• Save
Fair Information Practices For System Developers
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

Fair Information Practices For System Developers

  • 1,299 views
Uploaded on

This presentation provides an overview of the necessary considerations for network and system developers that would come about if an Omnibus Privacy Law was enacted in the United States. Based upon ...

This presentation provides an overview of the necessary considerations for network and system developers that would come about if an Omnibus Privacy Law was enacted in the United States. Based upon the Fair Information Practices, products would need to be designed to help meet compliance in order for companies to remain competitive.

This is the third of three presentations on this topic.

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,299
On Slideshare
1,247
From Embeds
52
Number of Embeds
2

Actions

Shares
Downloads
0
Comments
0
Likes
0

Embeds 52

http://www.ericgoldman.name 51
http://www.slideshare.net 1

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Fair Information Practices Creating products and systems to enable compliance
  • 2.
    • Thank you for checking out this presentation on SlideShare
    • This presentation provides an overview of the necessary considerations for network and system developers that would come about if an Omnibus Privacy Law was enacted in the United States. Based upon the Fair Information Practices, products would need to be designed to help meet compliance in order for companies to remain competitive.
    • This is the third of three presentations on this topic
    Presentation Overview More presentation at htt://www.ericgoldman.name - Copyright 2009 Eric Goldman
  • 3. Agenda
    • Introduction
    • Designing products and services for Fair Information Practices
    • Conclusions
    • Questions
    More presentation at htt://www.ericgoldman.name - Copyright 2009 Eric Goldman
  • 4.
    • The new omnibus privacy laws place new requirements on businesses operating within the United States
    • In order to remain competitive, you products must facilitate compliance with the Fair Information Practices
    • This presentation will help you better understand the Fair Information Practices and how they play into the development of your products and systems
    • Early adoption of the recommendations presented herein will increase your reputation among both companies and individuals that will be served by the companies which use your products in relation to collecting private data
    Introduction More presentation at htt://www.ericgoldman.name - Copyright 2009 Eric Goldman
  • 5. Collection Limitation
    • Collection limitation requires that collection be limited in scope and that users consent to the collection process
    • Your products must be designed to clearly indicate what data is being collected in each form/process
    • In all collection processes include one or more explicit acknowledgement controls (e.g. checkbox, type initials)
    More presentation at htt://www.ericgoldman.name - Copyright 2009 Eric Goldman
  • 6. Data Quality
    • Data quality requires that information be accurate and up to date and relevant to the data collection purpose
    • Your system should provide options to easily update information either by users or administrators
    • Systems should include processes and reports to monitor and discover possible outdated information, which should be programmable depending on the data’s purpose
    • Collection forms and databases must be easy to modify so information fields which are no longer relevant can easily be purged from the system
    More presentation at htt://www.ericgoldman.name - Copyright 2009 Eric Goldman
  • 7. Purpose Specification
    • The purpose of private data collection must be disclosed and the collected data should be limited to that purpose
    • Collection systems must provide ability for collectors to include usage statements for informed consent
    • Information should be stored in a way that would prohibit unintended access from external applications or information systems, as well as non-privileged users
    • The systems should provide mechanisms to facilitate updating users about changes in terms, usage, or data collection (e.g. automatically send an e-mail to all users whose information was collected in some process)
    More presentation at htt://www.ericgoldman.name - Copyright 2009 Eric Goldman
  • 8. Use Limitation
    • Use limitation requires that information should not be disclosed or used in unintended ways
    • Role-based access should only allow access to data by approved users through access controlled retrieval
    • Data mining and cross-referencing mechanisms should have granular access and usage controls to prevent usage of data in unintended or non-consented ways
    • Information disposal should prevent unintended recovery using system attacks or forensics techniques
    More presentation at htt://www.ericgoldman.name - Copyright 2009 Eric Goldman
  • 9. Security Safeguards
    • Personal information should be protected from loss, unintended access, modification, disclosure
    • Should store and transmit information in secured format (e.g. encryption, access-controlled file system, etc)
    • Information access should be controlled through role-based mechanisms, which also provide journaling/logging
    • Information systems holding personal data should also provide firewalls, IDS, and other security support systems to detect and report on any possible breaches that may later be disclosed to owners of personal information
    More presentation at htt://www.ericgoldman.name - Copyright 2009 Eric Goldman
  • 10. Openness
    • Privacy practices and procedures should be public information and easily accessible by individuals
    • You should provide information on how your systems and products meet the Fair Information Practices to enable companies to pass on information to their customers
    • You should publicly provide information about your own products & how they address personal privacy concerns
    • If you know your product is designed to collect personal information (address, life history, etc) this should be disclosed to the public and in your software in order to increase awareness by collectors and information owners
    More presentation at htt://www.ericgoldman.name - Copyright 2009 Eric Goldman
  • 11. Individual Participation
    • Individuals have the right to know what information is collected about them and to challenge and correct inaccurate information
    • Product should easily generate reports on a per user basis to provide a record of all private information stored
    • If applicable, users should be able to update their own information or your system should provide a way to flag or contact collector to identify inaccurate information
    More presentation at htt://www.ericgoldman.name - Copyright 2009 Eric Goldman
  • 12. Accountability
    • Individuals who collect private and personal information are responsible for its usage and protection
    • You should provide documentation explaining how you will enable your customers to meet compliance with the Fair Information Practices through your products
    More presentation at htt://www.ericgoldman.name - Copyright 2009 Eric Goldman
  • 13. Conclusions
    • Products must provide easy access and reporting of information for information owners; however, at the same time access must be tightly controlled and monitored when used by data collectors themselves
    • Information must be stored and transferred in protected ways in order to prevent unintended usage of disclosure
    • Policies and procedures must be clear and accessible by the owners of private information; you can increase your products popularity by designing your products around the Fair Information Practices
    More presentation at htt://www.ericgoldman.name - Copyright 2009 Eric Goldman
  • 14. Questions
    • Floor is open to questions
    More presentation at htt://www.ericgoldman.name - Copyright 2009 Eric Goldman
  • 15.
    • The reference list for this presentation is shared among multiple presentations, please see the full article for this presentation available at http://www.ericgoldman.name
    References For more presentations visit: http://www.ericgoldman.name - Copyright 2009 Eric Goldman