I'M CONSTANTLY TRYING to salvage a few minutes here and there from my jam-packed day.  I'm a sucker for time-saving techniques and convenience foods.  I'll willingly (though not gladly) pay a little more for an item if it will save me a half-hour of driving.  The less time I spend working or running errands, the more time I have to sleep, spend with my family, or do absolutely nothing.

Folks like me are a dream come true for Web businesses.  On the Web, I can order my latest book-group selection, stay on top of the day's high-tech news, and research my next column in half the time it would take me to do these things offline.

Lately, though, I've been balking at the asking price.  You see, the cost for all this convenience is my privacy--my right to buy what I want, when I want, or visit whichever Web sites I want without someone collecting data about me or tracking my mouse clicks.  And as much as I value my time, I value my privacy even more.

I'm not alone, either.  Anyone who's spent time online has experienced some assault on his or her privacy; junk mail solicitations following a Web site visit, cookies dumped into the hard drive, or demands for detailed personal information in return for browsing a site.

In several recent surveys, consumers have said privacy concerns keep them from embracing the Web.  And 71 percent of respondents to the 10th Annual Georgia Tech World Wide Web User Survey (www.gvu.gatech.edu/user_surveys) cast their votes in favor of new laws governing privacy in the Internet age.

Even the folks who gather our personal info are getting the message.  In a survey of top executives of high-tech firms conducted by the Information Technology Association of America and Ernst & Young (www.itaa.org/software/research/indpulse/barriers.htm), 60 percent of respondents said they thought lack of privacy protections was the number one factor inhibiting the growth of e-commerce.

WHAT A DIFFERENCE A YEAR MAKES

FORTUNATELY, WEB SITES are beginning to address these concerns.  In its survey of 1400 Web sites in June 1998, the Federal Trade Commission discovered that only 14 percent of all Web businesses informed visitors of their data gathering practices.  A follow-up study of 364 commercial sites conducted in March 1999 by a Georgetown University professor found that nearly 66 percent of the sites had posted privacy policies.  However, less than 10 percent of these policies could be considered comprehensive.

The increase in posted policies is due largely to the attention e-commerce leaders have given the issue over the past 12 months.  Besides Truste (www.truste.org), an initiative formed in 1996 to develop a privacy seal for Web sites, we counted two business-sponsored efforts in 1998: The Online Privacy Alliance, a group of more than 80 businesses, launched last July to promote self-regulation as a solution to privacy concerns.  More recently, the Better Business Bureau Online (www.bbbonline.org) went live with its own privacy program.

IBM has been a founding member of all three groups.  In April of this year, Big Blue announced it would pull ads from any Web site that did not post a privacy policy.  The move, says Harriet Pearson, director of public affairs for IBM, was the "natural next step" in IBM's ongoing efforts to encourage Web businesses to adopt and declare such policies.

As the second-biggest advertiser on the Internet, IBM has done more to promote consumer privacy than most PC vendors.  Early indications are that many of the nearly 400 U.S.-based Web sites IBM advertised on in 1998 would post a policy before the company's June 1 deadline.  But critics argue that IBM's bold threat to pull advertising isn't really so bold--or so great for consumers.

"It's a nice gesture, but I don't think it's going to change things very much," says privacy advocate Jason Catlett, president of Junkbusters, a Greenbrook, New Jersey, developer of Web surfing privacy tools.

"IBM isn't requiring specific minimum standards for privacy policies," says Catlett.  "Companies could comply with its requirement by putting up a page saying, 'You have zero privacy anyway.  Get over it.'"

EDUCATION OR LEGISLATION?

CATLETT'S COMMENTS illustrate how businesses on the one hand and legislators and privacy groups on the other differ on the need for regulation.  IBM advocates self-regulation, while many others favor government intervention.  Even a bald statement of no privacy, though clearly inadequate, would at least let you know what you were dealing with.

Congressman Bruce Vento (D-Minn.) lauds IBM's efforts but says industry efforts alone won't provide enough protection.  Vento and Congressman Ed Markey (D-Mass.) plan to introduce bills requiring Web sites to divulge their privacy policies and to obtain users' permission before sharing their personal data with other businesses.  In the Senate, Conrad Burns (R-Mont.) has introduced a bill that might become the Online Privacy Protection Act of 1999.  The law would force sites to post policies, offer consumers a chance to opt out, and give users access to data about them that is shared with other entities.

"I'm glad [the industy] recognizes that this is a serious problem," says Vento. "But even if you get 90 percent of Web sites to [post a policy], what happens with the other 10 percent?  If one-tenth of the sites do nothing, then for all practical purposes, the king has no clothes."  The burden would still fall on users to check each site.

Russel Bodoff, chief operating officer of BBBOnline, disagrees.  "We need education, not legislation," argues Bodoff.  BBBOnline has tried to educate businesses about the value of good privacy policies.

Besides, asks Bodoff, who would enforce an Internet-specific privacy law?  "We have laws governing fraud and credit card theft already, but the FTC and others haven't filed many [Internet] cases.  They're overworked and understaffed as it is."

WORDS AREN'T ENOUGH

WHILE INDUSTRY PLAYERS and privacy groups argue over the need for legislation, representatives from both sides agree on one point: A few words under the heading "Privacy Policy" are not enough.

To get a clearer sense of how Web sites are implementing privacy policies, I studied a cross-section of sites.  Though most of the three dozen sites I visited posted some type of privacy policy, these statements rarely told me everything I wanted to know.  Often omitted were how the site used cookies, how I could update and verify data collected about me, and how the security and confidentiality of personal information were protected.  In every case, it was up to the consumers to say they didn't want to receive future mailings from the site or have personal data shared with others (the so-called "opt-out" provision).

It would have taken me hours (if not days) to correspond with every site and get clarification on their policies.

Moreover--as an FTC case last summer against the GeoCities site illustrates--there's no guarantee that Web sites are following their posted privacy policies.  In the first case to involve Internet privacy, the FTC charged GeoCities with misrepresenting how it used personal information about visitors to the popular Web site.  Specifically, the FTC accused GeoCities of disclosing information to third parties, despite an explicit policy to the contrary.

TECHNOLOGY TO THE RESCUE?

GIVEN ALL OF THE attention focused on privacy these days, it should come as no surprise that developers are busily releasing software to fill the privacy vacuum.

Microsoft and Novell have announced software tools to enable your PC to digest those privacy policies automatically as you browse.  Web sites could use the tools to post policies that a browser or a search engine could analyze, making it easier for consumers to match their priorities with thepolicies of specific sites.  At the same time, companies are developing privacy tools for consumers: Privaseek and Lumeria have designed software that gives consumers control over what information is shared with sites.  Other companies offer software to filter spam, collect cookies, and let you surf the Web anonymously.

Such tools represent good, constructive efforts to protect your privacy on the Web.  But they aren't enough.  Consumers should not have to install software and configure browsers to prevent Web sites from collecting personal information about them.

The FTC is understaffed, but we can't simply forgo privacy laws.  We need to re-think law enforcement strategies at all levels to respond to the rise of e-commerce--and the inevitable abuses that follow.

We need to establish baseline privacy protections that all Web sites--not just those that feel like it--must adhere to.

We need a law that puts privacy on an equal footing with commerce.