5th Dimension: Improper Access.
Websites typically guard the data from intrusion from the outside. However, within a company the data is often accessible to many people in various departments. For example, the personal data may be accessed by the IT department that stores the data as well as by the marketing & sales department that may use the data to tailor their offerings. Some online retailers restrict access to the data internally to authorized personnel. These people often have training in privacy issues. For our purpose, the scenarios will state that the financial portal will either have no policy on access to personal information or provide access to personal information only to authorized personnel.