1 / 18

Privacy as an International Information Issue

Privacy as an International Information Issue. MD823 September 22, 2003. What Is Privacy?. Definitions differ depending on perspective US legal perspective “The right to be left alone” (Justice Brandeis, 1890)

pabla
Download Presentation

Privacy as an International Information Issue

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Privacy as an International Information Issue MD823 September 22, 2003

  2. What Is Privacy? • Definitions differ depending on perspective • US legal perspective “The right to be left alone” (Justice Brandeis, 1890) • EU perspective: Explicit and informed consent about how any personal information is collected and how it will be used • Legal protection to prevent unwanted transfer or re-use of personal data files • Consumer view: Individual control over whether and how to share information • Corporate view: Does privacy prevent security? • Employee view: Is anything really private at work?

  3. Sorting Out Legitimate and Non-Acceptable Uses of Personal Information • Would you agree to : • Background check of your education, credit history, and arrest record as part of an employment application or a graduate school application? • How about your medical (including psychological) records? • Regular tracking and recording of all your online searches and browsing activities? • Profiling of the pattern of your credit card purchases to match it against criminal and terrorist behaviors?

  4. Privacy in a networked society:An oxymoron? • Have you: • Changed your address? • Made a credit card purchase? • Opened a commercial e-mail account? • Surfed the web? • There is a record of your activities in a database and probably on the web too • You don’t own it or control who uses it (if you are a US citizen)

  5. Online Customer Information • Common Web Practices: • Collecting personal information for one site or application, then using it for other purposes or selling it to a third party • Tracking online behavior (clickstreams) on a large number of popular web sites and pooling that data to design targeted advertising • Aggregating and analyzing individual data across media--from storefronts, direct mail and phone responses, and online sources

  6. Profiling the dog AND its owner Customer Name Street Address & Zip Phone Number SSN / Drivers License Number Age Income Family Size and Ages Stated Product Preferences Family Interests Number & Types of Pets Frequency of Visits Total Purchase Volume Purchase History - Categories Purchase History - Items Purchase History Brands Typical Customer Database • Cartoon by Peter Steiner. Reproduced from page 61, July 5, 1993 issue of The New Yorker, (Vol. 69 (LXIX) no. 20) only for academic discussion, evaluation, and research. Slide Courtesy Ernst & Young LLP

  7. Offering “Instant” Screening (…or Prying)

  8. European Union Regulations Restrict These Practices--For All EU Citizen Data • Overview of EU Regulations • Notice up front about the purpose of data gathering, active consent, right to correct, restrictions on re-use, and other protections • Enforcement provisions • Impact on US companies • Attempts at compromise (Safe Harbor provisions)

  9. Notice: each data collector must disclose what personal information is collected and how it is going to be used Choice: user must explicitly agree to every specific reuse of information for different purposes or any sharing with 3rd parties Access: user may request to see all collected information and be able to correct errors Security/Integrity: collector must protect info from errors and unauthorized access Extra protection is required for “sensitive” info There must be a recourse for users who feel that these directives are not being followed; enforcement provisions in the law of each country Highlights of the EU Provisions

  10. One Voluntary Effort: P3P • Platform for Privacy Preferences • Project of the World Wide Web Consortium • Standard for translating individual web sites’ privacy policies into machine readable form and matching the specifics of the policy in real time with the individual privacy preferences of a customer who visits that particular web site • Goal is to alert users as soon as they arrive on a site that the privacy policy in effect may not match their personal preferences • Voluntary participation by web sites

  11. Four Different Approaches to Privacy • Laws and regulations • Comprehensive: consistent across instances • Sectoral: different from case to case • Markets: • Consumers can choose not do business with firms that have poor privacy policies • Employees can leave companies that violate their privacy • Self-Regulation: • Industry and institutions police themselves • Technology: • Individuals and organizations implement technologies to enforce their preferred level of privacy protection (encrypt all e-mails, use anonymizer web sites, etc.) What are the pros and cons of each approach?

  12. Possible Privacy Gate Keepers:Whom Do We Trust? • Government roles • Monitor mounds of data for administration, security and law enforcement • Record keeper, tax collector, largest data owner • Privacy protector, security gatekeeper, or big brother? • Corporate roles • For customers • Prospecting, tracking, and marketing opportunities • Individual and aggregated info as a commercial product • For employees • Maintaining HR, payroll, health & other records • Monitoring online behavior and employee e-mails • Third party roles • Developing privacy best practices guidelines • Providing “seals of approval” to compliant companies

  13. International Privacy Issues • Global networks enable/require regular trans-border data flows • Different countries have different norms and laws governing privacy • US generally supports corporate self-regulation within broad privacy protection guidelines • Europe and some Asia/Pacific countries have enacted stricter privacy regulations • Common Internet/web practices raise immediate enforcement issues

  14. US Privacy Guidelines • Basic principles are similar to other countries: • notice, consent, access, data integrity • Key difference is enforcement--government vs. self-regulation by industry and voluntary compliance by individual companies • Economic interests and competitive advantage in E-Commerce are at stake and many companies are in violation of guidelines • Security concerns and corporate liability issues also seem sometimes at odds with privacy protection

  15. Tracking Voluntary Privacy Efforts in the US: A Mixed Record • Increased membership and support for third party “good practice” privacy programs • Compliance with EU regulations by largest companies • But FTC studies show practice is not in line with rhetoric of privacy protection online • Random sample of 335 Web sites from top 5000 Web sites (Nielsen Net Ratings) • 88% had at least one privacy disclosure and 62% posted a privacy policy • But only 20% of total have a policy that specifically addresses at least one element of fair information practices (FTC Study June 2000)

  16. Increased Emphasis on Security over Privacy “Total Information Awareness”

  17. Workplace and Employee Privacy • Is your privacy protected at work? • Monitoring of e-mail and web browsing • Has your company published a policy spelling out appropriate use of e-mail and the Internet at work? • What does it say? • Best practices for employee privacy

More Related