資訊科技小貼士 「網上團購」的資訊保安; Information Security Tips Series ‘One Deal a Day’ information security (Offbeat 966)

近年掀起「網上團購」熱潮,網民可用較低價格購買產品或服務,只要集合一定數量的買家,便可獲低至一折不等的優惠,但當中其實 涉及不少風險,例如資訊保安問題。

當我們在團購網購買產品或服務,必須輸入個人資料(例如:姓名、地址、信用卡號碼、電郵、電話及出生日期。)我們有否留意團購網站怎樣處理我們的個人資 料?所謂「魔鬼在細節」,以下是其中一間大型團購網站有關資訊保安及個人資料方面的條款與細則:

採集資料的種類及用途
「我們可能與經我們授權的第三者服務供應商或廣告商分享資料以分析我們網站內容及程式或網上廣告的成效。」

「我們亦會將個人資料用作:(1) 解決疑難,(2) 調解紛爭,(3) 進行聯絡,(4) 管理網站,(5) 執行同意書(包括此條款),配合相關法律及與法律機關合作。」

以上是部分條款與細則,從個人資料的用途,我們可以想像到有些團購網站會把我們的資料分享甚至賣給第三者服務供應商或廣告商,讓使用者變成他們的目標客 戶,從而變成團購網站的收入來源。使用者會收到這些供應商或廣告商的產品或服務資訊,對使用者在選購方面會有好處;但若果這種個人資料的披露沒有受嚴格控 制,使用者便可能會收到太多濫發廣告,變成滋擾

資料保密
「你的個人資料在伺服器中被保密,我們以SSL科技把某些敏感資料加密。我們實行相關的措施去保障互聯網上傳遞的資料,我們不可保證經互聯網傳遞的資料是 百分百保密的,我們對這部分的保安不負任何責任。」

信用卡付款一向都是網上購物最方便的方法之一,但是我們有否想過在網上購物過程中信用卡資料會否外洩呢?就資料保密條款中,團購網並不保證使用者的信用卡 資料不會外洩。因此,使用者需承受這方面的風險。

個人資料的發放
「我們通知商戶他們只能就特定推廣而聯絡你,但我們對商戶的行為不負上任何責任,而商戶的行為亦不在我們掌握中。」

明顯地,當個人資料轉移到第三者服務供應商或廣告商後,團購網很難監管他們如何使用這些個人資料。除了上述的風險外,另外還有產品版權、質素問題等,因與 資訊保安關係不大,在此不詳述。

總括而言,大家使用團購網站的服務時,應注意該網站的服務條款和私隱政策等細節,亦應留意個人資料是否受到保障。對於交易的商戶,又是否了解他們怎樣處理 你的個人資料等問題。若對其條款有任何懷疑,便應避免接受其產品或服務,以免因小失大

In recent years, the “One Deal a Day" websites have become more prevalent in Hong Kong. Internet users buy products or services on the websites with a lower price. As the buyers reach a certain number, they would enjoy up to 90 per cent discount, but there are some risks such as problems of information security.

When purchasing products or services online, you would submit your personal information, such as name, address, credit card number, email address, telephone number and date of birth. Do you know how the websites process your personal information? The following is a large “One Deal a Day" website’s terms and conditions on information security and personal information.

Types and usage of data collection


“We may share information with third party service providers or advertisers authorised by us to analyse the effectiveness of our website content, system, and online advertising. We will also use personal data to (1) solve problems, (2) settle disputes, (3) contact (4) administer the website, and (5) implement consent with the relevant legal authorities."

These are part of the terms and conditions. From the usage of personal data, we may imagine that the “One Deal a Day" websites would share with, or even sell the information to the service providers or advertisers so that users would become their target customers and thus the source of income of the “One Deal a Day" websites. Many users will receive more information of products or services from the service providers or advertisers. It may be beneficial to the user in the procurement process, but if such disclosure of personal information is not subject to strict control, the user may receive too much spam or advertising that may become a nuisance.

Confidentiality of information


“Your personal information will be kept confidential on the server. We will encrypt the sensitive information by using Secure Socket Layer technology. We have implemented the relevant measures to protect the information transferred through the Internet, but we cannot guarantee to pass the information over the Internet in 100 per cent confidentiality, and we are not responsible for this."

Credit card payment method is one of the most convenient ways of shopping online, but have you ever thought of credit card information being leaked from the online shopping process? The terms of the confidentiality of information, through the Internet, do not guarantee the user’s credit card information would not be leaked. Therefore, users will suffer the risk of data leakage.

Release of personal data

“We have informed traders that they may contact you on a particular promotion only, but we bear no responsibility for the behaviour of the merchants. Their action is out of our control."

Obviously, when personal data are transferred to the service providers or advertisers, the “One Deal a Day" websites cannot restrict the process of personal data. Besides such risks, the copyright issue and the product quality are some of the problems of using “One Deal a Day" website services, but these would not be discussed in details as they are not a security related issue.

Finally, when you use the service of “One Deal a Day" websites, you should pay attention to the details of the websites’ terms of service and privacy policy, and you should be aware of protection of your personal data. You should understand how the merchants process your personal information. If there is any doubt, you should avoid accepting their products or services to prevent further loss.

 

 

 

Give me comment!

在下方填入你的資料或按右方圖示以社群網站登入:

WordPress.com 標誌

您的留言將使用 WordPress.com 帳號。 登出 /  變更 )

Google photo

您的留言將使用 Google 帳號。 登出 /  變更 )

Twitter picture

您的留言將使用 Twitter 帳號。 登出 /  變更 )

Facebook照片

您的留言將使用 Facebook 帳號。 登出 /  變更 )

連結到 %s

%d 位部落客按了讚: