BKPRVPOF.RVW 20031019 "Privacy Payoff", Ann Cavoukian/Tyler J. Hamilton, 2002, 0-07-090560-6, U$24.95/C$39.99 %A Ann Cavoukian %A Tyler J. Hamilton %C 300 Water Street, Whitby, Ontario L1N 9B6 %D 2002 %G 0-07-090560-6 %I McGraw-Hill Ryerson/Osborne %O U$24.95/C$39.99 905-430-5000 800-565-5758 fax: 905-430-5020 %O http://www.amazon.com/exec/obidos/ASIN/0070905606/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0070905606/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/0070905606/robsladesin03-20 %P 332 p. %T "Privacy Payoff" In the Foreword, Don Tapscott touches on the issues of privacy and security, but in a vague and unclear manner. Most of the material simply points out some advantages of advertising the fact that you have a privacy policy. It is also rather ironic that Earthlink is used as an example of a good privacy policy, in chapter one, since that Internet provider has, at times, created some of the greatest problems for other Internet users with regard to spam. Yet another example of a case where addressing one security problem creates another? Chapter two tells us that people are concerned about privacy, and may sue over perceived breaches of confidence. DoubleClick is used as an example, but, interestingly in view of the titular intent of the book, the authors fail to note the direct financial hit involved with the fall in stock price when the plans to merge online tracking with personal data became public. There is a good overview of the definition, history, and philosophy of privacy, in chapter three, including a number of points that other works miss. The usual list of American privacy laws, with some nods to the European Union directives and the Canadian C-6/PIPEDA, is given in chapter four. Chapter five asserts, without doing much to prove, that privacy is a business imperative: most of the content is limited to the idea that privacy protection won't cost *that* much, although there is a study showing that privacy policies can help efficiency. There is good, practical information about the role and requirements for a Chief Privacy Officer in chapter six. Chapter seven contains a generic admonition to have adequate security. The virus section stresses Code Red, which the authors admit had nothing to do with privacy, and neglect Melissa, Sircam, and Klez, which did. There are scary stories about miscellaneous privacy related topics, in chapter eight, but the point is unclear. Targeted marketing can be good or bad, but chapter nine doesn't tell you how to do the good type. Chapter ten looks at various issues and examples of workplace privacy and surveillance, but sometimes not very deeply. For example, there is mention of the use of monitoring to prevent lawsuits over sexual harassment, but not the fact that such monitoring has been held to increase employer liability if harassment happens. The material in chapter eleven supposedly deals with privacy enhancing technologies, but it is confused and poorly explained. (The authors apparently don't understand some of the basic information technology: firewalls generally deal only with header information, and so do not face the same privacy considerations as content scanning.) There are some useful, and even important, points in the book, but the valuable content tends to be buried in a great deal of excess verbiage. This book could have been a lot shorter, and would have been more serviceable if it had been. copyright Robert M. Slade, 2003 BKPRVPOF.RVW 20031019