The information collected can be sold to third parties -- usually ad agencies and marketers -- or kept by site owners themselves for use in creating a profile of your preferences and tastes.

You might think if you've never filled out a form or even given out your e-mail address they have nothing on you. Think again. Information can be gathered about you every time you log onto Net. Certain types of information can be learned about you "invisibly" that you're not even aware of such as:

1) Your IP Address (the address given to your PC by your ISP whenever you log on).

2) The type of PC you have

3) The Browser you are using

4) Operating System you're running

5) Domain Registered Name

With more and more sites gathering information it's more important than ever to implement your own privacy policy and to be aware of others' policies when giving them your information.

A privacy policy is a statement or article that spells out what you do with any personal data collected by your website. Although not mandatory it is a good idea to implement one on your site if you collect any kind of personal data from visitors to your website. A privacy policy also will make your site guests feel more comfortable sharing their information with you, knowing you won't sell it to highest bidder.

So what components make up a privacy policy?

1) Clearly state what information you are collecting and if you share it with any third parties.

2) Give a way for site visitors to change any information given now, at a later date.

3) Clearly state how you are storing collected information.

4) Information on how to opt out of any future mailings from your company.

5) If your site uses cookies this must be disclosed.

Use simple wording in your policy instead of high tech language, and don't collect any information that you really don't need. It's important to keep up on any new laws regarding privacy policies in case you need to modify it later on.

An alarming fact is that many companies do not prioritize information security because it does not generate revenue for company. However, as we have seen in headlines and trade journals, lack of a proper security program can and does affect bottom line. Some organizations are now investing larger budget dollars and resources into information security, and they’re starting by assessing their present level of risk with an audit. If your company relies on Internet and was one of vast number that missed vulnerability used by Code Red virus, you know how lack of an active security program can affect bottom line. In addition to unknown vulnerabilities, there are many stories of technicians performing routine network maintenance and unintentionally leaving credit card database or other proprietary information open for would be hackers. Finding vulnerabilities in your environment is vital to success of your security program, but knowing how to prioritize and perform proper remediation is often impossible without properly trained personnel. Lets concentrate on value of audit process and deliverables for a moment.