piiLabsSeattleWorkshop_ChristinaGagnier

329 views

Published on

Presentation by Christina Gagnier of Gagnier Margossian at Privacy Identity Innovation's pii Labs workshop in Seattle, WA on May 14, 2012

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
329
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

piiLabsSeattleWorkshop_ChristinaGagnier

  1. 1. PRIMERPRIVACY LAW
  2. 2. Experience won’t just be about the tool youbuild, but it will include how you managesensitive data and how you respect users.
  3. 3. This talk is not about Facebook.This talk is about you.
  4. 4. uncharted legal territory What do we mean by “privacy?”
  5. 5. Distinguishing Fourth Amendment from privacyin the civil sense.
  6. 6. Electronic Communications Privacy Act
  7. 7. Personally Identifiable Information (Pii)
  8. 8. “Personally identifiable information” is information thatidentifies a particular person. “Pii” includes: • Full name; • National identification number; • IP address; • Vehicle registration plate number; • Driver’s license number; • Face; • Fingerprints; • Handwriting; • Credit card numbers; • Digital identity; • Date of birth; • Birthplace; and • Genetic information.
  9. 9. federal movement on privacy I just want to build cool stuff. Why should I care?
  10. 10. Problem #1: The laws around data reside inindustry silos.
  11. 11. Few pieces of key legislation: Do Not Track Act Commercial Privacy Bill of Rights Act of 2011 Personal Data Privacy and Security Act Secure and Fortify Electronics Data Act (SAFE) Data Security and Breach Notification Act
  12. 12. Problem #2: They aren’t getting it in DC.
  13. 13. Silicon Valley, Alley, Beach > DC
  14. 14. Problem #3: This isn’t going away.
  15. 15. FTC Action Opting Out = ScanScout Children’s Privacy = SkidKids
  16. 16. oh crap. What Developers Can Do
  17. 17. What people care about:
  18. 18. Data control
  19. 19. Data minimization
  20. 20. Data portability
  21. 21. Data withdrawal
  22. 22. Here are a few places to start:
  23. 23. Conducting an assessment on privacy anddata security.
  24. 24. type amountAudit: use intake
  25. 25. Architectural solutions to privacy. Build withprivacy in mind.
  26. 26. We can work to create a marketplace thatrewards “privacy by design” while promotinginnovation.
  27. 27. Policy solutions to privacy.
  28. 28. Privacy policies and practices in their currentincarnation are not working.
  29. 29. kidz. yes, different rules apply.
  30. 30. MinorsChildren’s Online Privacy Protection Act
  31. 31. Children’s Online Privacy Protection ActRegulates all types of identifying informationExemptions: electronic postcards, contests, onlinenewsletters, homework helpExample: Disney’s Club PenguinIf you know you have minors on your site, closethe accounts
  32. 32. Children’s Online Privacy Protection ActRequires websites to get parental consent beforecollecting or sharing info for children under 13Enforced by the Federal Trade CommissionApplies to commercial websites and other onlineservicesIf you know you have minors on your site, closethe accounts
  33. 33. Children’s Online Privacy Protection ActTo comply: Post a privacy policy/advise whenever personal information collected Parental notice, consent, access to information Can’t condition participation on providing more info Confidentiality & security of information collected from children
  34. 34. We just scratched the surface.
  35. 35. Lawyer Christina Gagnier @gagnier gagnier@gamallp.com gamallp.com
  36. 36. ?
  37. 37. PRIMERPRIVACY LAW

×