The recent discovery of bugs in Internet technology such as Java and ActiveX has raised grave concerns over the safety of electronic commerce.
But there is a far more serious threat to the confidentiality of personal data on the Internet and one to which users are unwittingly putting themselves at risk every day when visiting Web sites.
The problem came to light in October when CompuServe alerted its Outdoor forum customers to a member who was masquerading as a company official in an attempt to obtain confidential information about other users. It transpired that the 1984 Data Protection Act does not protect UK subscribers of US-based online services from such abuse because of a loophole in the law. At present, if a person resident in the UK enters personal information on a Web server installed elsewhere in the world, there is no guarantee the data they have given will be safe from prying eyes. There is no US equivalent of the Data Protection Act protecting the rights of UK subscribers to services such as CompuServe.
But the threat of data misuse is not limited to the online services market.
A growing number of Web sites are forcing surfers to give their names, addresses, dog's name, you name it, before gaining entry to the site.
While Web authors will say that such personal information is necessary to validate the identity of the user on subsequent visits, who can be sure their data is safe?
The Data Protection Act seeks to prevent the misuse of personal information; companies which request such data and store it on computer systems should register with the Data Protection Registrar. But while the act covers all types of data, including that gathered from the Internet, it is not a fail-safe solution. As David Smith, assistant registrar at the Office of the Data Protection Registrar, explained: "We are concerned with the ability of people to collect personal information, especially off newsgroups."
One way small organisations, particularly those with a Web or net presence, could help to address the problem is to look carefully at what personal information they are holding. "Strictly they should register with us," said Smith, who added that even an Email address is considered personal under the act.
Jeremy Holt of Clark Holt, a firm of commercial solicitors which has published a guide to the legal aspects and implications of the Internet, said: "When I complete a form, I utterly refuse to give my EmaiI address."
In this way not only does Holt avoid receiving junk Email, but it also stops would-be criminals, including burglars, from abusing his Email address: "If someone sends me two or three Email messages on consecutive days and I don't reply, this would indicate I am away. The fact that I have an Email address means I have valuable computer equipment at home."
In a report, The consumer in the information society, conducted for the European Commission, researcher Ovum says protection of privacy is one of the biggest risks to consumers. It warns that, once digitised, personal data can be easily exchanged between organisations and combined to provide a more comprehensive view of an individual.
John Moroney, senior consultant at Ovum and co-author of the report, said not only is it difficult to track how personal information is used on the Internet, but the system is inherently insecure. With suitable equipment someone could easily tap into this information and use it for illegitimate purposes.
The Ovum report urges the EC to extend its Data Protection Directive, which was passed in October 1995 and with which the UK must comply by October 1998. According to Ovum, the EC should define encryption standards for use in commercial applications, and identify the type of data that should not be exchanged without prior consent.
Web developers have their part to play too. For a start, they should allow access to their sites before asking users to fill out registration details and make clear what they intend to use the information for. Commercial organisations should also be aware of their obligation to register with the Data Protection Registrar.
As for end-users, Holt has this sobering advice: think before you give any information, and never hand over bank or credit card numbers on public access sites.
The Data Protection Registrar is at www.open.gov.uk/dpr/dprhome.htm
Ovum is at www.ovum.com
Clark Holt Solicitors 01793 617444.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago