As is the case for confidential information,encryption and access controls the two basic mechanisms for protecting consumers' personal information. Indeed, it is common practice to use SSL to encrypt all personal information transmitted between individuals and the organization's Web site. However,SSL only protects the information while it is in transit over the Internet. Consequently, strong authentication controls need to be used to restrict Web site visitors'access to individual accounts. After all what good is it if the information you send to a Web site is encrypted in transit,but anyone visiting the site can easily obtain access to your account and read, and possibly change, the information the Wed site stores about you?