Fair Information Practices Creating products and systems to enable compliance
<ul><li>Thank you for checking out this presentation on  SlideShare </li></ul><ul><li>This presentation provides an overvi...
Agenda <ul><li>Introduction </li></ul><ul><li>Designing products and services for  Fair Information Practices </li></ul><u...
<ul><li>The new omnibus privacy laws place new requirements on businesses operating within the United States </li></ul><ul...
Collection Limitation <ul><li>Collection limitation requires that collection be limited in scope and that users consent to...
Data Quality <ul><li>Data quality requires that information be accurate and up to date and relevant to the data collection...
Purpose Specification <ul><li>The purpose of private data collection must be disclosed and the collected data should be li...
Use Limitation <ul><li>Use limitation requires that information should not be disclosed or used in unintended ways </li></...
Security Safeguards <ul><li>Personal information should be protected from loss, unintended access, modification, disclosur...
Openness <ul><li>Privacy practices and procedures should be public information and easily accessible by individuals </li><...
Individual Participation <ul><li>Individuals have the right to know what information is collected about them and to challe...
Accountability <ul><li>Individuals who collect private and personal information are responsible for its usage and protecti...
Conclusions <ul><li>Products must provide easy access and reporting of information for information owners; however, at the...
Questions <ul><li>Floor is open to questions </li></ul>More presentation at htt://www.ericgoldman.name - Copyright 2009 Er...
<ul><li>The reference list for this presentation is shared among multiple presentations, please see the full article for t...
Upcoming SlideShare
Loading in...5
×

Fair Information Practices For System Developers

696

Published on

This presentation provides an overview of the necessary considerations for network and system developers that would come about if an Omnibus Privacy Law was enacted in the United States. Based upon the Fair Information Practices, products would need to be designed to help meet compliance in order for companies to remain competitive.

This is the third of three presentations on this topic.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
696
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Transcript of "Fair Information Practices For System Developers"

    1. 1. Fair Information Practices Creating products and systems to enable compliance
    2. 2. <ul><li>Thank you for checking out this presentation on SlideShare </li></ul><ul><li>This presentation provides an overview of the necessary considerations for network and system developers that would come about if an Omnibus Privacy Law was enacted in the United States. Based upon the Fair Information Practices, products would need to be designed to help meet compliance in order for companies to remain competitive. </li></ul><ul><li>This is the third of three presentations on this topic </li></ul>Presentation Overview More presentation at htt://www.ericgoldman.name - Copyright 2009 Eric Goldman
    3. 3. Agenda <ul><li>Introduction </li></ul><ul><li>Designing products and services for Fair Information Practices </li></ul><ul><li>Conclusions </li></ul><ul><li>Questions </li></ul>More presentation at htt://www.ericgoldman.name - Copyright 2009 Eric Goldman
    4. 4. <ul><li>The new omnibus privacy laws place new requirements on businesses operating within the United States </li></ul><ul><li>In order to remain competitive, you products must facilitate compliance with the Fair Information Practices </li></ul><ul><li>This presentation will help you better understand the Fair Information Practices and how they play into the development of your products and systems </li></ul><ul><li>Early adoption of the recommendations presented herein will increase your reputation among both companies and individuals that will be served by the companies which use your products in relation to collecting private data </li></ul>Introduction More presentation at htt://www.ericgoldman.name - Copyright 2009 Eric Goldman
    5. 5. Collection Limitation <ul><li>Collection limitation requires that collection be limited in scope and that users consent to the collection process </li></ul><ul><li>Your products must be designed to clearly indicate what data is being collected in each form/process </li></ul><ul><li>In all collection processes include one or more explicit acknowledgement controls (e.g. checkbox, type initials) </li></ul>More presentation at htt://www.ericgoldman.name - Copyright 2009 Eric Goldman
    6. 6. Data Quality <ul><li>Data quality requires that information be accurate and up to date and relevant to the data collection purpose </li></ul><ul><li>Your system should provide options to easily update information either by users or administrators </li></ul><ul><li>Systems should include processes and reports to monitor and discover possible outdated information, which should be programmable depending on the data’s purpose </li></ul><ul><li>Collection forms and databases must be easy to modify so information fields which are no longer relevant can easily be purged from the system </li></ul>More presentation at htt://www.ericgoldman.name - Copyright 2009 Eric Goldman
    7. 7. Purpose Specification <ul><li>The purpose of private data collection must be disclosed and the collected data should be limited to that purpose </li></ul><ul><li>Collection systems must provide ability for collectors to include usage statements for informed consent </li></ul><ul><li>Information should be stored in a way that would prohibit unintended access from external applications or information systems, as well as non-privileged users </li></ul><ul><li>The systems should provide mechanisms to facilitate updating users about changes in terms, usage, or data collection (e.g. automatically send an e-mail to all users whose information was collected in some process) </li></ul>More presentation at htt://www.ericgoldman.name - Copyright 2009 Eric Goldman
    8. 8. Use Limitation <ul><li>Use limitation requires that information should not be disclosed or used in unintended ways </li></ul><ul><li>Role-based access should only allow access to data by approved users through access controlled retrieval </li></ul><ul><li>Data mining and cross-referencing mechanisms should have granular access and usage controls to prevent usage of data in unintended or non-consented ways </li></ul><ul><li>Information disposal should prevent unintended recovery using system attacks or forensics techniques </li></ul>More presentation at htt://www.ericgoldman.name - Copyright 2009 Eric Goldman
    9. 9. Security Safeguards <ul><li>Personal information should be protected from loss, unintended access, modification, disclosure </li></ul><ul><li>Should store and transmit information in secured format (e.g. encryption, access-controlled file system, etc) </li></ul><ul><li>Information access should be controlled through role-based mechanisms, which also provide journaling/logging </li></ul><ul><li>Information systems holding personal data should also provide firewalls, IDS, and other security support systems to detect and report on any possible breaches that may later be disclosed to owners of personal information </li></ul>More presentation at htt://www.ericgoldman.name - Copyright 2009 Eric Goldman
    10. 10. Openness <ul><li>Privacy practices and procedures should be public information and easily accessible by individuals </li></ul><ul><li>You should provide information on how your systems and products meet the Fair Information Practices to enable companies to pass on information to their customers </li></ul><ul><li>You should publicly provide information about your own products & how they address personal privacy concerns </li></ul><ul><li>If you know your product is designed to collect personal information (address, life history, etc) this should be disclosed to the public and in your software in order to increase awareness by collectors and information owners </li></ul>More presentation at htt://www.ericgoldman.name - Copyright 2009 Eric Goldman
    11. 11. Individual Participation <ul><li>Individuals have the right to know what information is collected about them and to challenge and correct inaccurate information </li></ul><ul><li>Product should easily generate reports on a per user basis to provide a record of all private information stored </li></ul><ul><li>If applicable, users should be able to update their own information or your system should provide a way to flag or contact collector to identify inaccurate information </li></ul>More presentation at htt://www.ericgoldman.name - Copyright 2009 Eric Goldman
    12. 12. Accountability <ul><li>Individuals who collect private and personal information are responsible for its usage and protection </li></ul><ul><li>You should provide documentation explaining how you will enable your customers to meet compliance with the Fair Information Practices through your products </li></ul>More presentation at htt://www.ericgoldman.name - Copyright 2009 Eric Goldman
    13. 13. Conclusions <ul><li>Products must provide easy access and reporting of information for information owners; however, at the same time access must be tightly controlled and monitored when used by data collectors themselves </li></ul><ul><li>Information must be stored and transferred in protected ways in order to prevent unintended usage of disclosure </li></ul><ul><li>Policies and procedures must be clear and accessible by the owners of private information; you can increase your products popularity by designing your products around the Fair Information Practices </li></ul>More presentation at htt://www.ericgoldman.name - Copyright 2009 Eric Goldman
    14. 14. Questions <ul><li>Floor is open to questions </li></ul>More presentation at htt://www.ericgoldman.name - Copyright 2009 Eric Goldman
    15. 15. <ul><li>The reference list for this presentation is shared among multiple presentations, please see the full article for this presentation available at http://www.ericgoldman.name </li></ul>References For more presentations visit: http://www.ericgoldman.name - Copyright 2009 Eric Goldman

    ×