JOIN NOW
 

Join QuiXbuX$ and
  earn Cash!

Join now

 
•  Home 
•  My QuiXbuX$  
•  Getting Started
•  Earning the buX$      
•  buddy buX$
•  QuiXshop Mall
•  About Us 
•  Send Cash
•  Help & faq
•  Advertise
•  Contact Us  
•  Terms Of Use 
•  Privacy  Policy 
 
•  Give  a Gift?
•  Gift Card
•   
•  Charity
•  New Hope
 
 
 
 

 

 

 
  Privacy Policy
 

 

QuiXshare International Privacy Policy

The following privacy statement covers our current products and services, as well as activities at our Web site, Direct mail material, IVR Voice Telephone Promotions,       Cellular SMS text messages. The QuiXbuX$® Rewards Program is a True Opt-InRewards Program. We firmly believe that both our Members and our clients benefit because we ensure that we market only to people who have given us express        permission to do so. We are committed to the Fair Information Practices of clearly     posting our policies on Notice, Choice, Access and Security so that you make an    informed decision when you enroll in the Program.

   While the word "privacy" may mean different things to different people, we believe that   once you understand how we use your information, the steps we take to protect it, and       the resulting benefit to you, you will not only feel confident when sharing information           with us, but will also find your participation in the Program a most rewarding            experience.

Privacy Commitment: We do not rent or sell your Personally-Identifying Information to anybody without your express consent. You will not be contacted by any third party       without your permission as a result of your participation in the Program.

We welcome questions and comments about our Privacy Policy.                                        If you want to contact us, we can be reached via email or by telephone at: privacy@quixshare.com  or 808-395-1993 ext: 2

The QuiXbuX$® Program and Web site are owned and operated by:
QuiXshare International, Inc.TM
1172 Nahoku Place,Suite 101
Honolulu, Hawaii 96825

This Privacy Policy was updated March 4th, 2001

 

  How Do We Use Your Personal Information.

 

  • The date this Privacy Policy was last updated will be posted on the first page of the Privacy Policy. By registering as a Member of the QuiXbuX$® Rewards Program, you agree to the terms of this Privacy Policy.
  • We provide a set of definitions of the key terms in this Policy. Please refer to these definitions in our Privacy Glossary.
  • We collect Personally-Identifying Information at the time of enrollment, including first and last name, email address, date of birth, gender, zip code and country. This basic information is required if you wish to enroll in our QuiXbuX$ Rewards Program.
  • We also collect Personally-Identifying Information from you through surveys and sweepstakes and other promotions. Participation in these offerings is optional, but you may be required to provide Personally-Identifying Information (including name and address) in order to be eligible.
  • We use "cookies" to personalize the QuiXbuX$ Rewards Program to your interests, and most importantly, to ensure that only you can access your account. We also review "log-file" data to monitor site performance and analyze traffic patterns and usage of our site. Please also review Automatically Collected Information for more information about "cookies" and "log-file" data.
  • We occasionally send the information we gather about our QuiXbuX$ Members to trusted third-party data processors to organize, process and/or analyze our data on our behalf to help us understand more about Member participation in the QuiXbuX$ Rewards Program. We use this information solely for the purpose of enhancing the offerings of the QuiXbuX$® Rewards Program; namely to tailor advertisements, updates, and QuiXbuX$-earning and spending offers to your particular interests. All such third-party data processors are contractually bound to observe the strict policy stated herein, so you can rest assured that the confidentiality of your Personally-Identifying Information will be maintained.
  • We share certain data with our advertisers in aggregate form, but the Program is designed to ensure you are not identified personally to advertisers unless you make the choice to share your Personally-Identifying Information directly with them.
  • Occasionally, you may be offered the opportunity to participate in an offer or service that, by its very terms, will require us to forward your Personally-Identifying Information to the advertisers or partner so that they can provide the service to you. This may include mailing address for delivery of orders and gift certificates or, if you join the QuiXbuX$ Rewards Program through another member, or "retailers co-branded" web site, your basic enrollment information. We will require that these third parties comply with the policy set forth in this Privacy Policy. As always, we will provide clear notice of the special circumstances at the point where the information is collected and it is always your choice to participate.
  • In order to provide greater security and instant QuiXbuX$-crediting, we now utilize "proxy server" technology. This technology allows us to immediately verify that you have completed a specified transaction on one of our merchant sites and looks for specific text forwarded to your browser that indicates that an offer has been completed. In this way we can verify in real-time that you have completed an offer, and if appropriate, immediately issue a QuiXbuX$ reward. Our proxy server technology is activated when a Member clicks on a QuiXbuX$® merchant offer from either the QuiXshare International website or from a QuiXbuX$Mail® offer the Member has received from us. Our proxy technology sits between your browser and the merchant site and QuiXshare International staff operates the proxy server technology within QuiXshare International and our technology partner’s facilities. While this technology does allow us to collect other information relating to your purchases, we are not collecting this information and all privacy safeguards described in this Privacy Policy are maintained.
  • Although we house our data in the United States, it is possible that some of our data processing may occur outside of the United States. While the data protection laws of these countries may vary, we will make every reasonable effort to protect your information based upon the express terms of this Privacy Policy. By enrolling in the Program, you consent to this transfer of your personal data.
  • QuiXshare International may keep all information collected in accordance with this Privacy Policy indefinitely. Upon cancellation of your QuiXbuX$® account, all Personally-Identifying Information for your account is purged from our records.
  • We reserve the right to release information to local, state, or federal law enforcement officials when we believe in good faith that the law requires it, or when required to do so by order of a Court or authorized administrative agency.
  • We promise to be available to you during normal business hours to answer any privacy-related questions or concerns you might have. Simply send an email to our Privacy Specialist at privacy@quixshare.com who will respond in a timely manner.
  • Please be aware that we may amend this policy at our sole discretion. Upon any change to this policy, we will notify you on your QuiXbuX$® Rewards Program home page and via your registered QuiXbuX$® Rewards Program email address.
  • We request that you Update Account Info when any of your contact information changes. We will not be held liable for failure to notify you of any changes in the Program if you fail to update such information in a timely manner.
  • In the event of merger, acquisition or bankruptcy, QuiXbuX$® Members are protected from any unilateral changes to our Privacy Policy. A future purchaser may only use your Personally-Identifying Information if that party agrees to be a successor in interest to the QuiXbuX$® Rewards Program and corresponding Privacy Policy. Any substantial changes to the QuiXshare® Privacy Policy will be preceded by a clear notification of the proposed changes and opportunity to Opt-In before such purchaser shall have any rights to your Personally-Identifying Information.

        Personal Option:

  • The QuiXbuX$® Rewards Program is a True Opt-In service. As a QuiXbuX$ Member of the Rewards Program, you may enter and exit the Program at any time and for any length of time.
  • Sometimes a QuiXshare sponsored program, offer or service provides special benefits to you but requires the delivery of Personally-Identifying Information to third parties and may exceed the permission level you have granted under this Privacy Policy. We still want to present you with the offer because we think you will be interested in it, so we will provide clear notice of the data practices at the point of collection and it is always your choice to participate.
  • You are always free to close your account by clicking Cancel QuiXbuX$® Account on our website or by phone, using the unsubscribe link in all our mailings or by sending an email requesting termination to memberservices@quixshare.com.
  • You sign up for QuiXbuX$Mail® mail when you enroll in the Program, and we contact you via email with offers we think you will like and reward you for reading them. We have a strict Anti-SPAM policy, and you may turn off QuiXbuX$Mail® at any time while still participating in the QuiXbuX$ Rewards Program. QuiXbuX$Mail® program participants are also eligible to receive QuiXbuX$ Newsletter a bi-weekly mailing packed with special offers, and filled with tips and updates as well as feedback from Members.
  • We also contact you via email for administrative purposes, such as Reward Program change notifications or if we update our Privacy Policy. While you can elect to stop receiving email through the QuiXbuX$Mail® program (as described above), you cannot unsubscribe from these administrative messages while enrolled in the QuiXbuX$ Rewards Program.
  • Our Member Services department may contact you in response to an inquiry you submit. Member Services may also contact you with regard to a particular problem that may have occurred with your account or with an offer in which you may have participated in. We may use this information to learn more about your participation in the QuiXbuX$ Rewards Program and make it more relevant to your interests.
  • We offer you the choice to participate in offers from our advertisers. While we make every effort to ensure these third-party websites have posted privacy policies, ultimately it is your decision whether or not to share your Personally-Identifying Information with them. As always, we recommend you carefully read the site's privacy policy before entering your Personally-Identifying Information, as we will not be held liable for the information practices of third-party websites.
  • Members can Opt-In to receive communications regarding the QuiXbuX$ Rewards Program and its marketing partners via postal mail by participating in our QuiXbuX$ by Mail! Rewards Program. At any time during participation in the Rewards Program, a Member can enable or disable this Opt-In by updating their personal profile in the Update Account Info section in the Member Services area.

  Personally-Identifying Information Access:

  • QuiXshare International will provide convenient access to the Personally-Identifying Information provided by you during enrollment in the QuiXbuX$ Rewards Program for your review and correction. To access your QuiXbuX$® account info, please visit Update Account Info or contact memberservices@quixshare.com. You may also review your complete account of QuiXbuX$-earning and spending activity by viewing your Account Statement.
  • We maintain rigorous Security Practices to ensure as much as is reasonably possible that the confidentiality of your Personally-Identifying Information is not compromised.
  • We use commercially reasonable efforts to ensure the security for any credit card purchases made through participation in the QuiXbuX$® Rewards Program.

  Trusted Information:

  • We do not rent or sell your Personally-Identifying Information to anyone without your express permission. When we do share information with our advertisers, it is in aggregate form, and does not identify you personally.
  • We do not collect or use any information about you except for information that you have provided to us or is publicly available, and this information is used solely to make the QuiXbuX$ Program more relevant to your interests.
  • We do not guarantee the content or information practices of any third-party site. You alone are responsible for determining the appropriateness of sharing your Personally-Identifying Information with our advertisers.
  • We do not accept enrollment from persons under the age of thirteen. As provided in the Terms of Service, the QuiXbuX$® Rewards Program is available only to persons who are thirteen years of age and over. The site will automatically block enrollment of any person once they indicate they are under the age of thirteen. If we later learn that a user is under the age of thirteen, we will terminate the account and delete the user's information. Inherent in the Program is the responsibility of parents and/or guardians to ensure that their children's privacy is protected. QuiXshare International will not be liable for any content or advertisements viewed by minor children in violation of the terms of this agreement.

back to top

  Our Privacy Definitions


Aggregate Data:

We do not provide any of your Personally-Identifying Information to our advertisers. Because we contact you on their behalf, they do not have access to your Personally-Identifying Information unless you make the choice to share it with them. We may share non-personally identifiable information collected via the Program in aggregate (or grouped), anonymous form with advertisers or other third parties so that they may better evaluate what products and services are most appealing to different segments of our member base, but we do not disclose your last name, address, email address, or any other personally identifiable information to these third parties unless you give your express consent.

Anti-SPAM Policy:

The QuiXbuX$® Rewards Program is a True Opt-InProgram, and we have a strict policy on unsolicited email. Because QuiXbuX$Mail® mail is an integral part of the Program, you sign up to receive email targeted to your interests at the time of enrollment. If you later decide you wish to cease participation in this portion of the Program, you may do so at any time by visiting Update Account Info and turning the QuiXbuX$Mail® off.

Automatically Collected Information:

When you log on to the QuiXbuX$® Rewards Program website, the server automatically recognizes you by your encrypted Member Key, also referred to as a cookie. This cookie acts as a unique identifier, which allows us to personalize the website to your specified interests and allows you to access your own personal information. It also allows us to keep track of your activity on our site for crediting QuiXbuX$ to your account. This information may be added to your personal profile and used to target you with offers and advertisements that are most relevant to your interests. The Program makes active use of cookies; therefore, participation in the Program is dependent on your setting your browser configuration to accept cookies. The Member Key, or cookie, automatically retrieves the following information:

  • Your browser type (e.g., Netscape 6.0)
  • Platform-dependent information (e.g., Win 2000)
  • Requested document (the page you're looking at)
  • Referrer URL (the page you came from if within the QuiXshare.com site)
  • Date and Time of your visit
  • Your registered QuiXbuX$® account information

To learn more about "cookies" and how they work, you may wish to visit www.cookiecentral.com.

Additionally, for each visitor to our website, our server automatically recognizes the following:

  • Host origin of the request (your IP address or that of your ISP if using proxy servers)
  • Referrer URL (the page you came from)
  • Requested document (the page you're looking at)
  • Referrer URL (the page you came from if within the QuiXshare.com site)
  • Your registered QuiXbuX$® account information
  • Date and time of your visit

This information, sometimes called log-file or clickstream data, is used to monitor site performance and ensure the Program functions properly. It may also be appended to your personal profile so that we may further tailor the Program to your interests.

We currently use third-party cookies and clear pixel GIF's (also referred to as "web beacons") to measure page views. These devices, provided by Livestat, allow us to identify unique visitors to our website and acts as a counter for ongoing monitoring of site activity. These commonly used counters collect no Personally-Identifying Information, and as always, this technology is only used to enhance the Program and make it more relevant to your personal interests. . LiveStat Privacy Policy: http://www.livestat.com/PrivacyStatement

Co-Brands:

QuiXbuX$® Rewards Members sometimes join through other Members, or "co-branded," retailers Web sites in order to take advantage of the services of both QuiXbuX$ and Retailers Special programs. In these limited situations, a co-brand Member's Personally-Identifying Information collected at enrollment is shared with the participating retailer so that they can provide the benefits of their program as well. These special circumstances will be clearly disclosed at the point where we collect this information. With regard to the shared enrollment Personally-Identifying Information, both the participating site and QuiXbuX$® Rewards Program site will operate under this Privacy Policy.


Data Verification and Supplementation:

Data verification involves the use of third-party data processing services to standardize and clean your provided enrollment information so that it is easily identified and accessed in our database. Data supplementation involves appending any publicly available information about you to your personal profile.

In order to provide you with the most rewarding experience, we might send your information to data processors so that they can clean your address and standardize to ensure it is most accurate and up-to-date. Next, we might seek out any information about you that is publicly available on the open market and overlay this data onto ours for comparison purposes. Information collected in this manner could include your spending habits from a mail-order catalogue, demographic information you provided in entering a sweepstakes, or your financial history. All of this results in a Rewards Program that is tailored to your personal interests and provides you with the most relevant QuiXbuX$-earning opportunities.

Personally-Identifiable Information:

Personally-Identifying Information refers to any information that can be used to identify you as an individual in any way. Enrollment in the QuiXbuX$® Rewards Program is contingent upon your agreeing to the Terms of Service and providing basic registration information, including: first and last name, email address, date of birth, gender, zip code and country. All other information requested of you during your participation in our Rewards Program is optional.

Security Practices:

QuiXshare International has established company-wide security practices for your protection. These practices include, but are not limited to, firewall security, the use of appropriate encryption technology, and the use of multiple levels of password security to limit access to data on a "need to know" basis. The use of encryption technology is also required of all clients exchanging data with QuiXshare International. All contractors and employees are required to familiarize themselves with, and abide by, these safeguards.


Third-Party Cookies:

Currently, we use third-party cookies for the sole purpose of monitoring page views within the QuiXshare International or QuiXbuX$ website. LiveStat, a trusted third-party, places these cookies and you can view their privacy policy here. These cookies collect no Personally-Identifying Information and they are not used to track your movement across websites. . LiveStat Privacy Policy: http://www.livestat.com/PrivacyStatement


Third-Party Data Processors:

QuiXshare International may use trusted third parties to collect, process and store your Personally-Identifying Information. These third parties, including contractors, sub-contractors and partners, are contractually bound to preserve the confidentiality of your information and can use Personally-Identifying Information only for the sole purpose of providing services to QuiXshare International.

Third-Party Websites:

While QuiXshare International makes every effort to ensure that our advertisers post Privacy Policies and observe appropriate data practices, we are not responsible or liable for the content or data practices of any third-party site, including those of our advertisers. As always, it is up to you to control the flow of your Personally-Identifying Information to any third party. We recommend that you read the privacy policy of all third-party sites carefully before sharing your  Personally-Identifying Information with them.

True Opt-In™:

True Opt-In™ requires your express consent. QuiXshare is fully committed to providing you with clear notice of our data practices so that you are fully informed before you make the choice to grant permission to us to use your Personally-Identifying Information for Program-related purposes. We are currently moving to a double (or confirmed) Opt-In for new enrollment in an effort to ensure that all our Members have voluntarily signed up for the Program.

Unsubscribe:

You can always easily unsubscribe from the Program by clicking on the unsubscribe link in all of our mailings, writing to Member Services or by visiting Cancel QuiXbuX$® Account. When you do so, all of your Personally-Identifying Information is purged from our system.

back to top

PRIVACY GLOSSARY

Here are definitions for commonly used privacy and related Internet terms.

A, B, C, D, E, F, I, N, O, P, S, T, W

Aggregate information. Information that may be collected by a Web site but is not "personally identifiable" to you (see definition below). Aggregate information includes demographic data, domain names, Internet provider addresses, and Web site traffic. As long as none of these fields is linked to a user's personal information, the data is considered aggregate.

Browser. Also called a Web browser. Software that enables you to search and or navigate through Web sites or "browse" parts of the Internet, especially the World Wide Web. Examples: Netscape Navigator and Microsoft Internet Explorer.

Browser cache. A memory file in your Web browser that stores the Internet addresses of sites you’ve recently visited. This capability allows you to access sites quicker.

Bulletin board. A public area online where you can post a message for everyone else to read. If you post a message to a bulletin board, in nearly all cases, other member participants will be able to contact you by e-mail.

Chat. A function that allows a group of people to communicate simultaneously by typing messages to one another online. Typically, everyone participating in the chat sees your message as soon as you send it. Designated chat areas are often referred to as "chat rooms," and any individual or group of individuals you respond to in the room will be able to contact you by e-mail.

Children’s Online Privacy Protection Act. Also referred to as "COPPA." Often considered the first widespread government regulation of privacy on the Internet, this Act went into effect on April 21, 2000. COPPA sets restrictions for Web sites that communicate with children under 13. One of these restrictions mandates that Web sites obtain "verifiable parental consent" before engaging in ongoing communications with a child.

Click trail. A record of all the Web page addresses you have visited during a specific online session. Click trails tell not just what Web site you visited, but which pages inside that site.

Collaborative filtering. A means of predicting the interests and needs of a specific customer based on previously collected data from a larger group of customers.

Cookie. A block of text placed in a file on your computer's hard drive by a Web site you've visited. A cookie is used to identify you the next time you access the site. Cookies cannot identify an individual user specifically unless the cookie data is attached to personally identifiable information collected some other way, such as via an online registration form.

Domain name. The company, individual, or organization "name" you use to access a Web site, e.g. www.truste.org.

E-mail. See electronic mail.

E-mail address. The computer version of a postal address. Like a postal address, it contains information about who the e-mail recipient is and where he or she resides on the Internet.

Electronic mail. Commonly referred to as e-mail, this form of communication enables you to send messages and files from your computer through an online service or the Internet to one or more e-mail addresses.

Encryption. Data that is scrambled into a private code for secure transmission.

File Transfer Protocol (FTP). A software protocol used to transfer files from a remote host over a network to another computer; also used as a command to execute the file transfer. Many systems support "anonymous FTP," which lets you access a remote host without having to provide your password or user ID on the receiving system.

Identity theft. The use of personal information to falsely assume your identity.

Infomediaries. Persons or organizations that specialize in personal information management for individual Internet users.

Internet. A worldwide system of interconnected computer networks, whose use is not controlled by any government agency or central authority.

Internet access provider. See Internet service provider.

Internet service provider (ISP). Also called an Internet access provider. A company that provides direct access to the Internet for individuals, companies, and institutions. Unlike commercial online service providers, ISPs usually do not provide their own content but may offer e-mail capability, browser software, and direct links to sites on the World Wide Web.

Newsgroup. Topic groupings for articles and information posted by readers of that group. If you post a message to a newsgroup, other participants of the group will know your e-mail address.

Online service. A proprietary, commercial network that provides a variety of information and other services to its subscribers. Commercial online services typically provide their own content, forums (e.g. chat rooms, bulletin boards), e-mail capability, and information available only to subscribers.

Opt-in. An option that gives you complete control over the collection and dissemination of your personal information. A site that provides this option is stating that it will not gather or track information about you unless you knowingly provide such information and consent to the site.

Opt-out. An option that gives you the choice to prevent personally identifiable information from being used by a particular Web site or shared with third parties.

Password. A private, unique series of letters and/or numbers that you create and must use to gain access to an online service or the Internet, specific data available online, or to make modifications to restricted-access software (e.g. parental control software).

Personally identifiable information. Information that can be traced back to an individual user, e.g. your name, postal address, or e-mail address. Personal user preferences tracked by a Web site via a "cookie" (see definition above) is also considered personally identifiable when linked to other personally identifiable information provided by you online.

Privacy enhancing technologies. Software, tools and related policies that work to safeguard your online privacy and security.

Privacy seal. Also referred to as a "Trustmark." An online seal awarded by TRUSTe to Web sites that agree to post their privacy practices openly via privacy statements, as well as adhere to enforcement procedures that ensure that their privacy promises are met. When you click on the TRUSTe Privacy Seal, you're taken directly to the privacy statement of the licensed Web site.

  Privacy statement. A page or pages on a Web site that lay out its privacy policies, i.e. what personal information is collected by the site, how it will be used, whom it will be shared with, and whether you have the option to exercise control over how your information will be used. All TRUSTe Web site licensees are required to post comprehensive privacy statements.

Spam. Also called junk e-mail. Unsolicited, unwanted e-mail usually sent by advertisers. Spam is usually sent out to thousands of unwilling recipients at once.

Spam filters. Programs that detect and reject spam by looking for certain keywords, phrases or Internet addresses.

Third party ad servers. Companies that display banner advertisements on Web sites that you visit. These companies are often not the ones that own the Web site.

TRUSTe Watchdog. An easy-to-use consumer alternative dispute resolution mechanism that allows you to bring your privacy-related complaints about a TRUSTe-certified Web site. TRUSTe serves as a liaison between you and the Web site to reach an appropriate resolution to your privacy dispute.

Trustmark. An online seal awarded by TRUSTe to Web sites that agree to post their privacy practices openly via privacy statements, as well as adhere to enforcement procedures that ensure that their privacy promises are met. When you click on the TRUSTe trustmark, you're taken directly to the privacy statement of the licensed Web site.

Web Beacons:
Web Beacons [aka clear Pixel GIF's, or "web bugs"] are a relatively new tracking technology that, in concert with cookies, can be used for tracking and recording all kinds of behavior across web sites. Because they are generally only 1X1 pixels in size (about the size of a pin point), they are invisible to you. We are committed to disclosing our use of web beacons. We currently use web beacons in association with the LiveStat cookie to monitor page views as a counter within the QuiXshare web site. No Personally-Identifying Information is collected in association with these devices, and we do not use web beacons to track your movement across sites. For more information on web beacons, or "web bugs," please visit http://www.privacyfoundation.org/education.html. LiveStat Privacy Policy: http://www.livestat.com/PrivacyStatement

  Web browser. See browser.

Web site. A collection of "pages" or files on the World Wide Web that are linked together and maintained by a company, organization, or individual. Anyone with a Web site may be considered a content provider or a publisher.

Webmaster. Typically, an individual or an individual within a company or organization assigned with the task of updating and maintaining an individual Web site. The Webmaster's e-mail address is often listed on the Web site as the contact person for queries and questions related specifically to the site's content and/or format.

World Wide Web. A part of the Internet that links text, sound, and images in the form of Web pages and sites.

 

back to top

III. Fair Information Practice Principles

A. Fair Information Practice Principles Generally

Over the past quarter century, government agencies in the United States, Canada, and Europe have studied the manner in which entities collect and use personal information -- their "information practices" -- and the safeguards required to assure those practices are fair and provide adequate privacy protection.(27) The result has been a series of reports, guidelines, and model codes that represent widely-accepted principles concerning fair information practices.(28) Common to all of these documents [hereinafter referred to as "fair information practice codes"] are five core principles of privacy protection: (1) Notice/Awareness; (2) Choice/Consent; (3) Access/Participation; (4) Integrity/Security; and (5) Enforcement/Redress.

1. Notice/Awareness

The most fundamental principle is notice. Consumers should be given notice of an entity's information practices before any personal information is collected from them. Without notice, a consumer cannot make an informed decision as to whether and to what extent to disclose personal information.(29) Moreover, three of the other principles discussed below -- choice/consent, access/participation, and enforcement/redress -- are only meaningful when a consumer has notice of an entity's policies, and his or her rights with respect thereto.(30)

While the scope and content of notice will depend on the entity's substantive information practices, notice of some or all of the following have been recognized as essential to ensuring that consumers are properly informed before divulging personal information:

  • identification of the entity collecting the data;(31)
  • identification of the uses to which the data will be put;(32)
  • identification of any potential recipients of the data;(33)
  • the nature of the data collected and the means by which it is collected if not obvious (passively, by means of electronic monitoring, or actively, by asking the consumer to provide the information);(34)
  • whether the provision of the requested data is voluntary or required, and the consequences of a refusal to provide the requested information;(35) and
  • the steps taken by the data collector to ensure the confidentiality, integrity and quality of the data.(36)

Some information practice codes state that the notice should also identify any available consumer rights, including: any choice respecting the use of the data;(37) whether the consumer has been given a right of access to the data;(38) the ability of the consumer to contest inaccuracies;(39) the availability of redress for violations of the practice code;(40) and how such rights can be exercised.(41)

In the Internet context, notice can be accomplished easily by the posting of an information practice disclosure describing an entity's information practices on a company's site on the Web. To be effective, such a disclosure should be clear and conspicuous, posted in a prominent location, and readily accessible from both the site's home page and any Web page where information is collected from the consumer. It should also be unavoidable and understandable so that it gives consumers meaningful and effective notice of what will happen to the personal information they are asked to divulge.

2. Choice/Consent

The second widely-accepted core principle of fair information practice is consumer choice or consent.(42) At its simplest, choice means giving consumers options as to how any personal information collected from them may be used. Specifically, choice relates to secondary uses of information -- i.e., uses beyond those necessary to complete the contemplated transaction. Such secondary uses can be internal, such as placing the consumer on the collecting company's mailing list in order to market additional products or promotions, or external, such as the transfer of information to third parties.

Traditionally, two types of choice/consent regimes have been considered: opt-in or opt-out. Opt-in regimes require affirmative steps by the consumer to allow the collection and/or use of information; opt-out regimes require affirmative steps to prevent the collection and/or use of such information. The distinction lies in the default rule when no affirmative steps are taken by the consumer.(43) Choice can also involve more than a binary yes/no option. Entities can, and do, allow consumers to tailor the nature of the information they reveal and the uses to which it will be put.(44) Thus, for example, consumers can be provided separate choices as to whether they wish to be on a company's general internal mailing list or a marketing list sold to third parties. In order to be effective, any choice regime should provide a simple and easily-accessible way for consumers to exercise their choice.

In the online environment, choice easily can be exercised by simply clicking a box on the computer screen that indicates a user's decision with respect to the use and/or dissemination of the information being collected. The online environment also presents new possibilities to move beyond the opt-in/opt-out paradigm. For example, consumers could be required to specify their preferences regarding information use before entering a Web site, thus effectively eliminating any need for default rules.(45)

3. Access/Participation

Access is the third core principle. It refers to an individual's ability both to access data about him or herself -- i.e., to view the data in an entity's files -- and to contest that data's accuracy and completeness.(46) Both are essential to ensuring that data are accurate and complete. To be meaningful, access must encompass timely and inexpensive access to data, a simple means for contesting inaccurate or incomplete data, a mechanism by which the data collector can verify the information, and the means by which corrections and/or consumer objections can be added to the data file and sent to all data recipients.(47)

4. Integrity/Security

The fourth widely accepted principle is that data be accurate and secure. To assure data integrity, collectors must take reasonable steps, such as using only reputable sources of data and cross-referencing data against multiple sources, providing consumer access to data, and destroying untimely data or converting it to anonymous form.(48)

Security involves both managerial and technical measures to protect against loss and the unauthorized access, destruction, use, or disclosure of the data.(49) Managerial measures include internal organizational measures that limit access to data and ensure that those individuals with access do not utilize the data for unauthorized purposes. Technical security measures to prevent unauthorized access include encryption in the transmission and storage of data; limits on access through use of passwords; and the storage of data on secure servers or computers that are inaccessible by modem.(50)

5. Enforcement/Redress

It is generally agreed that the core principles of privacy protection can only be effective if there is a mechanism in place to enforce them.(51) Absent an enforcement and redress mechanism, a fair information practice code is merely suggestive rather than prescriptive, and does not ensure compliance with core fair information practice principles. Among the alternative enforcement approaches are industry self-regulation; legislation that would create private remedies for consumers; and/or regulatory schemes enforceable through civil and criminal sanctions.(52)

a. Self-Regulation(53)

To be effective, self-regulatory regimes should include both mechanisms to ensure compliance (enforcement) and appropriate means of recourse by injured parties (redress).(54) Mechanisms to ensure compliance include making acceptance of and compliance with a code of fair information practices a condition of membership in an industry association;(55) external audits to verify compliance; and certification of entities that have adopted and comply with the code at issue.(56) A self-regulatory regime with many of these principles has recently been adopted by the individual reference services industry.(57)

Appropriate means of individual redress include, at a minimum, institutional mechanisms to ensure that consumers have a simple and effective way to have their concerns addressed.(58) Thus, a self-regulatory system should provide a means to investigate complaints from individual consumers and ensure that consumers are aware of how to access such a system.(59)

If the self-regulatory code has been breached, consumers should have a remedy for the violation. Such a remedy can include both the righting of the wrong (e.g., correction of any misinformation, cessation of unfair practices) and compensation for any harm suffered by the consumer.(60) Monetary sanctions would serve both to compensate the victim of unfair practices and as an incentive for industry compliance. Industry codes can provide for alternative dispute resolution mechanisms to provide appropriate compensation.

b. Private Remedies

A statutory scheme could create private rights of action for consumers harmed by an entity's unfair information practices. Several of the major information practice codes, including the seminal 1973 HEW Report, call for implementing legislation.(61) The creation of private remedies would help create strong incentives for entities to adopt and implement fair information practices and ensure compensation for individuals harmed by misuse of their personal information. Important questions would need to be addressed in such legislation, e.g., the definition of unfair information practices; the availability of compensatory, liquidated and/or punitive damages;(62) and the elements of any such cause of action.

c. Government Enforcement

Finally, government enforcement of fair information practices, by means of civil or criminal penalties, is a third means of enforcement. Fair information practice codes have called for some government enforcement, leaving open the question of the scope and extent of such powers.(63) Whether enforcement is civil or criminal likely will depend on the nature of the data at issue and the violation committed.(64)

B. Application of Fair Information Practice Principles to Information Collected From Children

The fair information practice codes discussed above do not address personal information collected from children. They are, however, applicable to parents, in light of the special status that children generally have been accorded under the law. This status as a special, vulnerable group is premised on the belief that children lack the analytical abilities and judgment of adults.(65) It is evidenced by an array of federal and state laws that protect children, including those that ban sales of tobacco and alcohol to minors, prohibit child pornography, require parental consent for medical procedures, and make contracts with children voidable. In the specific arenas of marketing and privacy rights, moreover, several federal statutes and regulations recognize both the need for heightened protections for children and the special role that parents play in implementing these protections.(66)

1. Parental Notice/Awareness and Parental Choice/Consent

It is parents who should receive the notice and have the means to control the collection and use of personal information from their children. The Commission staff set forth this principle in a July 15, 1997 letter to the Center for Media Education.(67) In addition, the letter identifies certain practices that appear to violate the Federal Trade Commission Act:

(a) It is a deceptive practice to represent that a site is collecting personal identifying information from a child for a particular purpose (e.g. to earn points to redeem a premium), when the information will also be used for another purpose that parents would find material, in the absence of a clear and prominent disclosure to that effect; and

(b) It is likely to be an unfair practice to collect personal identifying information, such as a name, e-mail address, home address, or phone number, from children and to sell or otherwise disclose such identifying information to third parties, or to post it publicly online, without providing parents with adequate notice and an opportunity to control the collection and use of the information through prior parental consent.

This letter applies the Commission's Section 5 authority for the first time to the principles of notice and choice in the online collection of information from children. The principles set out in the staff opinion letter form an appropriate basis for public policy in this area.

To assure that notice and choice are effective, a Web site should provide adequate notice to a parent that the site wishes to collect personal identifying information from the child,(68) and give the parent an opportunity to control the collection and use of that information. Further, according to the staff opinion letter, in cases where the information may be released to third parties or the general public, the site should obtain the parent's actual or verifiable consent(69) to its collection.(70)

The content of the notice should include at a minimum, the elements described above,(71) but, in addition, should take into account the fact that online activities may be unique and unfamiliar to parents. Thus, a notice should be sufficiently detailed to tell parents clearly the type(s) of information the Web site collects from children and the steps parents can take to control the collection and use of their child's personal information. Where a Web site offers children interactive activities such as chat, message boards, free e-mail services, posting of home pages and key pal programs, it should explain to parents the nature of these activities and that children's participation enables others to communicate directly with them. Such notice empowers parents to monitor their children's interactions and to help protect their children from the risks of inappropriate online interactions.

2. Access/Participation and Integrity/Security

Since parents may not be fully aware of what personal information a site has collected from their child, the access/participation principle is a particularly important one with respect to information collected from children. To provide informed consent to the retention and/or use of information collected from their children, parents need to be given access to the information collected from their children, particularly if any of the information is collected prior to providing notice to the parent. The principle of integrity, which addresses the accuracy of the data, is also important for children's information. Parents have an interest in assuring that whatever information Web sites collect from children or have otherwise obtained about their children is accurate. This is particularly important in contexts that involve decisions that impact on the child or family, such as educational or health decisions. In addition, since children's information is considered to be a more sensitive type of information, sites should take the same steps identified above to assure that children's data is secure from unauthorized uses or disclosures.

 

back to top
 

 Home  -  My QuiXbuX$  -  Join   -   Getting Started  -   Earning the buX$  buddy buX$   -   QuiXshop

Mall -  Send  -  Help  -   About Us     -  QuiXshare Terms Of Use  -  Privacy & Security Policy  - 

Advertise   -  Contact UsRetail Partners  -   QuiXshare Member Agreement Technology Partners  

   
   

For more information contact us at: info@quixshare.com

Copyright © 2000-2001 QuiXshare.com All Rights Reserved QuiXshare.com™ and buXs™ is a registered trademark of QuiXshare International, Inc.