This presentation was provided by Merri Beth Lavagnino of Indiana University during the NISO Webinar, Digital Security: Protecting Library Resources From Piracy, held on November 16, 2016.

1. P UB LI C SA FE TY
and
I NSTIT UT IO NAL
A S S U R A N C E
Do You Know Your
Privacy Risks?
Merri Beth Lavagnino, Chief Risk Officer
Indiana University
mbl@iu.edu

2. P UB LI C SA FE TY
and
I NSTIT UT IO NAL
A S S U R A N C E Privacy definition
“Privacy is the claim of individuals, groups
or institutions to determine for
themselves when, how, and to what
extent information about them is
communicated to others.”
– Alan Westin: Privacy & Freedom,1967

3. P UB LI C SA FE TY
and
I NSTIT UT IO NAL
A S S U R A N C E But, it’s a moving target…
“Each individual is continually engaged in
a personal adjustment process in
which he balances the desire for
privacy with the desire for disclosure
and communication.”
– Alan Westin: Privacy & Freedom,1967

4. P UB LI C SA FE TY
and
I NSTIT UT IO NAL
A S S U R A N C E
Here’s how you do a privacy
assessment of a service, project,
initiative, app, etc.!
• Identify the potential Privacy Harms
• Determine what your institution’s
position will be
– Use the Privacy Principles to devise
ways to reduce the harms
– You must do the minimum required by
law, but, you also can choose to do more
than is required by law

5. P UB LI C SA FE TY
and
I NSTIT UT IO NAL
A S S U R A N C E
First, identify the Privacy Harms
• Brainstorm the possible harms so you
can try to ANTICIPATE (and then plan to reduce
or even avoid) these harms
• Many theorists in this area
– William Prosser in 1960
– Alan Westin in 1967
– Daniel J. Solove’s 2008 “Taxonomy of
Privacy”

6. P UB LI C SA FE TY
and
I NSTIT UT IO NAL
A S S U R A N C E
What the person might think: “They are collecting
information about what I am doing - more than they
should!” Examples include:
§ Surveillance — watching, listening to, or recording an
individual’s activities
§ Interrogation —inappropriately probing for information
§ Visual — viewing private activities without the individual’s
knowledge
§ Communications —tapping your phone, email, Internet traffic
§ Too Much Information (TMI)— asking for “private" information
unnecessarily
The Information Collection
Harm

7. P UB LI C SA FE TY
and
I NSTIT UT IO NAL
A S S U R A N C E
What the person might think: “They have a lot of data
about me, and they are storing, manipulating, and
using it!” Examples include:
§ Aggregation — combining pieces of information about an
individual that were collected from different sources
§ Identification —linking unidentified information elements to
particular individuals
§ Insecurity — failure to protect information from leaks and
unauthorized access
§ Secondary use — use of collected information for a purpose
different from the use for which it was collected, without the
individual’s consent
§ Exclusion —using data to exclude an individual, especially if
the data was incorrect or interpreted incorrectly
The Information Processing
Harm

8. P UB LI C SA FE TY
and
I NSTIT UT IO NAL
A S S U R A N C E
What the person might think: “They spread or transfer
information about me — more than I think they should!”
Examples include:
§ Breach of confidentiality — breaking an agreement to keep
information confidential
§ Disclosure — disclosing data to persons or entities the individual
doesn’t expect
§ Exposure — revealing intimate information, as in a public
exposure of private facts
§ Increased accessibility — amplifying the accessibility of info
§ Blackmail — a threat to disclose personal information
§ Appropriation — the use of an individual’s identity, such as using a
name or picture, without the individual’s permission
§ Distortion — disseminating false or misleading information about
individuals
The Information Dissemination
Harm

9. P UB LI C SA FE TY
and
I NSTIT UT IO NAL
A S S U R A N C E
What the person might think: “They come into my
space and contact me, or tell me what to do!” Examples
include:
§ Invasions into private affairs
§ Invasive acts that disturb an individual’s tranquility or solitude
§ Decisional interference — entering into an individual’s decisions
regarding her private affairs
§ Unwanted email — did you know that unwanted
communications into an individual’s personal space, including
her email inbox, is considered a privacy invasion?
§ Unwanted phone calls —entering into an individual’s personal
space by calling his personal phone number (especially if it is a
mobile phone)
§ Entering a room without knocking
The Invasion Harm

10. P UB LI C SA FE TY
and
I NSTIT UT IO NAL
A S S U R A N C E
Once you’ve identified the possible
HARMS...
• Then use the Privacy PRINCIPLES to
design controls/safeguards that
appropriately address those harms

11. P UB LI C SA FE TY
and
I NSTIT UT IO NAL
A S S U R A N C E
Sources of privacy principles
• American Institute of Certified Public Accountants, Inc.
(AICPA) and Canadian Institute of Chartered
Accountants (CICA). Generally Accepted Privacy
Principles. August, 2009.
• U.S. Federal Trade Commission (FTC). Fair Information
Practice Principles. 1998.
• Organisationfor Economic Co-operation and
Development (OECD). OECD Guidelines on the
Protection of Privacy and TransborderFlows of
Personal Data. 1980, revised 2013.
• U.S. Department of Homeland Security (DHS). DHS
Fair Information Practice Principles. 2008.
• U.S. White House. Consumer Data Privacy in a
Networked World (a.k.a. Consumer Privacy Bill of
Rights). 2012.

12. P UB LI C SA FE TY
and
I NSTIT UT IO NAL
A S S U R A N C E
Different terminology…but same
general concepts
DHS
• Transparency
• Individual Participation
• Purpose Specification
• Data Minimization
• Use Limitation
• Data Quality and
Integrity
• Security
• Accountability and
Auditing
GAPP
• Management
• Notice
• Choice and Consent
• Collection
• Use and Retention
• Access
• Disclosure to Third
Parties
• Security for Privacy
• Quality
• Monitoring and
Enforcement
Indiana University Privacy Principles: https://protect.iu.edu/online-safety/program/principles.html

13. P UB LI C SA FE TY
and
I NSTIT UT IO NAL
A S S U R A N C E
§ Usually, the easiest way to address privacy harms is
by identifying a way to inform, or provide “notice”
to users of institutional practices around the data
collected from them.
§ Posting a privacy policy on your website, or
explaining on a form or login screen the plans for
the data that users will enter, is a way to provide
notice.
The Notice Principle

14. P UB LI C SA FE TY
and
I NSTIT UT IO NAL
A S S U R A N C E
• Address privacy harms by identifying a way to obtain
implicit or explicit consent from individuals with
respect to the collection, use, disclosure, and
retention of their information.
• Choice may apply to "secondary uses"—that is, uses
beyond the original reasons for which the data was
provided.
• Choice may be "opt in" (data will not be shared
without consent), or "opt out" (user must request to
stop the sharing or contacting).
• Consider providing checkboxes to indicate consent to
various uses.
The Choice & Consent
Principle

15. P UB LI C SA FE TY
and
I NSTIT UT IO NAL
A S S U R A N C E
• Privacy harms can be addressed by reviewing what
data is being collected and ensure that you are
collecting only the information needed to achieve
the purposes identified, in support of the
organization’s mission, and as outlined in the notice.
• Especially critical are very sensitive or risky pieces of
data such as Social Security numbers, credit card
numbers, bank account numbers, and health
information.
– Do you still have a significant business purpose for it?
– If not, STOP COLLECTING it!
– If so, make sure you PROTECT it!
The Collection Limitation
Principle

16. P UB LI C SA FE TY
and
I NSTIT UT IO NAL
A S S U R A N C E
• Address privacy harms by reviewing what
information you are disclosing to whom. What third
parties do you share the information with?
• Ensure that you are disclosing information to others
only as outlined in the notice and only as consented
to—either implicitly or explicitly.
• Review contracts with third parties regularly, to
ensure up-to-date and appropriate data
protection language!
The Disclosure Limitation
Principle

17. P UB LI C SA FE TY
and
I NSTIT UT IO NAL
A S S U R A N C E
Conclusion and
Questions

18. P UB LI C SA FE TY
and
I NSTIT UT IO NAL
A S S U R A N C E
Copyright Merri Beth Lavagnino, 2016. This
work is the intellectual property of the author.
Permission is granted for this material to be
shared for non-commercial, educational
purposes, provided that this copyright
statement appears on the reproduced
materials and notice is given that the copying
is by permission of the author. To disseminate
otherwise or to republish requires written
permission from the author.