to the standards mentioned in PCI-DSS in data protection.
In addition to ensuring the security of the data, sites must also restrain its staff from getting access to the original data; employees’ behavior must be monitored if/when they view users’ private data—users would not want the website staff to view their e-mail or messages.
It has been suspected that Google peeks at the contents of Gmail users’ mails, because it serves in-mail ads according to the mail content. Gmail actually uses an algorithm to achieve this; however, this is a reminder that any site can access users’ private data. Under normal circumstances, personal data is accessed only using algorithms or programs instead of the staff having direct permission to view.
In some websites, the staff will have access to the complete user information such as the identity card and cell phone number. This design is unreasonable because in most cases the staff need not have access to complete data to do their work. Hence, masking these data is an ethical practice to follow.
ID No.: 43010119990909xxx4
Phone Number: 13666661xx4