Privacy as an international information issue
Download
1 / 18

Privacy as an International Information Issue - PowerPoint PPT Presentation


  • 96 Views
  • Uploaded on

Privacy as an International Information Issue. MD823 September 22, 2003. What Is Privacy?. Definitions differ depending on perspective US legal perspective “The right to be left alone” (Justice Brandeis, 1890)

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Privacy as an International Information Issue' - pabla


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

What is privacy
What Is Privacy?

  • Definitions differ depending on perspective

    • US legal perspective “The right to be left alone” (Justice Brandeis, 1890)

    • EU perspective: Explicit and informed consent about how any personal information is collected and how it will be used

      • Legal protection to prevent unwanted transfer or re-use of personal data files

    • Consumer view: Individual control over whether and how to share information

    • Corporate view: Does privacy prevent security?

      • Employee view: Is anything really private at work?


Sorting out legitimate and non acceptable uses of personal information
Sorting Out Legitimate and Non-Acceptable Uses of Personal Information

  • Would you agree to :

    • Background check of your education, credit history, and arrest record as part of an employment application or a graduate school application?

      • How about your medical (including psychological) records?

    • Regular tracking and recording of all your online searches and browsing activities?

    • Profiling of the pattern of your credit card purchases to match it against criminal and terrorist behaviors?


Privacy in a networked society an oxymoron
Privacy in a networked society: InformationAn oxymoron?

  • Have you:

    • Changed your address?

    • Made a credit card purchase?

    • Opened a commercial e-mail account?

    • Surfed the web?

  • There is a record of your activities in a database and probably on the web too

  • You don’t own it or control who uses it (if you are a US citizen)


Online customer information
Online Customer Information Information

  • Common Web Practices:

    • Collecting personal information for one site or application, then using it for other purposes or selling it to a third party

    • Tracking online behavior (clickstreams) on a large number of popular web sites and pooling that data to design targeted advertising

    • Aggregating and analyzing individual data across media--from storefronts, direct mail and phone responses, and online sources


Profiling the dog and its owner
Profiling the dog AND its owner Information

Customer Name

Street Address & Zip

Phone Number

SSN / Drivers License Number

Age

Income

Family Size and Ages

Stated Product Preferences

Family Interests

Number & Types of Pets

Frequency of Visits

Total Purchase Volume

Purchase History - Categories

Purchase History - Items

Purchase History Brands

Typical Customer Database

  • Cartoon by Peter Steiner. Reproduced from page 61, July 5, 1993 issue of The New Yorker, (Vol. 69 (LXIX) no. 20) only for academic discussion, evaluation, and research.

Slide Courtesy Ernst & Young LLP



European union regulations restrict these practices for all eu citizen data
European Union Regulations Restrict These Practices--For All EU Citizen Data

  • Overview of EU Regulations

    • Notice up front about the purpose of data gathering, active consent, right to correct, restrictions on re-use, and other protections

  • Enforcement provisions

  • Impact on US companies

  • Attempts at compromise (Safe Harbor provisions)


Highlights of the eu provisions

Notice: All EU Citizen Data each data collector must disclose what personal information is collected and how it is going to be used

Choice: user must explicitly agree to every specific reuse of information for different purposes or any sharing with 3rd parties

Access: user may request to see all collected information and be able to correct errors

Security/Integrity: collector must protect info from errors and unauthorized access

Extra protection is required for “sensitive” info

There must be a recourse for users who feel that these directives are not being followed; enforcement provisions in the law of each country

Highlights of the EU Provisions


One voluntary effort p3p
One Voluntary Effort: P3P All EU Citizen Data

  • Platform for Privacy Preferences

    • Project of the World Wide Web Consortium

    • Standard for translating individual web sites’ privacy policies into machine readable form and matching the specifics of the policy in real time with the individual privacy preferences of a customer who visits that particular web site

  • Goal is to alert users as soon as they arrive on a site that the privacy policy in effect may not match their personal preferences

  • Voluntary participation by web sites


Four different approaches to privacy
Four Different Approaches to Privacy All EU Citizen Data

  • Laws and regulations

    • Comprehensive: consistent across instances

    • Sectoral: different from case to case

  • Markets:

    • Consumers can choose not do business with firms that have poor privacy policies

    • Employees can leave companies that violate their privacy

  • Self-Regulation:

    • Industry and institutions police themselves

  • Technology:

    • Individuals and organizations implement technologies to enforce their preferred level of privacy protection (encrypt all e-mails, use anonymizer web sites, etc.)

What are the pros and cons of each approach?


Possible privacy gate keepers whom do we trust
Possible Privacy Gate Keepers: All EU Citizen DataWhom Do We Trust?

  • Government roles

    • Monitor mounds of data for administration, security and law enforcement

      • Record keeper, tax collector, largest data owner

    • Privacy protector, security gatekeeper, or big brother?

  • Corporate roles

    • For customers

      • Prospecting, tracking, and marketing opportunities

      • Individual and aggregated info as a commercial product

    • For employees

      • Maintaining HR, payroll, health & other records

      • Monitoring online behavior and employee e-mails

  • Third party roles

    • Developing privacy best practices guidelines

    • Providing “seals of approval” to compliant companies


International privacy issues
International Privacy Issues All EU Citizen Data

  • Global networks enable/require regular trans-border data flows

  • Different countries have different norms and laws governing privacy

  • US generally supports corporate self-regulation within broad privacy protection guidelines

  • Europe and some Asia/Pacific countries have enacted stricter privacy regulations

  • Common Internet/web practices raise immediate enforcement issues


Us privacy guidelines
US Privacy Guidelines All EU Citizen Data

  • Basic principles are similar to other countries:

    • notice, consent, access, data integrity

  • Key difference is enforcement--government vs. self-regulation by industry and voluntary compliance by individual companies

  • Economic interests and competitive advantage in E-Commerce are at stake and many companies are in violation of guidelines

  • Security concerns and corporate liability issues also seem sometimes at odds with privacy protection


Tracking voluntary privacy efforts in the us a mixed record
Tracking Voluntary Privacy Efforts in the US: A Mixed Record

  • Increased membership and support for third party “good practice” privacy programs

  • Compliance with EU regulations by largest companies

  • But FTC studies show practice is not in line with rhetoric of privacy protection online

  • Random sample of 335 Web sites from top 5000 Web sites (Nielsen Net Ratings)

  • 88% had at least one privacy disclosure and 62% posted a privacy policy

  • But only 20% of total have a policy that specifically addresses at least one element of fair information practices (FTC Study June 2000)


Total information awareness

Increased Emphasis on Security over Privacy Record

“Total Information Awareness”


Workplace and employee privacy
Workplace and Employee Privacy Record

  • Is your privacy protected at work?

  • Monitoring of e-mail and web browsing

  • Has your company published a policy spelling out appropriate use of e-mail and the Internet at work?

    • What does it say?

  • Best practices for employee privacy