1 / 15

Polarized Attitudes

The Privacy Minefield Sol Bermann Legal Project Manager Technology Policy Group-OSC (614) 688-4578 bermann@osc.edu. Polarized Attitudes. Protect It. Advocates. Citizens. Protection with use. Consumers. Government. Business. Use It. Privacy Impact Areas.

ashton
Download Presentation

Polarized Attitudes

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Privacy MinefieldSol BermannLegal Project ManagerTechnology Policy Group-OSC(614) 688-4578bermann@osc.edu

  2. Polarized Attitudes Protect It Advocates Citizens Protection with use Consumers Government Business Use It

  3. Privacy Impact Areas • Consumer Records (state & federal law) • PII • Surfing habits • Public Records (state & federal law) • SSN • Driver’s License • Real Estate • Arrest Records • Credit & Financial Records (GLB) • Health Records (HIPPA) • Children (COPPA)

  4. Privacy Dangers • External • Privacy law violations • Privacy policy violations • Bad actors (hackers) • monitoring issues • Internal • Privacy law violations • Privacy policy violations (acceptable use) • monitoring issues

  5. Privacy Failure Consequences • Loss of trust • Irreparable damage to reputation, user retention • Loss of revenue and new business • Interruption of transborder data flows, applicable penalties in international jurisdictions • Possible federal, state enforcement actions- millions of dollars spent and loss of flexibility in marketplace to implement consent decrees, irreparable damage to key initiatives such as eBusiness or eGovernment • Litigation from consumers, privacy advocates, etc... • Civil and criminal penalties for wrongful disclosure of protected health information

  6. Response

  7. Plan for Privacy • Have a privacy/security plan • External & Internal--there is no single solution • A framework is essential • Accountability is essential • Compliance is essential • A Privacy Policy is a value-added proposition for citizens and a competitive advantage for companies • Be Honest & Create Trust • Let people know what you are doing and let them make their own decisions

  8. Policy Framework • Where possible follow OECD guidelines • Collection Limitation Principle • Data Quality Principle • Purpose Specification Principle • Use Limitation Principle • Security Safeguards Principle • Openness Principle • Individual Participation Principle • Accountability Principle

  9. Technological Framework • How is the data organized, labeled, and stored? • What paths does the data take when getting from point A to point B and how are these paths protected? • Is there positive control over the data at all time? • What security mechanisms surround the use of the data?

  10. Accountability • Everyone (same for business & government) • Essential Clearances • CEO; Business Units; Marketing; H.R.; General Counsel; Government Affairs; Information Security; I/T • BUT ACCOUNTABILITY TO EVERYONE IS ACCOUNTABILITY TO NO ONE • Must have an enforcer • Chief Privacy Officer (or something similar)

  11. Compliance • Is there a data privacy compliance strategy? • What are the elements of the compliance program? • Is there an auditor (ex: CPO) • What is the role of the auditor? • Does the compliance program have teeth?

  12. LESSON TO REMEMBER • Create Trust • Be Honest • Have a Policy • Display Your Policy • Follow Your Policy • Develop Your Infrastructure • Audit Your Infrastructure • Be Accountable • Have a CPO or Compliance Officer

  13. Some Good Books • “Database Nation”, Simson Garfinkel • “The Transparent Society”, David Brin • “The Unwanted Gaze”, Jeffrey Rosen • “The Hundredth Window : Protecting Your Privacy and Security in the Age of the Internet”, Charles Jennings, Lori Fena • “For the Record : Protecting Electronic Health Information”, Computer Science and Telecommunications Board • “1984”, George Orwell • “Brave New World”, Aldous Huxley

  14. A Few of Many Privacy Links Regulatory • Gramm Leach Bliley www.bog.frb.fed.us/BoardDocs/Press/BoardActs/2000/20000621 • FTC: www.ftc.gov/acoas/papers/finalreport.htm • HIPAA: http://aspe.hhs.gov/admnsimp/ • EU: http://europa.eu.int/eur-ex/en/lif/dat/1995/en_395L0046.html • OECD: http://www.oecd.org//dsti/sti/it/secur/prod/PRIV-EN.HTM#3 General Info • www.privacyexchange.org • www.epic.org • www.privacyplace.com • www.eff.org • www.leglnet.com/libr-priv.htm • www.privacyalliance.org

  15. More Links Technology and Services • www.w3.org/P3P/ • www.pwcglobal.com/Extweb/service.nsf/ • www.ibm.com/services/e-business/security.html • www.truste.com • www.junkbusters.com • www.anonymizer.com • www.siegesoft.com/products.shtml • www.iprivacy.com • www.privada.com • www. zeroknowledge.com • www.safemessage.com • www.privacyright.com

More Related