The need for security has existed since the introduction of the first computer. The paradigm has shifted in recent years, though, from terminal server mainframe systems, to client/server systems, to the widely distributed Internet. Although security is important, it has not always been critical to a company's success. With a mainframe system, you were mainly protecting your systems from resource abuse-either authorized users hogging resources or unauthorized users gaining access and using spare resources. Such abuse was damaging because system resources were costly in the early days of mainframes.
As technology developed and the cost of system resources decreased, this issue became less important. Remote access to systems outside a company's network was almost nonexistent. Additionally, only the underground community had the knowledge and tools necessary to compromise a mainframe system. At present, a large percentage of web sites collect personal information about individuals. When individuals purchase goods or services online, they are often required to provide a considerable amount of personal information. At a minimum, such online purchases often necessitate the provision of name, address and credit card information.
More often, online purchases involve the provision of additional information, such as profession, income and interests. Even when using the Internet for purposes unrelated to commerce, such as communication or information gathering, many web sites mandate the provision of personal information. A great number of web sites require individuals to register and provide personal information prior to having access to the web site. In addition to some of the obvious ways in which personal data are collected on the Internet, many web sites also employ more discrete ways of collecting information on individuals.
As the Data Protection Working Party of Directorate General (DG) 15 of the European Commission has stated, "Everywhere we go on the Internet, we leave a digital trace. As more and more aspects of our daily life are conducted on-line, more and more of what we do, our choices, our preferences, will be recorded" The reality is that the use of the Internet, even without the provision of vast amounts of information in online forms, often reveals information about the user. Moreover, there is the risk that such information can be used and abused by third parties.
The cookie allows the web site master to track the user's visits to the web site as well as to correlate that information with other information such as the previous web page that the user visited, the operating system of the user, the browser of the user, and any other information that a user provided to the web site voluntarily, such as through online forms. Through cookies, a web site's server can compile information about a particular individual's visit to the web site on the visitor's computer in a text file that only the web site's server can read.
The purchaser might appreciate these effects of cookies because of their convenience and because of the time that they can save. At present, certain web sites also collect information about individuals through hidden navigational software that records information about web site visits. Such recorded information can include the web pages visited, the information downloaded, the type of browser used, the address of the web site from which the user was referred as well as other information. Once again, it is advisable that companies post clear warnings on their web sites which serve to notify users that such software is being used.
During the last few years, the issue of data privacy has been receiving a large amount of attention. The prominence of this issue appears to be a result of the fact that individuals are becoming increasingly concerned about the wide availability of their personal data and what is being done with those data. While these concerns appear to have been motivated by a number of factors, the advent of the widespread usage of the Internet has been particularly influential in causing pre-existing concerns about the protection of personal data.