December 31, 2001
Warning - Sharks and Web Sites - Caution Advised
Alexandra Andrews, David Bradley and Barbara Lackritz
Be careful! What seems obvious on the surface, can be dangerous in the doing. Suppose you get to a site and find interesting possibilities for treatment of your disease. To carry it even further, suppose the website offers lots of personal stories about how individuals have been cured by this treatment.
- Will you fill out a form with your personal information such as:
- your name
- home address
- business address
- credit card number
- social security number
- telephone numbers
- email addresses
- type and treatment of your disease
- Will you offer to accept a cookie from this site?
- Will you purchase something from the site with your credit card?
If a total stranger walked up to you on the street, handed you a form to fill out asking for your personal information, how safe would you feel giving it to them? You must investigate the site and those who run it to make sure the information you are being requested to give is protected. That means you have an obligation to yourself.
- Be sure you know what will happen to their database if the company is sold, merged, or sells off its assets (the database).
- Be sure they have secure servers in place to protect your information.
- Know how the information you provide will be used .
- And in addition, know who will they will share that information with.
Before you sell yourself to prospective researchers, clinical trials matchmakers, or anyone asking for personal financial data - always, always, always read their privacy policies and their statements of goals. Ask yourself, Why does this site want my personal information?
It is no secret that there is a high failure rate in websites. Boom to bust is the normal cycle. Very often, when a site goes belly up, the only thing of value is the database of users. Naturally, the creditors try to sell that database to the highest bidder. Not that long ago, a database of only children under 12 years old was on the auction block.
Remember, there is no policing of websites. Many sites that sell the personal data of users have fancy seals of approval and such, but very often, all that they mean is that someone paid extra to be able to put them there -- nice little decorations. Toto, pay no attention to that man behind the curtain.
At least an actual government sponsored site is required to give some sort of warning notice if your privacy will be compromised by whatever they do. Private companies have much more leeway, in terms of what they do not have to admit, and in the wording that they may use to hide their ultimate intent. Do not be deceived by web address endings such as .com, .org, .net. No longer do these mean the website is specifically commercial, non profit organization and ISP network. A pornographic site can operate with any ending.
Talk with other cancer survivors to discover which sites are really following through on what their disclaimers imply that they are doing. Once you've shared your personal data, there's no way to call it back.
- Internet and E-Mail questions? CancerLynx Web and E -Mail Tutorial
- List questions? List Guidelines and Tips
- ACOR.org cancer information system
Many of us who have been around for a few years simply don't tell the truth or if we need to be truthful in order to gain useable information we give the minimum that must be included. If we are looking for world wide clinical trials, why tell our zip code or state? If we want phase three trials for a specific disease, is our address necessary? They may need to know what stage of the disease we are in or what previous treatment we've had. It's often difficult to second-guess what information is really required, but we try to give the least information possible unless we are well acquainted with who is running a site.
Cookies are a classic example. Many sites offer cookies for good reason; they want to be able to recognize you when you return. On sites that we use often, we will accept such cookies and leave them on our computers while we are using the site consistently. Otherwise, we remove cookies once we've left a site, so that the people who control the site don't follow us everywhere else we go on the web. Browsers like Opera will alert you to a site trying to set an illegal cookie. That kind of behavior is unacceptable and we do everything we can to prevent it from happening to us. We also empty our cache and clear our history files every night
Identity and Credit card theft is on the rise. What kind of security does that website have? Microsoft servers are almost impossible to defend against cyber terrorism. One example, a website selling cd's was hacked. The hacker had everyone's credit card data. He offered to sell that information back to the credit card companies. Before you give ANY private information ask, What kind of protection is there for my data? If they are not using a version of UNIX servers, this web site has made you vulnerable to viruses and hackers.
Most hospital and medical practice websites have little security. Patients have experienced identity theft and worse; research is looted; computers are corrupted with viruses. Hospital web sites are like galleons sailing the seas laden with treasure waiting for pirates to board.
Remember! If it sounds too good to be true - it probably is. A miracle cure for cancer would not be a secret. Be cautious and careful. Our task is to try to understand what they really mean.