Many service providers use “cookies” to personalize a client's website experience. A cookie is a small file that stores client information. This information may include personal information, such as the client's address and password, and behavioral information, such as a client's browsing history.
There are two types of cookies; “session” cookies which are deleted at the end of each web browsing session and “persistent” cookies, which are saved between sessions. During a client's initial access of a service provider website, the service provider populates and downloads the cookie file to the client's browser. If the cookie is a persistent cookie, on subsequent visits by the client to the service provider website the cookie is retrieved, and data related to the client can be extracted to increase efficiencies and personalize the client's website experience.
In addition to improving processing efficiencies, cookies can further be used to tailor advertising and to analyze marketing campaigns by storing client intelligence. Client intelligence may include, for example, a client's browsing history, purchase history and other internet behavior. In some cases, service providers make the client intelligence available to authorized third parties, who may also store cookies at the client.
Although there are significant benefits from the use of cookies, the fact that cookies store personal client information makes them vulnerable to malicious interception. Clients can protect the distribution of their information by restricting a service provider's ability to use persistent cookies. Browsers generally provide the user the ability to control the creation and storage of cookies by service providers and third parties, and users may block the creation of cookies altogether. However, blocking all cookies would ultimately serve only to frustrate the client and to remove the business advantages associated with client intelligence.
It would be desirable to leverage the efficiencies gained through the use of cookies while protecting against inadvertent or unauthorized disclosure of client information.