Professional Documents
Culture Documents
This is certify that project report entitled “Perceptual Study of Privacy Issues in E marketing” ,
which is submitted by Butta Singh , School of Management Studies, Punjabi university, Patiala
is an authentic record of candidate’s own work and is completed under my guidance. This report
is with regard to MBA project and not to be submitted for any other degree.
Page | 1
PREFACE
This report pertains to the making of Major Project report of M.B.A. curriculum.
The purpose of this project is to make the students have thorough knowledge of the topics
given to them. I learned a lot from the hard work I put in to collect information regarding the
same, which would be of great use in my near future as a professional.
Justification cannot be done to whatever I have learn t within a few pages but I have still
tried my best to cover as much as possible about “Perceptual Study of Privacy Issues in E
marketing” in this report.
Page | 2
Acknowledgement
Before we get into the thick of thing, I would like to say that it was a great pleasure &
privilege for me to have the opportunity of undertaking this project. I have the honor to express
my sincere thanks to my esteemed project guide Lecturer Mr. Satinder Kumar who has guided
I would also like to thanks my friends and colleagues who have helped me in collection
I am sure that the knowledge & information that I have gained during this project would
Butta Singh
Page | 3
TABLE OF CONTENTS
EXECUTIVE SUMMARY 7
I INTRODUCTION 8-28
CONCUSION
BIBLIOGRAPHY 64
ANNEXURE 65
List of Charts
Page | 4
4.3 E marketing caters to the computer literate person only 40
4.7 Read privacy policies of the company while sharing personal information 44
4.1 Online marketers are able to find out personal information through the customer 49
2 activities on their websites
4.1 E marketers manipulate the information of the customer according to their use 50
3
4.1 Online marketers keep confidential the personal information of the customer 51
4
4.1 Privacy and security of the Credit card and account is very important in E 52
5 marketing
4.1 E marketing interferes in the children privacy through exposure of vulgarity and 53
6 obscenity
Page | 5
4.1 Privacy policies are explained thoroughly on the websites 54
7
4.2 Consumer is aware of the legal and other implications on violation of his privacy 57
0
4.2 Customer should be given more option regarding the use of his personal 58
1 information
EXECUTIVE SUMMARY
The project is all about the study of customer perception about the privacy issues related
to E marketing. Firstly there is the introduction to the E marketing. E-marketing means using
digital technologies to help sell your goods or services. These technologies, like e-mail and
Page | 6
websites, are a valuable complement to traditional marketing methods whatever the size of your
company or your business model. This rapid growth of internet has been accompanied, however,
by concerns regarding the collection and dissemination of consumer information by marketers
who participate in online retailing. These concerns pertain to the privacy and security of
accumulated consumer data and the perceived risks that consumers may experience with respect
to these issues.
Next to the introduction there are certain previously carried out studies related to the
topic which serve as Review of Literature. These studies guided the theme and scheme of the
project. Next there is the rationale of the study and objectives. The main aim of this research is to
study the customers’ perceptions regarding the privacy in e-marketing, the ethical issues related
to privacy and factors behind it.
Then is Research Methodology, which includes justification about the topic and it
also contain the sampling design, sources of information (primary as well as secondary)and
scope of study. Next there is data analysis and interpretation. After it findings, suggestions and
conclusion is there. In conclusion, privacy protection on the Internet demands a multi-tier
approach, involving organizations, governments and individual consumers.
CHAPTER I
Page | 7
E-marketing means using digital technologies to help sell your goods or services. These
technologies, like e-mail and websites, are a valuable complement to traditional marketing
methods whatever the size of your company or your business model..
Benefits of e marketing:-
• Global Reach
If you build a website you can reach anyone, anywhere in the world, provided they have
internet access. This allows you to tap new markets and compete globally with only a small
investment. This can be particularly useful for niche providers, companies whose products can
be posted easily, or businesses who are looking to expand geographically but cannot afford to
invest in new offices or businesses.
• Lower Cost
A properly planned and effectively targeted e-marketing campaign can reach the right
customers at a much lower cost than traditional marketing methods. You can build a website for
as little as a few hundred pounds or send e-mail for a fraction of a penny.
• 24-Hour Marketing
With a website your customers can find out about your products even if your office is
closed.
Page | 8
If you have a website or an e-mail template, you can react to events much more quickly –
giving your marketing a much more contemporary feel. If one of your products is in the news or
something important happens in your industry, you can capitalize on it without having to print or
post anything.
• Personalisation
If your customer database is linked to your website, then whenever someone visits the
site, you can greet them with targeted offers. The more they buy from you, the more you can
refine your customer profile and market effectively to them. A great example of this is Amazon’s
website which suggests products based on your and other people’s previous purchases.
Marketing Ethics:-
Ethics has been termed the study and philosophy of human conduct, with an emphasis on
the determination of right and wrong. For marketers, ethics in the workplace refers to rules
(standards, principles) governing the conduct of organizational members and the consequences
of marketing decisions. Therefore, ethical marketing from a normative perspective approach is
defined as “practices that emphasize transparent, trustworthy, and responsible personal and
organizational marketing policies and actions that exhibit integrity as well as fairness to
consumers and other stakeholders. Marketing ethics focuses on principles and standards that
define acceptable marketing conduct, as determined by various stakeholders and the organization
responsible for marketing activities. While many of the basic principles have been codified as
laws and regulations to require marketers to conform to society’s expectations of conduct,
marketing ethics goes beyond legal and regulatory issues. Ethical marketing practices and
principles are core building blocks in establishing trust, which help build long-term marketing
Page | 9
relationships. In addition, the boundary-spanning nature of marketing (i.e. sales, advertising, and
distribution) presents many of the ethical issues faced in business today.
Both marketing practitioners and marketing professors approach ethics from different
perspectives. For example, one perspective is that ethics is about being a moral individual and
that personal values and moral philosophies are the key to ethical decisions in marketing. Virtues
such as honesty, fairness, responsibility, and citizenship are assumed to be values that can guide
complex marketing decisions in the context of an organization. On the other hand, approaching
ethics from an organizational perspective assumes that establishing organizational values, codes,
and training is necessary to provide consistent and shared approaches to making ethical
decisions.
The Internet has grown considerably during the past decade, particularly with respect to
its use as a tool for communication, entertainment, and marketplace exchange. This rapid growth
has been accompanied, however, by concerns regarding the collection and dissemination of
consumer information by marketers who participate in online retailing. These concerns pertain to
the privacy and security of accumulated consumer data (Briones 1998; Culnan 1999) and the
perceived risks that consumers may experience with respect to these issues (Ernst & Young
1999; Milne and Boza 1999; Milne 2000).
There are many business opportunities in the changing technical environment. The use of
digital systems allows data capture at a much larger rate and scope than previously; e-commerce
sites could potentially collect an immense amount of data about personal preferences, shopping
patterns, patterns of information search and use, and the like about consumers, especially if
aggregated across sites. Not only is it easier than ever to collect the data, it is also much easier to
search these data. New computational techniques allow data mining for buying patterns and other
personal trends. These data can be used to personalize a customer’s e-commerce experience,
augment an organization’s customer support, or improve a customer’s specific e-site experience.
Page | 10
The data are valuable for reuse, for example, in finding potential sales to existing customers. As
well, the data are also valuable to aggregators (who may look for other personal trends and
patterns) or for other types of resale. Indeed, reuse and resale are simultaneously both potential
opportunities and problems
Information security: -
The terms information security, computer security and information assurance are
frequently incorrectly used interchangeably. These fields are interrelated often and share the
common goals of protecting the confidentiality, integrity and availability of information;
however, there are some subtle differences between them.
These differences lie primarily in the approach to the subject, the methodologies used,
and the areas of concentration. Information security is concerned with the confidentiality,
integrity and availability of data regardless of the form the data may take: electronic, print, or
other forms.
Computer security can focus on ensuring the availability and correct operation of a
computer system without concern for the information stored or processed by the computer.
Governments, military, corporations, financial institutions, hospitals, and private businesses
amass a great deal of confidential information about their employees, customers, products,
research, and financial status. Most of this information is now collected, processed and stored on
electronic computers and transmitted across networks to other computers. Should confidential
information about a business' customers or finances or new product line fall into the hands of a
competitor, such a breach of security could lead to lost business, law suits or even bankruptcy of
the business. Protecting confidential information is a business requirement, and in many cases
also an ethical and legal requirement. For the individual, information security has a significant
effect on privacy, which is viewed very differently in different cultures
Page | 11
1. Personal information.
2. Demographic information.
3. Contact information.
4. Credit card no./ac no
5. Taste and preferences.
Some factors that influence which classification information should be assigned include
how much value that information has to the organization, how old the information is and whether
or not the information has become obsolete. Laws and other regulatory requirements are also
important considerations when classifying information.
The type of information security classification labels selected and used will depend on the
nature of the organisation, with examples being:
• In the business sector, labels such as: Public, Sensitive, Private, Confidential.
• In the government sector, labels such as: Unclassified, Sensitive But Unclassified,
Restricted, Confidential, Secret, Top Secret and their non-English equivalents.
• In cross-sectoral formations, the Traffic Light Protocol, which consists of: White, Green,
Amber and Red.
Page | 12
All employees in the organization, as well as business partners, must be trained on the
classification schema and understand the required security controls and handling procedures for
each classification. The classification a particular information asset has been assigned should be
reviewed periodically to ensure the classification is still appropriate for the information and to
ensure the security controls required by the classification are in place.
Access control
Access to protected information must be restricted to people who are authorized to access
the information. The computer programs, and in many cases the computers that process the
information, must also be authorized. This requires that mechanisms be in place to control the
access to protected information. The sophistication of the access control mechanisms should be
in parity with the value of the information being protected - the more sensitive or valuable the
information the stronger the control mechanisms need to be. The foundation on which access
control mechanisms are built start with identification and authentication.
Authentication
It is the act of verifying a claim of identity. When John Doe goes into a bank to make a
withdrawal, he tells the bank teller he is John Doe (a claim of identity). The bank teller asks to
see a photo ID, so he hands the teller his driver's license. The bank teller checks the license to
make sure it has John Doe printed on it and compares the photograph on the license against the
person claiming to be John Doe. If the photo and name match the person, then the teller has
authenticated that John Doe is who he claimed to be.
There are three different types of information that can be used for authentication:
something you know, something you have, or something you are. Examples of something you
Page | 13
know include such things as a PIN, a password, or your mother's maiden name. Examples of
something you have include a driver's license or a magnetic swipe card. Something you are refers
to biometrics. Examples of biometrics include palm prints, finger prints, voice prints and retina
(eye) scans. Strong authentication requires providing information from two of the three different
types of authentication information. For example, something you know plus something you have.
This is called two factor authentication.
On computer systems in use today, the Username is the most common form of
identification and the Password is the most common form of authentication. Usernames and
passwords have served their purpose but in our modern world they are no longer adequate.
Usernames and passwords are slowly being replaced with more sophisticated authentication
mechanisms.
After a person, program or computer has successfully been identified and authenticated
then it must be determined what informational resources they are permitted to access and what
actions they will be allowed to perform (run, view, create, delete, or change). This is called
authorization.
Different computing systems are equipped with different kinds of access control
mechanisms - some may even offer a choice of different access control mechanisms. The access
control mechanism a system offers will be based upon one of three approaches to access control
or it may be derived from a combination of the three approaches.
Page | 14
those resources. In the Mandatory access control approach, access is granted or denied basing
upon the security classification assigned to the information resource.
Examples of common access control mechanisms in use today include Role-based access
control available in many advanced Database Management Systems, simple file permissions
provided in the UNIX and Windows operating systems, Group Policy Objects provided in
Windows network systems, Kerberos, RADIUS, TACACS, and the simple access lists used in
many firewalls and routers.
To be effective, policies and other security controls must be enforceable and upheld.
Effective policies ensure that people are held accountable for their actions. All failed and
successful authentication attempts must be logged, and all access to information must leave some
type of audit trail.
Cryptography
Information security uses cryptography to transform usable information into a form that
renders it unusable by anyone other than an authorized user; this process is called encryption.
Information that has been encrypted (rendered unusable) can be transformed back into its
original usable form by an authorized user, who possesses the cryptographic key, through the
process of decryption. Cryptography is used in information security to protect information from
unauthorized or accidental disclosure while the information is in transit (either electronically or
physically) and while information is in storage.
Page | 15
Cryptography can introduce security problems when it is not implemented correctly.
Cryptographic solutions need to be implemented using industry accepted solutions that have
undergone rigorous peer review by independent experts in cryptography. The length and strength
of the encryption key is also an important consideration. A key that is weak or too short will
produce weak encryption. The keys used for encryption and decryption must be protected with
the same degree of rigor as any other confidential information. They must be protected from
unauthorized disclosure and destruction and they must be available when needed. PKI solutions
address many of the problems that surround key management.
Defense in depth
Information security must protect information throughout the life span of the information,
from the initial creation of the information on through to the final disposal of the information.
The information must be protected while in motion and while at rest. During its life time,
information may pass through many different information processing systems and through many
different parts of information processing systems. There are many different ways the information
and information systems can be threatened. To fully protect the information during its lifetime,
each component of the information processing system must have its own protection mechanisms.
The building up, layering on and overlapping of security measures is called defense in depth.
The strength of any system is no greater than its weakest link. Using a defense in depth strategy,
should one defensive measure fail there are other defensive measures in place that continue to
provide protection.
Page | 16
Security vulnerabilities in electronic commerce
1. There are many points of failure, or vulnerabilities, in an e-commerce environment. Even
in a simplified e-commerce scenario – a single user contacts a single web site, and then
gives his credit card and address information for shipping a purchase – many potential
security vulnerabilities exist. Indeed, even in this simple scenario, there are a number of
systems and networks involved. Each has security issues: A user must use a web site and
at some point identify, or authenticate, himself to the site. Typically, authentication
begins on the user’s home computer and its browser. Unfortunately, security problems in
home computers offer hackers other ways to steal ecommerce data and identification data
from users. Some current examples include a popular home-banking system that stores a
user’s account number in a Web “cookie” which hostile web-sites can crack, ineffective
encryption or lack of encryption for home wireless networks and, mail-borne viruses that
can steal the user's financial data from the local disk or even from the user's keystrokes.
While these specific security problems will be fixed by some software developers and
web-site administrators, similar problems will continue to occur. Alternatives to the
home computer include Point-of- Sale (POS) terminals in brick-and-mortar stores, as well
as a variety of mobile and handheld devices.
2. The user’s web browser connects to the merchant front-end. When a consumer makes an
online purchase, the merchant's web-server usually caches the order's personal
information in an archive of recent orders. This archive contains everything necessary for
credit-card fraud. Further, such archives often hold 90 days' worth of customers' orders.
Naturally, hackers break into insecure web servers to harvest these archives of credit card
numbers. Several recent thefts netted 100,000, 300,000, and 3.7 million credit-card data,
respectively. accordingly, an e-commerce merchant's first security priority should be to
keep the web servers' archives of recent orders behind the firewall, not on the front-end
web servers Furthermore, sensitive servers should be kept highly specialized, by turning
off and removing all inessential services and applications (e.g., ftp, email). Other
practical suggestions to secure web servers can be found in, and among many others.
Page | 17
3. The merchant back-end and database. A site’s servers can weaken the company's internal
network. This not easily remedied, because the web servers need administrative
connections to the internal network, but web server software tends to have buggy
security. Here, the cost of failure is very high, with potential theft of customers’ identities
or corporate data. Additionally, the back-end may connect with third party fulfillment
centers and other processing agents. Arguably, the risk of stolen product is the merchant's
least-important security concern, because most merchants' traditional operations already
have careful controls to track payments and deliveries. However, these third parties can
release valuable data through their own vulnerabilities.
Facebook Case:- November 2007. Facebook got into hot water regarding its new beacon
advertisements which displayed items that your friends bought on third-party partner sites. While
the data usage may have been legal (Facebook offered options for opt out and had written
provisions permitting these actions in its privacy policy), the public response overwhelmingly
was one of betrayed trust, condemnation; forcing a public apology.
Page | 18
Wiki leak case:- Hackers rushed to the defense of WikiLeaks on Wednesday, launching
a new attack on Visa after shutting down MasterCard, Swedish prosecutors, a Swiss bank and
others who have acted against the site and jailed founder Julian Assange.
Internet "hacktivists" operating under the label "Operation Payback" claimed in a Twitter
message, "we are attacking www.visa.com in an hour! Get your weapons ready and stay tuned,"
NBC News reported.
Privacy Policy:-
A privacy policy is a legal document that discloses some or all of the ways a party gathers, uses,
discloses and manages a customer's data. The exact contents of a privacy policy will depend
upon the applicable law and may need to address the requirements of multiple countries or
jurisdictions. While there is no universal guidance for the content of specific privacy policies, a
number of organizations provide example forms or online wizards.
Privacy Policy
This Privacy Policy applies to all of the products, services and websites offered by Google Inc.
or its subsidiaries or affiliated companies except Postini (Postini Privacy Policy). Sometimes, we
may post product specific privacy notices or Help Center materials to explain our products in
more detail.
If you have any questions about this Privacy Policy, please feel free to contact us through our
website or write to us at
Privacy Matters
c/o Google Inc.
1600 Amphitheatre Parkway
Page | 19
Mountain View, California, 94043
USA
• Information you provide – When you sign up for a Google Account, we ask you for
personal information. We may combine the information you submit under your account
with information from other Google services or third parties in order to provide you with
a better experience and to improve the quality of our services. For certain services, we
may give you the opportunity to opt out of combining such information. You can use the
Google Dashboard to learn more about the information associated with your Account. If
you are using Google services in conjunction with your Google Apps Account, Google
provides such services in conjunction with or on behalf of your domain administrator.
Your administrator will have access to your account information including your email.
Consult your domain administrator’s privacy policy for more information.
• Cookies – When you visit Google, we send one or more cookies to your computer or
other device. We use cookies to improve the quality of our service, including for storing
user preferences, improving search results and ad selection, and tracking user trends, such
as how people search. Google also uses cookies in its advertising services to help
advertisers and publishers serve and manage ads across the web and on Google services.
• Log information – When you access Google services via a browser, application or other
client our servers automatically record certain information. These server logs may include
information such as your web request, your interaction with a service, Internet Protocol
address, browser type, browser language, the date and time of your request and one or
more cookies that may uniquely identify your browser or your account.
• User communications – When you send email or other communications to Google, we
may retain those communications in order to process your inquiries, respond to your
Page | 20
requests and improve our services. When you send and receive SMS messages to or from
one of our services that provides SMS functionality, we may collect and maintain
information associated with those messages, such as the phone number, the wireless
carrier associated with the phone number, the content of the message, and the date and
time of the transaction. We may use your email address to communicate with you about
our services.
• Affiliated Google Services on other sites – We offer some of our services on or through
other web sites. Personal information that you provide to those sites may be sent to
Google in order to deliver the service. We process such information under this Privacy
Policy.
• Third Party Applications – Google may make available third party applications, such as
gadgets or extensions, through its services. The information collected by Google when
you enable a third party application is processed under this Privacy Policy. Information
collected by the third party application provider is governed by their privacy policies.
• Location data – Google offers location-enabled services, such as Google Maps and
Latitude. If you use those services, Google may receive information about your actual
location (such as GPS signals sent by a mobile device) or information that can be used to
approximate a location (such as a cell ID).
• Unique application number – Certain services, such as Google Toolbar, include a
unique application number that is not associated with your account or you. This number
and information about your installation (e.g., operating system type, version number)
may be sent to Google when you install or uninstall that service or when that service
periodically contacts our servers (for example, to request automatic updates to the
software).
• Other sites – This Privacy Policy applies to Google services only. We do not exercise
control over the sites displayed as search results, sites that include Google applications,
products or services, or links from within our various services. These other sites may
place their own cookies or other files on your computer, collect data or solicit personal
information from you.
•
Page | 21
In addition to the above, we may use the information we collect to:
• Provide, maintain, protect, and improve our services (including advertising services) and
develop new services; and
• Protect the rights or property of Google or our users.
If we use this information in a manner different than the purpose for which it was collected, then
we will ask for your consent prior to such use.
Google processes personal information on our servers in the United States of America and in
other countries. In some cases, we process personal information outside your own country.
Choices
You can use the Google Dashboard to review and control the information stored in your Google
Account.
Most browsers are initially set up to accept cookies, but you can reset your browser to
refuse all cookies or to indicate when a cookie is being sent. However, some Google features and
services may not function properly if your cookies are disabled.
Google uses the DoubleClick advertising cookie on AdSense partner sites and certain
Google services to help advertisers and publishers serve and manage ads across the web. You
can view and manage your ads preferences associated with this cookie by accessing the Ads
Preferences Manager. In addition, you may choose to opt out of the DoubleClick cookie at any
time by using DoubleClick’s opt-out cookie.
Information sharing
Google only shares personal information with other companies or individuals outside of
Google in the following limited circumstances:
Page | 22
• We have your consent. We require opt-in consent for the sharing of any sensitive
personal information.
• We provide such information to our subsidiaries, affiliated companies or other trusted
businesses or persons for the purpose of processing personal information on our behalf.
We require that these parties agree to process such information based on our instructions
and in compliance with this Privacy Policy and any other appropriate confidentiality and
security measures.
• We have a good faith belief that access, use, preservation or disclosure of such
information is reasonably necessary to (a) satisfy any applicable law, regulation, legal
process or enforceable governmental request, (b) enforce applicable Terms of Service,
including investigation of potential violations thereof, (c) detect, prevent, or otherwise
address fraud, security or technical issues, or (d) protect against harm to the rights,
property or safety of Google, its users or the public as required or permitted by law.
If Google becomes involved in a merger, acquisition, or any form of sale of some or all of its
assets, we will ensure the confidentiality of any personal information involved in such
transactions and provide notice before personal information is transferred and becomes subject to
a different privacy policy.
Information security
Page | 23
When you use Google services, we make good faith efforts to provide you with access to
your personal information and either to correct this data if it is inaccurate or to delete such data at
your request if it is not otherwise required to be retained by law or for legitimate business
purposes. We ask individual users to identify themselves and the information requested to be
accessed, corrected or removed before processing such requests, and we may decline to process
requests that are unreasonably repetitive or systematic, require disproportionate technical effort,
jeopardize the privacy of others, or would be extremely impractical (for instance, requests
concerning information residing on backup tapes), or for which access is not otherwise required.
In any case where we provide information access and correction, we perform this service free of
charge, except if doing so would require a disproportionate effort. Because of the way we
maintain certain services, after you delete your information, residual copies may take a period of
time before they are deleted from our active servers and may remain in our backup systems.
Please review the service Help Centers for more information.
Enforcement
Google adheres to the US Safe Harbor Privacy Principles of Notice, Choice, Onward
Transfer, Security, Data Integrity, Access and Enforcement, and is registered with the U.S.
Department of Commerce’s Safe Harbor Program.
Google regularly reviews its compliance with this Privacy Policy. When we receive formal
written complaints, it is Google’s policy to contact the complaining user regarding his or her
concerns. We will cooperate with the appropriate regulatory authorities, including local data
protection authorities, to resolve any complaints regarding the transfer of personal data that
cannot be resolved between Google and an individual.
Please note that this Privacy Policy may change from time to time. We will not reduce your
rights under this Privacy Policy without your explicit consent. We will post any Privacy Policy
changes on this page and, if the changes are significant, we will provide a more prominent notice
Page | 24
(including, for certain services, email notification of Privacy Policy changes). We will also keep
prior versions of this Privacy Policy in an archive for your review
“ If any person without permission of the owner or any other person who is incharge of a
computer, computer system or computer network,
(b) downloads, copies or extracts any data, computer data base or information from such
computer, computer system or computer network including information or data held or
stored in any removable storage medium;
he shall be liable to pay damages by way of compensation not exceeding one crore rupees to
the person so affected.
Most ecommerce merchants leave the mechanics to their hosting company or IT staff, but it
helps to understand the basic principles. Any system has to meet four requirements:
Digital signatures meet the need for authentication and integrity. To vastly simplify matters (as
throughout this page), a plain text message is run through a hash function and so given a value:
Page | 25
the message digest. This digest, the hash function and the plain text encrypted with the recipient's
public key is sent to the recipient. The recipient decodes the message with their private key, and
runs the message through the supplied hash function to that the message digest value remains
unchanged (message has not been tampered with). Very often, the message is also time stamped
by a third party agency, which provides non-repudiation.
What about authentication? How does a customer know that the website receiving sensitive
information is not set up by some other party posing as the e-merchant? They check the digital
certificate. This is a digital document issued by the CA (certification authority: Verisign, Thawte,
etc.) that uniquely identifies the merchant. Digital certificates are sold for emails, e-merchants
and web-servers.
Information sent over the Internet commonly uses the set of rules called TCP/IP (Transmission
Control Protocol / Internet Protocol). The information is broken into packets, numbered
sequentially, and an error control attached. Individual packets are sent by different routes.
TCP/IP reassembles them in order and resubmits any packet showing errors. SSL uses PKI and
digital certificates to ensure privacy and authentication. The procedure is something like this: the
client sends a message to the server, which replies with a digital certificate. Using PKI, server
and client negotiate to create session keys, which are symmetrical secret keys specially created
for that particular transmission. Once the session keys are agreed, communication continues with
these session keys and the digital certificates.
Credit card details can be safely sent with SSL, but once stored on the server they are vulnerable
to outsiders hacking into the server and accompanying network. A PCI (peripheral component
interconnect: hardware) card is often added for protection, therefore, or another approach
altogether is adopted: SET (Secure Electronic Transaction). Developed by Visa and Mastercard,
SET uses PKI for privacy, and digital certificates to authenticate the three parties: merchant,
customer and bank. More importantly, sensitive information is not seen by the merchant, and is
not kept on the merchant's server.
Page | 26
Firewalls (software or hardware) protect a server, a network and an individual PC from attack by
viruses and hackers. Equally important is protection from malice or carelessness within the
system, and many companies use the Kerberos protocol, which uses symmetric secret key
cryptography to restrict access to authorized employees.
Transactions
• credit card details supplied by the customer, either to the merchant or payment gateway.
Handled by the server's SSL and the merchant/server's digital certificates.
• credit card details passed to the bank for processing. Handled by the complex security
measures of the payment gateway.
• order and customer details supplied to the merchant, either directly or from the payment
gateway/credit card processing company. Handled by SSL, server security, digital
certificates (and payment gateway sometimes).
Practical Consequences
1. The merchant is always responsible for security of the Internet-connected PC where customer
details are handled. Virus protection and a firewall are the minimum requirement. To be
absolutely safe, store sensitive information and customer details on zip-disks, a physically
separate PC or with a commercial file storage service. Always keep multiple back-ups of
essential information, and ensure they are stored safely off-site.
2. Where customers order by email, information should be encrypted with PGP or similar
software. Or payment should be made by specially encrypted checks and ordering software.
3. Where credit cards are taken online and processed later, it's the merchant's responsibility to
check the security of the hosting company's web server. Use a reputable company and demand
detailed replies to your queries.
4. Where credit cards are taken online and processed in real time, four situations arise:
Page | 27
1. You use a service bureau. Sensitive information is handled entirely by the service bureau,
which is responsible for its security. Other customer and order details are your
responsibility as in 3. above.
2. You possess an ecommerce merchant account but use the digital certificate supplied by
the hosting company. A cheap option acceptable for smallish transactions with SMEs.
Check out the hosting company, and the terms and conditions applying to the digital
certificate.
3. You possess an ecommerce merchant account and obtain your own digital certificate
(costing some hundreds of dollars). Check out the hosting company, and enter into a
dialogue with the certification authority: they will certainly probe your credentials.
4. You possess a merchant account, and run the business from your own server. You need
trained IT staff to maintain all aspects of security — firewalls, Kerberos, SSL, and a
digital certificate for the server (costing thousands or tens of thousands of dollars).
Security is a vexing, costly and complicated business, but a single lapse can be expensive in lost
funds, records and reputation. Don't wait for disaster to strike, but stay proactive, employing a
security expert where necessary.
CHAPTER II
REVIEW OF LITERATURE
Numerous studies have been conducted to study the customer perception about the
privacy issues in E marketing many parts of the world. An effort has been made to study the
customer perception in the preview of the studies or researches were carried out before.
Page | 28
Wang, Huaiqing, Matthew, Chen (1998). In their research identified that the term
privacy is usually described as "the right to be let alone," and is related to solitude, secrecy, and
autonomy. However, when associated with consumer activities that take place in the arena of the
electronic marketplace, privacy usually refers to personal information and the invasion of
privacy is usually interpreted as the unauthorized collection, disclosure, or other use of personal
information as a direct result of electronic commerce transactions. When it comes to the invasion
of personal information privacy, the types of personal information that are involved can be
classified into two major categories based on their nature.
Belanger, Hilleri, Smith (2002). This study stated that while the growth of business-to-
consumer electronic commerce seems phenomenal in recent years, several studies suggested that
a large number of individuals using the Internet had serious privacy concerns, and that winning
public trust was the primary hurdle to continued growth in e-commerce. This research
investigated the relative importance, when purchasing goods and services over the Web, of four
common trust indices (i.e. (1) third party privacy seals, (2) privacy statements, (3) third party
security seals, and (4) security features). The results indicated consumers valued security features
significantly more than the three other trust indices. We also investigated the relationship
between these trust indices and the consumer's perceptions of a marketer's trustworthiness. The
findings indicated that consumers' ratings of trustworthiness of Web merchants did not parallel
experts' evaluation of sites' use of the trust indices. This study also examined the extent to which
consumers were willing to provide private information to electronic and land merchants. The
results revealed that when making the decision to provide private information, consumers rely on
their perceptions of trustworthiness irrespective of whether the merchant is electronic only or
land and electronic. Finally, it investigated the relative importance of three types of Web
attributes: security, privacy and pleasure features (convenience, ease of use, cosmetics). Privacy
and security features were of lesser importance than pleasure features when considering
consumers' intention to purchase. A discussion of the implications of these results and an agenda
for future research are provided.
Brown M., Muchira R., (2004). This study was carried out in the background that many
organizations now emphasize the use of technology that can help them get closer to consumers
Page | 29
and build ongoing relationships with them. The ability to compile consumer data profiles has
been made even easier with Internet technology. However, it is often assumed that consumers
like to believe they can trust a company with their personal details. Lack of trust may cause
consumers to have privacy concerns. Addressing such privacy concerns may therefore be crucial
to creating stable and ultimately profitable customer relationships. Three specific privacy
concerns that have been frequently identified as being of importance to consumers include
unauthorized secondary use of data, invasion of privacy, and errors. Results of a survey study
indicate that both errors and invasion of privacy have a significant inverse relationship with
online purchase behavior. Unauthorized use of secondary data appears to have little impact.
Managerial implications include the careful selection of communication channels for maximum
impact, the maintenance of discrete permission-based contact with consumers, and accurate
recording and handling of data. Keywords: privacy, trust, Internet, consumer, confidentiality.
Friberg A. (2007). This study stated that Internet has become an essential tool in the
personal and professional lives of millions of people. Despite this pervasiveness, there is a
downside to using the web. When individuals go online, they leave behind digital footprints.
These data trails provide detailed information that can be captured, manipulated, and potentially
misused by public and private agencies, often without one’s knowledge or consent. Thus,
individual privacy is threatened at an unprecedented level. As recognition of this phenomenon
grows, the issue of privacy has increased in salience. Although online privacy research had
appeared regularly in the literature, there are still many issues left to explore. This dissertation
determined a link between individual concern for online privacy, information transparency, and
personality type. Researcher adopted a quantitative approach and derives the hypotheses from
previous studies. Empirical data was collected from a web based survey given to students at
Luleå University of Technology. Results showed that privacy concerns were linked to
information transparency. This presented a new reliable uni-dimensional scale that indicated how
much an individual valued the importance of information transparency. Using a brief personality
inventory also uncovered differences among personality types in terms of perception of privacy
and information transparency.
Page | 30
Castaneda, Montoso, Luque, (2007). This study attempted to carry out an approximation
both to the conceptual delimitation and to the measuring of customer concern for privacy on the
electronic market. To complete the objective of this research, an overview of the literature was
made in an attempt to summarise the main proposals as regards dimensions of the construct
analysed. Furthermore, two studies were carried out with the aim of evaluating the instruments to
measure concern for privacy on the internet and which supported the conclusion concerning the
construct's dimensionality, reached following the aforementioned literature overview. From the
main results reached, it was highlighted that the concern for privacy on the internet construct had
a structure consisting of two dimensions, which are confirmed through the scales evaluated for
different contexts of use of the internet. These dimensions were: concern for control over the
collecting of personal information, and its use on the electronic market. The paper's main
contributions were threefold: a conceptual revision of the construct; a proposal of the dimensions
for the construct; and an evaluation of two scales to measure the construct in different situations.
Matthew W. Vail, Julia B. Earp. (2008) carried out a research to study the
customer perception and comprehension of Web site privacy policies. U.S. legislation at both the
federal and state levels mandates certain organizations to inform customers about information
uses and disclosures. Such disclosures are typically accomplished through privacy policies, both
online and offline. Unfortunately, the policies are not easy to comprehend, and, as a result, online
consumers frequently do not read the policies provided at healthcare Web sites. Because these
policies are often required by law, they should be clear so that consumers are likely to read them
and to ensure that consumers can comprehend these policies. This, in turn, may increase
consumer trust and encourage consumers to feel more comfortable when interacting with online
organizations. In this paper, we present results of an empirical study, involving 993 Internet
users, which compared various ways to present privacy policy information to online consumers.
Our findings suggest that users perceive typical, paragraph-form policies to be more secure than
other forms of policy representation, yet user comprehension of such paragraph-form policies is
poor as compared to other policy representations. The results of this study can help managers
create more trustworthy policies, aid compliance officers in detecting deceptive organizations,
and serve legislative bodies by providing tangible evidence as to the ineffectiveness of current
privacy policies.
Page | 31
Jiang X., Ji S. (2009) study stated that with the rapid development of e-commerce and
increased number of online transactions in the developing countries, consumer privacy has
become an important issue for e-commerce adoption. Although the issue had been addressed in
many previous studies, however, these studies were typically conducted in developed countries
in different cultural and institutional contexts. The purpose of this paper was to provide a
theoretical model of consumer online privacy concern and behavior intention to adopt e-
commerce taking into the consideration of demographic, cultural, and institutional factors based
on case analysis in a developing country.
Yang, Chao, Hung-Yi., (2009). The study was carried out to study the effect of perceived
ethical performance of shopping websites on consumer trust. Trust is a key factor to the success
of electronic commerce (EC). Websites facilitate enterprises selling online but also generate
many problems, especially ethical issues that make customers hard to trust the sites. This study
aimed at investigating the effect of shopping websites' perceived ethical performance on
consumer trust. Through an experimental study of the simulated shopping website, the result
showed that consumers will trust the website if they feel the site keeps a good EC ethical
performance such as practicing the privacy policies and stating it explicitly, describing products
or services in an appropriate way. This finding suggested EC vendors have a better
understanding of the relationship between website ethics and consumer trust. It may also
encouraged EC vendors to enhance their websites' ethical performance so they could gain trust
from customers.
Datta (2010), in her study referred that internet banking is a form of self service
technology. The numbers of Internet users have increased dramatically, but most of them are
reluctant to provide sensitive personal information to websites because they do not trust e-
commerce security. This paper investigated the factors which were affecting the acceptance of e-
banking services among adult customers and also indicated level of concern regarding security
and privacy issues in Indian context. Primary data was collected from 200 respondents, above the
age of 35, through a structured questionnaire. Statistical analysis, descriptive statistics was used
to explain demographic profile of respondents and also Factor and Regression analyses were
Page | 32
used to know trend of internet use and factors affecting e-banking services among adult customer
in India. The finding depicted many factors like security & privacy, trust, innovativeness,
familiarity, awareness level increase the acceptance of e-banking services among Indian
customers. The finding showed that in spite of their security and privacy concern, adult
customers are willing to adopt online banking if banks provide him necessary guidance. Based
on the results of current study, Bank’s managers would segment the market on the basis of age
group and take their opinion and will provide them necessary guidance regarding use of online
banking.
Due to the advancement in technology, e-marketing is becoming very much popular these
days. Customers are also attracted towards the various services provided by the e-marketing and
the use of internet but some people do not feel comfortable in using e-marketing because of the
privacy and security issues. There are often some cases that come into light regarding the breach
of customers’ privacy. The main aim of this research is to study the customers’ perceptions
regarding the privacy in e-marketing, the ethical issues related to privacy and factors behind it.
Page | 33
Objectives of the study
CHAPTER III
Research Methodology
Research Problem
Page | 34
Research Design
The research design was exploratory and descriptive which helped me to explore the
Perception of customers and describe the ethical issues related to privacy in e- marketing.
Sampling Design
The study aimed at to survey from the respodents of Punjabi University Campus. So the
universe in the study is Patiala. And from the universe 100 samples were chosen. Sample is any
person who may or may not have the knowledge of E marketing. The respondents were selected
on the basis of convenience sampling.
Data Collection
Both primary and secondary data have been collected for meeting the objectives of the
current study.
For the purpose of the collection of the primary data, On the basis of Review of
literature, certain statements were short listed, which are related to privacy issues or which can
define the ‘Title’. After it certain statements were clubbed together, redundant statements were
deleted and a final unbiased, undisguised structured questionnaire was made. It was administered
to the respondent for the purpose of getting the information.
For the purpose of secondary data, secondary sources of information like magazines,
newspapers, journals; studies conducted in past etc. had been referred. The main sources of
secondary data in the study are
1. Websites
2. Books
3. Journals
Analysis Techniques
Page | 35
The questionnaire was having the alternative choices. Questions having alternative
choices have been analyzed by taking percentages.
CHAPTER IV
4.1 Age
Page | 36
Age Below 25 25-35 yrs 35-45 yrs 45-55 yrs Above 55 yrs Total
Response 33 41 22 4 0 100
4.2 Gender
Response 59 41 100
4.3 Profession
Profession Private sector Public sector Businessman Student Any other Total
employee employee
Response 37 21 9 30 3 100
4.4 Qualification
Response 3 32 49 16 100
Page | 37
Yes No Total
100 0 100
Analysis and Interpretation: All the respondents are Computer literate and internet users so all
the respondents use internet facility for some or other purpose.
Yes No Total
100 0 100
Page | 38
Analysis and Interpretation: As all the respondents use the internet facilities for their different
activities so all the respondents are having the email account. Many of the respondents are
having more than one email account.
Page | 39
Yes No Total
88 12 100
Analysis and Interpretation: All the respondents are computer literate and use internet facility
so a large majority of the respondents think that E marketing caters to Computer literate persons
only because the term can be well understood by that person who uses internet facilities. Even
the internet users have not sufficient knowledge of E marketing.
Page | 40
Retail Stores Tele-Shopping E-Shopping All Total
70 6 8 16 100
Analysis and Interpretation: Most of the respondents often do their shopping in Retail Stores
as compared to other sources. There is no doubt retail stores are the most convenient and
traditional way of purchasing things. So Online shopping and Tele-Shopping are very much
lacking in the popularity.
Page | 41
4.5 Frequency of buying things online.
More than once Once a month At least once in In a year Never Total
in month six months
5 30 10 3 52 100
Analysis and Interpretation: More than half of the respondents have never purchased anything
online. This shows lack of popularity of E marketing among the customers. Various reasons can
be given for it. Next response is favoring buying the things once in a month.
Page | 42
4.6 Greatest benefit of E marketing to marketer and consumer.
39 16 5 40 100
Analysis and Interpretation: Majority of the respondents feel that E marketing is easy
accessible, spread awareness and time saving from the point of view of both the marketer and
customer. However next majority is favoring that the greatest benefit of E marketing is time
saving.
Page | 43
4.7 Read privacy policies of the company while sharing personal information.
Yes No Total
44 56 100
Analysis and Interpretation: Majority of the respondents stated that they do not read the
privacy policies of the company while sharing their personal information online. Less than half
of the respondents read the privacy policy.
Page | 44
4.8 Reasons for not reading privacy policy.
39 16 5 40 100
Analysis and Interpretation: Out of the respondents who do not read the privacy policies of the
company while sharing their personal information, majority of the respondents gave the reason
Page | 45
that it is often too long and time consuming. Rest of the respondents stated that they are not
interested in reading it and it is hard to understand.
26 36 12 26 100
Page | 46
Analysis and Interpretation: Majority of the respondents feel that they major privacy issue that
they face due to E marketing is the unauthorized use of the information they share. It is the most
common privacy issue that is faced by an individual. Next type of privacy issues are the too
much collection of data by the online companies, unwanted communication and then improper
alteration of the data respectively.
4 12 12 32 40 100
Page | 47
Analysis and Interpretation: A large majority of the respondents strongly favors the response
that customer is concerned about his privacy in E marketing. Reason is simple because
everybody has some privacy which no one wants to get violated in any way. Customer share his
personal information online, it is obvious that he will be concerned about its safety.
Page | 48
5 40 35 17 3 100
Analysis and Interpretation: Majority of the respondents disagree that the personal details of
the customers are safe with the online companies while other majority is giving neutral response.
As per the experience of the many respondents personal information is violated and it is used for
some other purposes in addition to the stated purpose. As a result customer personal information
is not safe.
4.12 Online marketers are able to find out personal information through the
customer activities on their websites.
Page | 49
Strongly Disagree Neutral Agree Strongly Total
Disagree Agree
2 10 34 44 10 100
Analysis and Interpretation: More than half of the respondents favors that online marketers are
able to find out personal information through the customer activities on their websites. They are
able to find out this information by certain programs and through cookies. Next is the neutral
response because they had no idea about it how they find out personal information.
Page | 50
Analysis and Interpretation: Majority of the respondents agree to the statement that E
marketers manipulate the information of the customer according to their use. As it is known that
ultimate aim of the marketing is to market the product and E marketers do the same by
manipulating personal information according to their best possible use.
Page | 51
4.14 Online marketers keep confidential the personal information of the
customer.
Analysis and Interpretation: Major response deny the statement that online marketers keep
confidential the personal information of the customer. Reason may be interpreted that mostly
there is unauthorized secondary access to the personal information which is given by the E
marketers to the other companies violating the privacy of the customer.
Page | 52
4.15 Privacy and security of the Credit card and account is very important in E
marketing.
Analysis and Interpretation: Very large portion of the customers admits that the security and
privacy of credit card and bank account is very important in E marketing. There is no doubt in
the privacy and security of these two because online transactions are made through these.
Page | 53
4.16 E marketing interferes in the children privacy through exposure of vulgarity
and obscenity.
Analysis and Interpretation: Majority of the respondents feel that E marketing interferes in the
children privacy through exposure of vulgarity and obscenity. Sometimes the unwanted and
vulgar information is communicated to the internet user, who may be a child, through E
marketing which affect the children privacy.
Page | 54
4.17 Privacy policies are explained thoroughly on the websites.
Analysis and Interpretation: Majority of the respondents admits that Privacy policies are
explained thoroughly on the websites. These respondents are those respondents who read the
privacy policies of the company while sharing their personal information. Next response is the
neutral response regarding it.
Page | 55
4.18 E marketers practice what they state in their privacy policy.
Analysis and Interpretation: Majority of the respondents deny that E marketers do not practice
what they state in their privacy policy. It is violated through unwanted communication, improper
alteration of data and unauthorized use and in many other ways. Next majority is giving neutral
response regarding the statement that is not sure about it.
Page | 56
4.19 The privacy of internet user is greatly violated.
Analysis and Interpretation: Majority of the respondents are giving the neutral response
regarding it. Perhaps they think that it is clear that the privacy of the internet user is violated but
up to some possible extent. Others think that the privacy is greatly violated in many ways.
Page | 57
4.20 Consumer is aware of the legal and other implications on violation of his
privacy.
Analysis and Interpretation: About half of the respondents favor that consumer is aware of the
legal implications on violation of the privacy. Many implications may be the feedback or
customer grievance procedure or the other legal assistance based on various laws to protect
customers.
Page | 58
4.21 Customer should be given more option regarding the use of his personal
information.
Analysis and Interpretation: About two third of the respondents feel that customer should be
given more option regarding the use of personal information by the E marketers so that customer
can have the eye on the use and misuse of his personal information and improper violation of
privacy can be curbed.
Page | 59
CHAPTER V
3. Majority of the respondents feel that E marketing caters to the computer literate persons
only.
6. Customers agree that E marketing is easy accessible, time saving and spread awareness.
7. More than half of the respondents do not read the privacy policy while sharing the
personal information.
8. Major reason for not reading privacy policy is that it is too long to read.
9. Unwanted Communication is the major privacy issue that is faced by the customers.
10. A large majority of the respondents strongly favors the response that customer is
concerned about his privacy in E marketing.
11. Majority of the respondents disagree that the personal details of the customers are safe
with the online companies.
12. More than half of the respondents favors that online marketers are able to find out
personal information through the customer activities on their websites.
13. Majority of the respondents agree to the statement that E marketers manipulate the
information of the customer according to their use.
Page | 60
14. Major response denies the statement that online marketers keep confidential the personal
information of the customer.
15. According to very large portion of the customers admits that the security and privacy of
credit card and bank account is very important in E marketing.
16. Majority of the respondents feel that E marketing interferes in the children privacy
through exposure of vulgarity and obscenity.
17. Majority of the respondents admits that Privacy policies are explained thoroughly on the
websites.
18. According to majority of the respondents, they deny that E marketers do not practice
what they state in their privacy policy.
19. Majority of the respondents are giving the neutral response about the violation of privacy
of internet users.
20. About half of the respondents favor that consumer is aware of the legal implications on
violation of the privacy.
21. About two third of the respondents feel that customer should be given more option
regarding the use of personal information by the E marketers.
Page | 61
RECOMMENDATIONS AND SUGGESSTIONS
Page | 62
9. It is suggested to improve and develop the legal and other measures to protect the
consumers’ privacy.
10. The gap exists between user perceptions of privacy policy representations and
how well users comprehend the policies should be reduced.
The findings of this study are based on the expressed opinion of the respondents.
Some respondents were hesitant in providing complete information.
The sample of the respondents is not representative of the total universe.
Another limitation lies in the measurement of attitudes toward online privacy in general.
Consumers may behave differently when making purchase decisions concerning specific
Web sites or product categories.
Page | 63
CONCLUSION
The internet has created a new avenue for organizations to leverage technology to create
new revenue streams, lower the cost of doing business, improve customer satisfaction, and attract
new customers. Objectives such as these often compel managers to collect large amounts of
customer information to aid in their strategic decision making processes. Increasingly,
consumers are concerned that their information will be disclosed to third parties or used for
purposes other than those for which it was collected. Consumer concerns have only heightened
as media coverage of consumer privacy issues has increased over the past decade.
The research was conducted to have a perceptual study of privacy
issues in E marketing. On the basis of review of literature questionnaire was
developed for the collection of primary data. This research contributes to the
emerging body of research on privacy issues to address consumer privacy concerns involved in
online transactions. Privacy issues are very important from the point of view of customers as
well as marketer. The growth of business to consumer electronic commerce seems to be non-
stoppable. Yet, online shopping accounts very much less as compared to overall retail revenues.
For the future growth electronic marketing, barriers such as security and privacy concerns must
be torn down. The best way to get over barriers is to clearly understand how they work and why
Page | 64
they exist. Privacy policies are an effective way of establishing trust with consumers, but policies
that are incomprehensible may deter potential consumers.
In conclusion, privacy protection on the Internet demands a multi-tier approach,
involving organizations, governments and individual consumers. The conceptual framework can
be used as a general guideline for conducting comprehensive research into online privacy
concern and behavior intent from the consumer’s point of view.
BIBLIOGRAPHY
Books
1. Savino, William M., “Protecting Online Privacy”, Marketing Management, Vol. 11, No. :
49-51, 2002
Journals
Page | 65
5. Cheung, C.M.K., Lee, M.K.O., 2001. “Trust in internet shopping: instrument
development and validation through classical and modern approaches”, Journal of
Global Information Management, vol 9 (3), pt. 23–46.
Books
Websites
http://www.sciencedirect.com/science?_ob=ArticleURL&_udi=B6VG3-475RJF6-
1&_user=10&_coverDate=12%2F31%2F2002&_rdoc=1&_fmt=high&_orig=gateway
&_origin=gateway&_sort=d&_docanchor=&view=c&_searchStrId=1721143547&_re
runOrigin=google&_acct=C000050221&_version=1&_urlVersion=0&_userid=10&m
d5=9626fdcbb8036b35d11bf4e9c6758a9b&searchtype=ahttp://www.emeraldinsigh
t.com/journals.htm?articleid=856480&show=html
ANNEXURE
Page | 66
QUESTIONNAIRE
Dear Sir/Madam,
I would be extremely thankful if you spare some time to answer the following questions.
All the facts disclosed by you will be used for academic purpose only.
Yes No
Yes No
3. Do you think that E marketing caters to the computer literate person only?
Yes No
Page | 67
5. How frequently do you buy things online?
b) Once a month
e) Never
6. What do you think is the greatest benefit for both the marketer and consumer of
E marketing?
Any other…………………
7. Do you read the privacy policies of the company while sharing personal information on the
web?
Yes No
8. If not then why don’t you read the entire privacy policy?
b) It is too long.
Page | 68
9. What type of privacy issues do you mostly face due to E-marketing?
Strongly Strongly
Statements Disagree Neutral Agree
Disagree Agree
Page | 69
obscenity.
PERSONAL INFORMATION
Name:
_______________________________________________________________________________
Email:
_______________________________________________________________________________
Page | 70
Gender: Male Female
Page | 71