A Lot of People Friends & Family Utilities Public Postings Insurance Professional Medical Church & Affiliations Retail Education Credit & Banking Government You
Who has access to your personal information?
A Lot of People
What is privacy?
n. The quality or condition of being secluded from the presence or view of others. The state of being free from unsanctioned intrusion: a person's right to privacy. The state of being concealed; secrecy.
Evolution of the Right of Privacy
1791 – Bill of Rights
3 rd Amendment No Soldier shall, in time of peace be quartered in any house, without the consent of the Owner, nor in time of war, but in a manner to be prescribed by law.
4 th Amendment The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated . . .
5 th Amendment No person shall be . . . deprived of life, liberty, or property, without due process of law . . .
9 th Amendment The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people."
1890 - The Right To Privacy
by Samuel Warren and Louis D. Brandeis - Harvard Law Review (1890)
1948 – Universal Declaration of Human Rights
No one shall be subjected to arbitrary interference with his privacy . . . Everyone has the right to the protection of the law against such interference.
1965 – Griswold v. Connecticut
Doctor charged for issuing birth control.
The court held that: specific guarantees in the Bill of Rights have penumbras, formed by emanations from those guarantees that help give them life and substance . . . [which includes] zones of privacy.
1972 – California Constitutional Amendment
"All people are by nature free and independent and have inalienable rights. Among these are enjoying and defending life and liberty, acquiring, possessing, and protecting property, and pursuing and obtaining safety, happiness, and privacy .”
Right of Privacy (con’t)
Privacy After Watergate
Early Privacy Legislation
Fair Credit Reporting Act
Accuracy, fairness, and the privacy of personal information assembled by Credit Reporting Agencies
Freedom of Information Act
Permits access to government records
Established rules for the collection, use and disclosure of personal information held by federal agencies and specifically prohibited data matching of those government files
Family Education Rights Privacy Act
Educational Record Privacy
Right to Financial Privacy Act
Consumers Must Get Notice & opportunity to object before government obtains financial records.
Electronic Communications Privacy Act
Addresses access, use, disclosure, interception and privacy protections of electronic communications.
Mail communications already protected
Computer Fraud & Abuse Act
Protect against intruders
Computer Matching and Privacy
Regulates government computer matching
Video Privacy Protection Act
Video rentals are private
The Internet Age
A Typical Website IP Address IP Address Registration Info Globe VCLK Registration Info
What Cookies Do
E.g., remember user name
Site Traffic Analysis
Load Management across servers
Identify Referral Source
Track Referrals for compensation
Cookies and Choice Allows User to Delete Cookies Allows User to Block Cookies
TYPES OF INFORMATION COLLECTED
Information You Provide Us
Site Usage Information
Information from Other Sources
HOW INFORMATION MAY BE COLLECTED
Newsletters and Site Emails
Contests or Sweepstakes
Surveys or Voting
IP Addresses and Click-stream Data
HOW WE USE THE COLLECTED
Personally identifiable information will not be sold or otherwise transferred on an individual basis to unaffiliated third parties without the approval of the user at the time of collection. . . . .
WITH WHOM THE INFORMATION MAY BE
Opt-in and Opt-out Programs
Partners Subsidiaries and Affiliates:
This Site incorporates reasonable safeguards to protect the security, integrity, completeness, accuracy and privacy of the personal information that we may collect . . .
No requirement to have privacy policies
When you register with Toysmart.com, you can rest assured that your information will never be shared with a third party
Self Regulatory Initiatives
Platform for Privacy Preferences Project (P3P)
Industry Best Practices
Network Advertising Initiative
EU Privacy Directive
EU Privacy Directive
Data subjects have
a right of access to that data
a right to know where the data originated (if such information is available)
a right to have inaccurate data rectified
a right of recourse in the event of unlawful processing
a right to withhold permission to use their data in certain circumstances
EU Data Transfer
May not transfer to non-EU countries that do not meet EU standards
Exceptions where affirmative consent or necessary to serve data subject
EU Safe Harbor
Notice Organizations must notify individuals about the purposes for which they collect and use information about them.
Choice Organizations must give individuals the opportunity to choose (opt out) whether their personal information will be disclosed to a third party
Transfers to Third Parties Subject to Notice and Choice.
Access Individuals must have access to personal information and be able to correct, amend, or delete that information where it is inaccurate,
Security : Organizations must take reasonable precautions to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction .
Data integrity Personal information must be relevant for the purposes for which it is to be used. An organization should take reasonable steps to ensure that data is reliable for its intended use, accurate, complete, and current.
How a bill becomes law
Websites directed at children OR if know under 13
Must post notice on Website
Must obtain parental consent before using PII
Gramm-Leach-Bliley ( GLB)
Financial institutions must
securely store personal financial information
advise you of their policies on sharing of personal financial information
give consumers the option to opt-out of some sharing of personal financial information.
Health Insurance Portability and
Accountability Act (HIPAA )
Same concept as GLB
Notice, consent, security
Shine the Light Law
Either disclose a list of the categories of PII disclosed to other companies for their marketing purposes (with the names and addresses of those companies); OR
Online Privacy Protection Act
If collect PII from California residents
Security Breach Notification
Social Security number, driver's license or state ID card number, or financial account numbers
This law requires a business or a State
145,000 records accessed
Discovered because of California law
In first eight months after ChoicePoint
Over 70 incidents
Involving over 50 Million Records
Hall of Shame
Government & Health Care
Software bundled with ad service software
Notice & consent?
Gathers information on user without knowledge
Credit Card Information
Alters default settings
Software designed specifically to damage or disrupt a system, such as a virus or a Trojan horse.
“ Faux Spyware”, i.e., benign applications falsely labeled as Spyware
Prohibits deceptive downloading and/or collection of information
Prohibits taking over third party computer or altering default settings
Do you regulate conduct or technology?
Is spyware already illegal?
House passed bill in 2004 and 2005
Action stalled in the Senate
Protect your personal information. It's valuable.
Know who you're dealing with.
Use anti-virus software and a firewall, and update both regularly.
Make sure your operating system and Web browser are set up properly and update them regularly.
Protect your passwords.
Back up important files.
Learn who to contact if something goes wrong online.