«

BKPRVPOF.RVW 20031019

"Privacy Payoff", Ann Cavoukian/Tyler J. Hamilton, 2002,
0-07-090560-6, U$24.95/C$39.99
%A Ann Cavoukian
%A Tyler J. Hamilton
%C 300 Water Street, Whitby, Ontario L1N 9B6
%D 2002
%G 0-07-090560-6
%I McGraw-Hill Ryerson/Osborne
%O U$24.95/C$39.99 905-430-5000 800-565-5758 fax: 905-430-5020
%O http://www.amazon.com/exec/obidos/AS...bsladesinterne
http://www.amazon.co.uk/exec/obidos/...bsladesinte-21
%O http://www.amazon.ca/exec/obidos/ASI...bsladesin03-20
%P 332 p.
%T "Privacy Payoff"

In the Foreword, Don Tapscott touches on the issues of privacy and
security, but in a vague and unclear manner. Most of the material
simply points out some advantages of advertising the fact that you
have a privacy policy. It is also rather ironic that Earthlink is
used as an example of a good privacy policy, in chapter one, since
that Internet provider has, at times, created some of the greatest
problems for other Internet users with regard to spam. Yet another
example of a case where addressing one security problem creates
another? Chapter two tells us that people are concerned about
privacy, and may sue over perceived breaches of confidence.
DoubleClick is used as an example, but, interestingly in view of the
titular intent of the book, the authors fail to note the direct
financial hit involved with the fall in stock price when the plans to
merge online tracking with personal data became public. There is a
good overview of the definition, history, and philosophy of privacy,
in chapter three, including a number of points that other works miss.
The usual list of American privacy laws, with some nods to the
European Union directives and the Canadian C-6/PIPEDA, is given in
chapter four. Chapter five asserts, without doing much to prove, that
privacy is a business imperative: most of the content is limited to
the idea that privacy protection won't cost *that* much, although
there is a study showing that privacy policies can help efficiency.
There is good, practical information about the role and requirements
for a Chief Privacy Officer in chapter six. Chapter seven contains a
generic admonition to have adequate security. The virus section
stresses Code Red, which the authors admit had nothing to do with
privacy, and neglect Melissa, Sircam, and Klez, which did. There are
scary stories about miscellaneous privacy related topics, in chapter
eight, but the point is unclear. Targeted marketing can be good or
bad, but chapter nine doesn't tell you how to do the good type.
Chapter ten looks at various issues and examples of workplace privacy
and surveillance, but sometimes not very deeply. For example, there
is mention of the use of monitoring to prevent lawsuits over sexual
harassment, but not the fact that such monitoring has been held to
increase employer liability if harassment happens. The material in
chapter eleven supposedly deals with privacy enhancing technologies,
but it is confused and poorly explained. (The authors apparently
don't understand some of the basic information technology: firewalls
generally deal only with header information, and so do not face the
same privacy considerations as content scanning.)

There are some useful, and even important, points in the book, but the
valuable content tends to be buried in a great deal of excess
verbiage. This book could have been a lot shorter, and would have
been more serviceable if it had been.

copyright Robert M. Slade, 2003 BKPRVPOF.RVW 20031019

--
======================

"If you do buy a computer, don't turn it on." - Richards' 2nd Law
============= for back issues:
[Base URL] site http://victoria.tc.ca/techrev/
or mirror http://sun.soci.niu.edu/~rslade/
CISSP refs: [Base URL]mnbksccd.htm
Security Dict.: [Base URL]secgloss.htm
Security Educ.: [Base URL]comseced.htm
Book reviews: [Base URL]mnbk.htm
[Base URL]review.htm
Partial/recent: http://groups.yahoo.com/group/techbooks/
Security Educ.: http://groups.yahoo.com/group/comseced/
Review mailing list: send mail to techbooks-
or techbooks-