“Privacy Today” Slide Presentation

6,736 views
6,358 views

Published on

The “Privacy Today” presentation was written for the IAPP by Professor Peter Swire of the Moritz College of Law of the Ohio State University. The materials cover the definition of privacy, ways to protect privacy, privacy harms, and fair information practices. The “Privacy Today” presentation is designed for college and university students.

Licensed under Creative Commons Attribution 3.0 Unported

Published in: Business, Technology
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
6,736
On SlideShare
0
From Embeds
0
Number of Embeds
64
Actions
Shares
0
Downloads
254
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

“Privacy Today” Slide Presentation

  1. 1. “ Privacy Today”
  2. 2. Overview <ul><li>What is privacy </li></ul><ul><li>Ways to protect privacy </li></ul><ul><ul><li>Technology </li></ul></ul><ul><ul><li>Law </li></ul></ul><ul><ul><li>Markets </li></ul></ul><ul><ul><li>What you do yourself </li></ul></ul><ul><li>4 types of privacy harms </li></ul><ul><li>Fair information practices </li></ul><ul><li>Conclusion </li></ul>
  3. 3. I. What is Privacy? <ul><li>“ Privacy is the claim of individuals, groups or institutions to determine for themselves when, how, and to what extent information about them is communicated to others” </li></ul><ul><ul><li>Alan Westin: Privacy & Freedom,1967 </li></ul></ul><ul><li>Privacy is not an absolute </li></ul><ul><li>We disclose, and we keep private </li></ul>
  4. 4. Privacy as a Process <ul><li>“ Each individual is continually engaged in a personal adjustment process in which he balances the desire for privacy with the desire for disclosure and communication….” </li></ul><ul><li>- Alan Westin, 1967 </li></ul>
  5. 5. <ul><li>Solitude </li></ul><ul><ul><li>individual separated from the group and freed from the observation of other persons </li></ul></ul><ul><li>Intimacy </li></ul><ul><ul><li>individual is part of a small unit </li></ul></ul><ul><li>Anonymity </li></ul><ul><ul><li>individual in public but still seeks and finds freedom from identification and surveillance </li></ul></ul><ul><li>Reserve </li></ul><ul><ul><li>the creation of a psychological barrier against unwanted intrusion - holding back communication </li></ul></ul>Westin’s four states of privacy
  6. 6. II. Ways to Protect Privacy <ul><li>There are four basic ways to protect privacy: </li></ul><ul><ul><li>Technology </li></ul></ul><ul><ul><li>Law </li></ul></ul><ul><ul><li>Markets </li></ul></ul><ul><ul><li>Your choices as an individual </li></ul></ul>
  7. 7. Example: Reducing Spam <ul><li>Unwanted e-mail can be an intrusion on your privacy and can reduce the usefulness of e-mail </li></ul><ul><li>Technology: Spam filters </li></ul><ul><li>Law: the CAN-SPAM Act </li></ul><ul><ul><li>Illegal to send commercial email with false headers </li></ul></ul><ul><ul><li>You can unsubscribe from the sender </li></ul></ul><ul><li>Markets: you choose an email provider that does a good job of reducing spam </li></ul><ul><li>Your choices: you decide not to open that e-mail with the unpleasant header </li></ul>
  8. 8. III. 4 Types of Privacy Harms <ul><li>We’ll look more closely at 4 categories of privacy harms: </li></ul><ul><ul><li>Intrusions </li></ul></ul><ul><ul><li>Information collection </li></ul></ul><ul><ul><li>Information processing </li></ul></ul><ul><ul><li>Information dissemination </li></ul></ul>
  9. 9. Privacy Harms
  10. 10. Intrusions <ul><li>“ They” come into “your” space and contact you or tell you what to do </li></ul><ul><li>Examples: </li></ul><ul><ul><li>Unwanted email (spam) </li></ul></ul><ul><ul><li>Unwanted phone calls </li></ul></ul><ul><ul><ul><li>Technology: Caller ID to screen calls </li></ul></ul></ul><ul><ul><ul><li>Law: National Do Not Call list </li></ul></ul></ul><ul><ul><li>Parents entering a teen’s room without knocking </li></ul></ul><ul><ul><li>Government saying what you can or can’t do with your own body or property </li></ul></ul>
  11. 11. Information Collection <ul><li>“ They” watch what you are doing, more than they should </li></ul><ul><li>Surveillance & Interrogation </li></ul><ul><ul><li>Visual, such as peeping Toms </li></ul></ul><ul><ul><li>Communications, such as wiretapping your phone or email </li></ul></ul><ul><ul><li>Government, employers, or parents ask you “private” information </li></ul></ul><ul><li>Example of protections: with a warrant, the government can wiretap or search your house. Having to get a warrant is a protection, though, against too much information collection. </li></ul>
  12. 12. Information Processing <ul><li>“ They” have a lot of data, and do things with it </li></ul><ul><ul><li>Identification: they learn about your “anonymous” actions </li></ul></ul><ul><ul><li>Data mining: they learn patterns, to decide if you are a good customer or a suspected terrorist </li></ul></ul><ul><ul><li>Exclusion: they decide you are not a good potential employee or customer, or go on the no-fly list at the airport </li></ul></ul><ul><ul><li>Secondary use: they collect the data for one reason, but use it for others </li></ul></ul><ul><li>Note: Information processing can be helpful, when it “personalizes” and gives you better service. But it can invade your privacy when it goes too far or is used in ways that break the rules. </li></ul>
  13. 13. Information Dissemination <ul><li>“ They” disclose data, perhaps more than “you” think they should </li></ul><ul><ul><li>Breach of confidentiality: a doctor or lawyer discloses more than you wish </li></ul></ul><ul><ul><li>Transfer to third parties: a company or government shares data about you to persons you don’t expect </li></ul></ul><ul><ul><li>Public disclosure of private facts: an intimate photo of you, or disclosure of intimate facts </li></ul></ul><ul><ul><li>Disclosure of untrue facts: you are put in a false light </li></ul></ul><ul><ul><li>Appropriation: they use your name or picture without your permission </li></ul></ul>
  14. 14. Review: 4 Types of Privacy Harms
  15. 15. IV. Fair Information Practices <ul><li>We will examine five Fair Information Practices have been developed to protect against these sorts of privacy concerns </li></ul><ul><li>The Federal Trade Commission principles: </li></ul><ul><ul><li>Notice/awareness </li></ul></ul><ul><ul><li>Choice/consent </li></ul></ul><ul><ul><li>Access/participation </li></ul></ul><ul><ul><li>Integrity/security </li></ul></ul><ul><ul><li>Enforcement/redress </li></ul></ul>
  16. 16. Notice/Awareness <ul><li>Individuals need notice to make an informed choice about whether to provide information </li></ul><ul><ul><li>Who is collecting the data </li></ul></ul><ul><ul><li>Uses for which the data will be used </li></ul></ul><ul><ul><li>Who will receive the data </li></ul></ul><ul><ul><li>The nature of the data and the means by which it is collected if not obvious </li></ul></ul><ul><ul><li>The steps taken to preserve confidentiality, integrity, and quality of the data </li></ul></ul>
  17. 17. Choice/Consent <ul><li>Choice may apply to “secondary uses” – uses beyond the original reasons you provided your data </li></ul><ul><li>Sometimes choice is “opt in” – they won’t share your data unless you say you want them to </li></ul><ul><ul><li>HIPAA medical privacy rule – don’t share your data unless you give consent </li></ul></ul><ul><li>Sometimes choice is “opt out” – they can share your data or contact you, but you can tell them not to </li></ul><ul><ul><li>Do Not Call list – no telemarketing if you sign up at www.donotcall.gov </li></ul></ul><ul><ul><li>Many web sites will not share your data if you “opt out” (tell them not to share) </li></ul></ul>
  18. 18. Access/Participation <ul><li>Individuals in some instances can access the data held about them, and correct any inaccuracies </li></ul><ul><ul><li>Fair Credit Reporting Act: no-fee credit report at www.annualcreditreport.com (some other sites advertise “free” reports that aren’t free) </li></ul></ul><ul><ul><li>Privacy Act: right to see records held about you by the federal government </li></ul></ul>
  19. 19. Integrity/Security <ul><li>Data should be secure and accurate </li></ul><ul><ul><li>Without security, can have good privacy policies but hackers gain entry </li></ul></ul><ul><ul><li>Without accuracy, wrong decisions are made about individuals </li></ul></ul><ul><li>We should expect reasonable technical, physical, and administrative measures </li></ul>
  20. 20. Enforcement/Redress <ul><li>There is great variety in the ways that privacy principles are enforced </li></ul><ul><li>Increasingly, companies and government agencies have Privacy Professionals to comply with their privacy promises </li></ul><ul><li>Companies can be fined if they break the promises in their privacy policies (Section 5 of the FTC Act) </li></ul><ul><li>For some kinds of data (medical, financial, stored communications), there is additional enforcement by individuals or government agencies </li></ul>
  21. 21. V. Conclusion <ul><li>Some themes from today: </li></ul><ul><ul><li>The link between privacy and freedom – a zone where “they” do not intrude upon “you” </li></ul></ul><ul><ul><li>The challenges of protecting privacy in our emerging information society </li></ul></ul><ul><ul><li>The need for the right mix of technology, laws, and markets </li></ul></ul>
  22. 22. Finally: <ul><li>The emergence of privacy professionals </li></ul><ul><ul><li>A growing profession focused on managing privacy in the information economy </li></ul></ul><ul><li>We’re here </li></ul><ul><ul><li>To ensure protection of privacy while also </li></ul></ul><ul><ul><li>Helping create the many ways you want information to be used in our information society </li></ul></ul><ul><li>Thank you for your attention </li></ul>
  23. 23. <ul><li>Presentation written by: </li></ul><ul><li>Professor Peter P. Swire </li></ul><ul><li>Ohio State University </li></ul><ul><li>Center for American Progress </li></ul><ul><li>www.peterswire.net </li></ul><ul><li>On behalf of the </li></ul><ul><li>International Association of Privacy Professionals </li></ul><ul><li>www.privacyassociation.org </li></ul>
  24. 24. Creative Commons License <ul><li>This work is licensed under the Creative Commons Attribution 3.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by/3.0/ or send a letter to Creative Commons, 171 Second Street, Suite 300, San Francisco, California, 94105, USA. Any use of these materials requires attribution to the IAPP and Peter Swire. </li></ul>

×