Book examines privacy issues in online world

My dear friends and colleagues Stephen Cobb and Chey Cobb are remarkable individuals. They each have sterling personal qualities such as intelligence, warmth and kindness; they also have exceptional professional experience from a wide range of IT and security consulting, teaching and writing.

They both have just published their own security books. Stephen has written a superb manual for businesses on practical approaches to protecting privacy and Chey has written a textbook on network security. I’ll start with a review of Stephen’s book (he sent me his first) and continue in a following column with a review of Chey’s new book.

Stephen has written many books; all of them have been up to date, helpful, and clearly written. His writing follows the cardinal rules of good writing in English such as:

* Use the simplest word that will express your thought.

* Where possible, choose short words with Anglo-Saxon roots instead of long words with Greek and Latin roots.

* Never use a long, complicated sentence when you can use a series of short, clear sentences.

* Every word, every phrase, every sentence, every paragraph, every page, and every section of your text must support your purpose in writing.

* Be personal and direct: use “I” if it’s the natural way of expressing yourself and avoid impersonal passive constructions.

* Salt your prose with humor.

“Privacy for Business: Web Sites and E-mail” begins with a useful introduction that sets expectations. The book is intended “for anyone who works with… Web sites and personal information… [and] anyone who manages [such people].” It is not for those seeking consumer privacy education, general discussion of the social and political implications of privacy, or detailed technical configuration information (Cobb recommends resources for all of those areas).

Chapter One, “Privacy and Business Today,” looks at fundamentals of privacy in the age of the Internet. I especially enjoyed his discussion of “the privacy landscape” determined in the U.S. primarily by marketers and privacy advocates.

Chapter Two, “Privacy Incidents and Their Costs,” analyzes the many ways that businesses lose money when they breach standards of privacy protection; I liked the spreadsheet.

Chapter Three is “Web Privacy Principles” and it reviews U.S. laws and guidelines, such as the FTC core principles for fair information practice. It also reviews international agreements about privacy rights such as the OECD Guidelines. Chapters Four and Five look in more detail at U.S. and European laws specifically addressing privacy.

Chapter Six discusses privacy policies and privacy statements and gives many useful examples for consideration by policy makers. Chapter Seven continues along the policy line by discussing how to respond to breaches of privacy policy.

Chapter Eight reviews e-mail-related privacy issues such as masking distribution lists, fighting spam, the dangers of spoofed origination addresses and privacy invasion using fraudulent Web sites. This chapter has practical advice on how professionals can be sure that their e-mail conforms to the highest standards of business practice and effectiveness.

The book ends with Chapter Nine about “Tools, Seals, Techniques,” such as commercial privacy products, the P3P Platform for Privacy Preferences Project, and privacy certifications such as the TRUSTe and BBBOnLine programs.

Cobb wraps up with a good “Summing Up” chapter.

My one criticism (and the only evidence that I am ABLE to criticize at all) is that, shockingly, this book has no index. I cannot imagine why anyone would go to all the trouble of writing such a useful book and then not include an index. Stephen can make up for this omission by creating one and posting it online.

In summary, I recommend this book to anyone who fits Stephen’s desired audience – which probably includes pretty much everyone reading this column. Congratulations, Stephen.

Bibliographic reference:

Cobb, S. (2002). “Privacy for Business: Web Sites and E-mail.” Dreva Hill (St. Augustine, Fla.), ISBN 0-972-48190-7. xvi + 224.