1. Technical Field
The present invention relates generally to automating information exchange within an online web-based environment.
2. Background of the Related Art
In the content of information security and privacy, so-called “personally identifiable information” or “personally identifying information” (PII) is any piece of information that can be used to uniquely identify, contact or locate a given person. In today's online world, an end user frequently visits numerous web sites on a daily basis to obtain information, transact electronic commerce, and perform other work- or entertainment-related functions. Virtually every visit to every web site presents an opportunity for an organization to obtain an end user's PII.
Before an online user provides personally identifiable information to an organization, the user should be fully aware of the organization's privacy policy, and he or she should be given a choice of different “purpose usages” for such information. In particular, the user should be given an opportunity (e.g., via web-based HTML fill-in forms or the like) to indicate to the organization which of the purpose usages for the PII he or she is willing to permit. For example, the user may decide that the organization can use his or her PII for one or more different scenarios, e.g.: for a given transaction only, for shipping goods to the user, for billing the user, for sending e-mail marketing information, for providing the PII to a third party. Each of the examples is a “purpose usage” for the PII, and they are merely exemplary. In the past, it has been known in the art to provide a user visiting a web site with a web-based form from which the user can select one or more purpose usages. In particular, when the user provides PII to an organization, the user may be queried with a list of purpose usages, or with a specific purpose usage. An example of this known approach is shown in FIG. 1, which is a screen shot of a web browser that includes an HTML form with several such requests. In the illustrated example, the end user is submitting given PII (residence address, email address, credit card data, or the like) and is being asked whether such PII can be re-used from some other purpose. The purpose usages are shown circled in the figure. The end user then is forced to manually input a response, often on a purpose usage-by-purpose usage basis. For most web users, the process is slow and tiresome and, thus, it inhibits efficient online business and information exchange.
It is also known in the art to automate the process of notifying an end user about a privacy policy enforced on the web site to which the end user has navigated. The Platform for Privacy Preferences (P3P) is a Web standard that provides this functionality. In particular, an enabled user agent (e.g., a web browser that conforms to the P3P standard) reads P3P files (typically in the form of Extensible Markup Language, or XML) from the web site automatically and then indicates to the user if the site's P3P policy matches the user agent privacy settings. In effect, a P3P-enabled web browser acts as an alerting mechanism to inform the end user if the end user's privacy settings can be accommodated on the web site. In this way, P3P automates the process of comparing the user's own privacy preferences with the privacy policy of a web site.
Although P3P does reduce the time necessary for the user to understand an organization's privacy policy, it does not address purpose usage or provide any mechanism for enabling an end user to indicate to the organization his or her purpose usage selections. Accordingly, even if a site is P3P-compliant, the selection of purpose usages still is a manual process.