SlideShare a Scribd company logo

Privacy and Civil Liberties

Download as PPTX, PDF
Upekha Vandebona
Upekha Vandebona

Discussing about privacy related issues in the areas of Financial Data, Health Information and Children’s Personal Data with identifying regulations in USA and EU. Also it focus on Fair Information Practices.

Education
1 of 45
Chapter 9 - Privacy and Civil Liberties IT 5105 – Professional Issues in IT Upekha Vandebona upe.vand@gmail.com Regulations Abroad [USA and EU] Ref : George W. Reynolds, “Ethics in Information Technology” , 5th Edition.
Privacy Violations for Making Decisions  Hire a job candidate (Specifically in IT industry)  Consumers’ purchasing habits and financial condition for target marketing efforts to consumers who are most likely to buy their products and services.
Privacy Violations for Making Decisions - Defending Arguments  Organizations also need basic information about customers to serve them better.  It is hard to imagine an organization having productive relationships with its customers without having data about them.
Right to Privacy/ Information Privacy  Information privacy is the combination of communications privacy (the ability to communicate with others without those communications being monitored by other persons or organizations) data privacy (the ability to limit access to one’s personal data by other individuals and organizations in order to exercise a substantial degree of control over that data and its use).
Areas  Financial Data,  Health Information,  Children’s Personal Data,  Fair Information Practices,  Electronic Surveillance, and Access to Government Records. ***
Financial Data  Individuals must reveal much of their personal financial data in order to take advantage of the wide range of financial products and services available.  To access many of these financial products and services, individuals must use a personal logon name, password, account number, or PIN.  The inadvertent loss or disclosure of this personal financial data carries a high risk of loss of privacy and potential financial loss.
Gramm-Leach-Bliley Act (1999) - USA  GLBA or Financial Services Modernization Act.  Three key rules that affect personal privacy  Implications after the law was passed.
1) Financial Privacy Rule  This rule established mandatory guidelines for the collection and disclosure of personal financial information by financial organizations.  Under this provision, financial institutions must provide a privacy notice to each consumer that explains what data about the consumer is gathered, with whom that data is shared, how the data is used, and how the data is protected.
1) Financial Privacy Rule  The notice must also explain the consumer’s right to opt out  to refuse to give the institution the right to collect and share personal data with unaffiliated parties.  Anytime a company’s privacy policy is changed, customers must be contacted again and given the right to opt out.  The privacy notice must be provided to the consumer at the time the consumer relationship is formed and once each year thereafter.
1) Financial Privacy Rule  Customers who take no action automatically opt in and give financial institutions the right to share personal data, such as annual earnings, net worth, employers, personal investment information, loan amounts, and Social Security numbers, to other financial institutions.
2) Safeguards Rule  This rule requires each financial institution to document a data security plan describing the company’s preparation and plans for the ongoing protection of clients’ personal data.
3) Pretexting Rule  This rule addresses attempts by people to access personal information without proper authority by such means as impersonating an account holder or phishing.  GLBA encourages financial institutions to implement safeguards against pretexting.
Health Information  The use of electronic medical records and the subsequent interlinking and transferring of this electronic information among different organizations has become widespread.  Individuals fear intrusions into their health data by employers, schools, insurance firms, law enforcement agencies, and even marketing firms looking to promote their products and services.
HIPPA - Health Insurance Portability Act - USA -1996  To improve the portability and continuity of health insurance coverage; to reduce fraud, waste, and abuse in health insurance and healthcare delivery; and to simplify the administration of health insurance.
HIPPA - Health Insurance Portability Act  Requires healthcare organizations to employ standardized electronic transactions, codes, and identifiers to enable them to fully digitize medical records, thus making it possible to exchange medical data over the Internet.
Privacy Under the HIPAA Provisions  Healthcare providers must obtain written consent from patients prior to disclosing any information in their medical records.  Thus, patients need to sign a HIPAA disclosure form each time they are treated at a hospital, and such a form must be kept on file with their primary care physician.  In addition, healthcare providers are required to keep track of everyone who receives information from a patient’s medical file.
Privacy Under the HIPAA Provisions  Healthcare companies must appoint a privacy officer to develop privacy policies and procedures as well as train employees on how to handle sensitive patient data.  These actions must address the potential for unauthorized access to data by outside hackers as well as the more likely threat of internal misuse of data.
Privacy Under the HIPAA Provisions  HIPAA assigns responsibility to healthcare organizations, as the originators of individual medical data, for certifying that their business partners also comply with HIPAA security and privacy rules.
Children’s Personal Data  Facts How much hours teens spend on surfing the web per week? Does parents have the idea what they are looking at online? High percentage of teens have received an online request for personal information. High percentage of children have been approached online by a stranger.
Children’s Personal Data  Many people feel that there is a need to protect children from being exposed to inappropriate material and online predators; becoming the target of harassment; divulging personal data; and becoming involved in gambling or other inappropriate behavior.  To date, only a few laws have been implemented to protect children online.  How does this conflict with freedom of expression?
FERPA - Family Educational Rights and Privacy Act (1974) - USA  Assigns certain rights to parents regarding their children’s educational records.  These rights transfer to the student once the student reaches the age of 18 or if he or she attends a school beyond the high school level.  Under FERPA, the presumption is that a student’s records are private and not available to the public without the consent of the student.
FERPA - Family Educational Rights and Privacy Act (1974) - USA  These rights include the right to access educational records maintained by a school; the right to demand that educational records be disclosed only with student consent; the right to amend educational records; and the right to file complaints against a school for disclosing educational records in violation of FERPA
COPPA - Children’s Online Privacy Protection Act (1998) - USA  As an attempt to give parents control over the collection, use, and disclosure of their children’s personal information; it does not cover the dissemination of information to children.  Any Web site that caters to children must offer comprehensive privacy policies, notify parents or guardians about its data collection practices, and receive parental consent before collecting any personal information from children under 13 years of age.
COPPA - Children’s Online Privacy Protection Act (1998) - USA  The law has had a major impact and has required many companies to spend hundreds of thousands of dollars to make their sites compliant; other companies eliminated preteens as a target audience.
Fair Information Practices  Fair information practices is a term for a set of guidelines that govern the collection and use of personal data.  Various organizations as well as countries have developed their own set of such guidelines and call them by different names.
Fair Information Practices  The overall goal of such guidelines is to stop the unlawful storage of personal data, eliminate the storage of inaccurate personal data, and prevent the abuse or unauthorized disclosure of such data.
Fair Information Practices  For some organizations and countries, a key issue is the flow of personal data across national boundaries (transborder data flow).  Fair information practices are important because they form the underlying basis for many national laws addressing data privacy and data protection issues.
European Union Data Protection Directive (1995)  Requires any company doing business within the borders of the countries comprising the European Union to implement a set of privacy directives on the fair and appropriate use of information.  Basically, this directive requires member countries to ensure that data transferred to non-European Union (EU) countries is protected.
European Union Data Protection Directive (1995)  It also bars the export of data to countries that do not have data privacy protection standards comparable to those of the EU.  For example, in 2012, the European Commission approved New Zealand as a country that provides “adequate protection” of personal data under the directive so that personal information from Europe may flow freely to New Zealand.
EU Data Protection Directive Rules  Notice—An individual has the right to know if his or her personal data is being collected, and any data must be collected for clearly stated, legitimate purposes.  Choice—An individual has the right to elect not to have his or her personal data collected.  Use—An individual has the right to know how personal data will be used and the right to restrict its use.  Security—Organizations must “implement appropriate technical and organizations measures” to protect personal data, and the individual has the right to know what these measures are.  Correction—An individual has the right to challenge the accuracy of the data and to provide corrected data.  Enforcement—An individual has the right to seek legal relief through appropriate channels to protect privacy rights.
What is the Sri Lankan Context?
MCQ  The purpose of the Bill of Rights was to; a) grant additional powers to the government b) identify exceptions to specific portions of the Constitution c) identify additional rights of individuals d) identify requirements for being a “good” citizen
MCQ  In USA under the provisions of ___________, healthcare providers must obtain written consent from patients prior to disclosing any information in their medical records. a) HIPAA b) COPPA c) Computer Crimes Act No. 24 of 2007 d) FERPA e) ADA Section 508
MCQ  According to the Children’s Online Privacy Protection Act, a Web site that caters to children must: a) offer comprehensive privacy policies b) notify parents or guardians about its data collection practices c) receive parental consent before collecting any personal information from preteens d) all of the above
MCQ  In USA, ________ is a federal law that assigns certain rights to parents regarding their children’s educational records. a) HIPAA b) COPPA c) Computer Crimes Act No. 24 of 2007 d) FERPA e) ADA Section 508
MCQ  Which of the following identifies the numbers dialed for outgoing calls? a) pen register b) wiretap c) trap and trace d) all of the above
True / False ?  Sri Lanka has a single, overarching national data privacy policy. True or False?  The European philosophy of addressing privacy concerns employs strict government regulation, including enforcement by a set of commissioners; it differs greatly from the U.S. philosophy of having no federal privacy policy. True or False?
Fill Blanks  A(n)____________ is a text file that a Web site can download to a visitor’s hard drive to identify visitors on subsequent visits.
Short Answers  What is a pen register?
Justify  Are surveillance cameras worth the cost in terms of resources and loss of privacy, given the role that they play in deterring or solving crimes?  Do you feel that information systems to fight terrorism should be developed and used even if they infringe the privacy rights of ordinary citizens? Mail me the justification if anyone interested to answer
Justify  Why do employers monitor workers? Do you think they have the right to do so? Mail me the justification if anyone interested to answer
What Would You Do? - Scenario 1  You are a recent college graduate with only a year of experience with your employer. You were recently promoted to Head of Administration of email services.  You are quite surprised to receive a phone call at home on a Saturday from the Chief Financial Officer of the firm asking that you immediately delete all email from all email servers, including the archive and back-up servers, that is older than six months.
What Would You Do? - Scenario 1  He states that the reason for his request is that there have been an increasing number of complaints about the slowness of email services. In addition, he says he is concerned about the cost of storing so much email.  This does not sound right to you because you recently have taken several measures that have speeded up email services.  An alarm goes off when you recall muted conversations in the lunchroom last week about an officer of the company passing along inside trade information to an outsider.  What do you say to the Chief Financial Officer? Why?
What Would You Do? - Scenario 2  You are a new brand manager for a product line of gardening equipments. You are considering collecting information from various organizations about the people who are going to retiring from their service. The information which includes list of names and their mailing addresses, places of living, lands owned, email addresses, annual income received, and highest level of education achieved.  You could use the data to identify likely purchasers of your gardening equipments, and you could then send those people emails announcing the new product line and touting its many features.  List the advantages and disadvantages of such a marketing strategy. Would you recommend this means of promotion in this instance? Why or why not?
What Would You Do? - Scenario 3  Your company is rolling out a training program to ensure that everyone is familiar with the company’s Internet usage policy.  As a member of the Human Resources Department, you have been asked to develop a key piece of the training relating to why this policy is needed.  What kind of concerns can you expect your audience to raise? How can you deal with this anticipated resistance to the policy?

Recommended

Business Application (MIS)
Business Application (MIS)Business Application (MIS)
Business Application (MIS)Nirajan Silwal
 
Mobile devices ppt
Mobile devices pptMobile devices ppt
Mobile devices pptim_mi
 
Operating Systems in Mobile Phones
Operating Systems in Mobile PhonesOperating Systems in Mobile Phones
Operating Systems in Mobile PhonesSasukeJUchiha
 
Management information system question and answers
Management information system question and answersManagement information system question and answers
Management information system question and answerspradeep acharya
 
Information system implementation, change management and control
Information system implementation, change management and controlInformation system implementation, change management and control
Information system implementation, change management and controlShruti Pendharkar
 
Introduction to Information Management Chapter 1
Introduction to Information Management Chapter 1Introduction to Information Management Chapter 1
Introduction to Information Management Chapter 1KaleemSarwar2
 
Information systems and it's types
Information systems and it's typesInformation systems and it's types
Information systems and it's typesJaipal Dhobale
 
Ethics in ict
Ethics in ictEthics in ict
Ethics in ictHuda Mutalib
 

Recommended

Business Application (MIS)
Business Application (MIS)Business Application (MIS)
Business Application (MIS)Nirajan Silwal
 
Mobile devices ppt
Mobile devices pptMobile devices ppt
Mobile devices pptim_mi
 
Operating Systems in Mobile Phones
Operating Systems in Mobile PhonesOperating Systems in Mobile Phones
Operating Systems in Mobile PhonesSasukeJUchiha
 
Management information system question and answers
Management information system question and answersManagement information system question and answers
Management information system question and answerspradeep acharya
 
Information system implementation, change management and control
Information system implementation, change management and controlInformation system implementation, change management and control
Information system implementation, change management and controlShruti Pendharkar
 
Introduction to Information Management Chapter 1
Introduction to Information Management Chapter 1Introduction to Information Management Chapter 1
Introduction to Information Management Chapter 1KaleemSarwar2
 
Information systems and it's types
Information systems and it's typesInformation systems and it's types
Information systems and it's typesJaipal Dhobale
 
Ethics in ict
Ethics in ictEthics in ict
Ethics in ictHuda Mutalib
 
Gr 1: History of Information Systems and its Importance
Gr 1: History of Information Systems and its ImportanceGr 1: History of Information Systems and its Importance
Gr 1: History of Information Systems and its Importanceuniversity of education,Lahore
 
Ethics in computing
Ethics in computingEthics in computing
Ethics in computingLakshan Bamunusinghe
 
Structure of iso 27001
Structure of iso 27001Structure of iso 27001
Structure of iso 27001CUNIX INDIA
 
An Overview of Ethics for IT Professionals
An Overview of Ethics for IT ProfessionalsAn Overview of Ethics for IT Professionals
An Overview of Ethics for IT ProfessionalsMark Jhon Oxillo
 
A History of Microsoft Windows
A History of Microsoft WindowsA History of Microsoft Windows
A History of Microsoft WindowsDamian T. Gordon
 
Chapter16 designing distributed and internet systems
Chapter16 designing distributed and internet systemsChapter16 designing distributed and internet systems
Chapter16 designing distributed and internet systemsDhani Ahmad
 
Presentation of ict impacts
Presentation of ict impactsPresentation of ict impacts
Presentation of ict impactsBeing Aabis
 
Internet History And Growth
Internet History And GrowthInternet History And Growth
Internet History And Growthnishantsri
 
World Wide Web and Internet
World Wide Web and InternetWorld Wide Web and Internet
World Wide Web and InternetJanecatalla
 
Information Systems Development and Acquisition
Information Systems Development and AcquisitionInformation Systems Development and Acquisition
Information Systems Development and AcquisitionYonathan Hadiputra
 
Objectives of the it act.docx
Objectives of the it act.docxObjectives of the it act.docx
Objectives of the it act.docxDr. Arun Verma
 
Ethical issues of IS
Ethical issues of ISEthical issues of IS
Ethical issues of ISuniversity of education,Lahore
 
02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Securitysappingtonkr
 
Network operating systems
Network operating systemsNetwork operating systems
Network operating systemsrahmanitayulia
 
Information Security Policies and Standards
Information Security Policies and StandardsInformation Security Policies and Standards
Information Security Policies and StandardsDirectorate of Information Security | Ditjen Aptika
 
Internet intranet extranet aaa
Internet intranet extranet aaaInternet intranet extranet aaa
Internet intranet extranet aaaDhani Ahmad
 
Computer Ethics
Computer EthicsComputer Ethics
Computer EthicsKodok Ngorex
 
Chapter 4 MIS
Chapter 4 MISChapter 4 MIS
Chapter 4 MISAmirul Shafiq Ahmad Zuperi
 
Chapter 5 MIS
Chapter 5 MISChapter 5 MIS
Chapter 5 MISAmirul Shafiq Ahmad Zuperi
 
NQA ISO 27001 A Guide to Annex A
NQA ISO 27001 A Guide to Annex ANQA ISO 27001 A Guide to Annex A
NQA ISO 27001 A Guide to Annex ANA Putra
 
CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White PaperDmcenter
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
 

More Related Content

What's hot

Gr 1: History of Information Systems and its Importance
Gr 1: History of Information Systems and its ImportanceGr 1: History of Information Systems and its Importance
Gr 1: History of Information Systems and its Importanceuniversity of education,Lahore
 
Structure of iso 27001
Structure of iso 27001Structure of iso 27001
Structure of iso 27001CUNIX INDIA
 
An Overview of Ethics for IT Professionals
An Overview of Ethics for IT ProfessionalsAn Overview of Ethics for IT Professionals
An Overview of Ethics for IT ProfessionalsMark Jhon Oxillo
 
A History of Microsoft Windows
A History of Microsoft WindowsA History of Microsoft Windows
A History of Microsoft WindowsDamian T. Gordon
 
Chapter16 designing distributed and internet systems
Chapter16 designing distributed and internet systemsChapter16 designing distributed and internet systems
Chapter16 designing distributed and internet systemsDhani Ahmad
 
Presentation of ict impacts
Presentation of ict impactsPresentation of ict impacts
Presentation of ict impactsBeing Aabis
 
Internet History And Growth
Internet History And GrowthInternet History And Growth
Internet History And Growthnishantsri
 
World Wide Web and Internet
World Wide Web and InternetWorld Wide Web and Internet
World Wide Web and InternetJanecatalla
 
Information Systems Development and Acquisition
Information Systems Development and AcquisitionInformation Systems Development and Acquisition
Information Systems Development and AcquisitionYonathan Hadiputra
 
Objectives of the it act.docx
Objectives of the it act.docxObjectives of the it act.docx
Objectives of the it act.docxDr. Arun Verma
 
02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Securitysappingtonkr
 
Network operating systems
Network operating systemsNetwork operating systems
Network operating systemsrahmanitayulia
 
Internet intranet extranet aaa
Internet intranet extranet aaaInternet intranet extranet aaa
Internet intranet extranet aaaDhani Ahmad
 
NQA ISO 27001 A Guide to Annex A
NQA ISO 27001 A Guide to Annex ANQA ISO 27001 A Guide to Annex A
NQA ISO 27001 A Guide to Annex ANA Putra
 

What's hot (20)

Gr 1: History of Information Systems and its Importance
Gr 1: History of Information Systems and its ImportanceGr 1: History of Information Systems and its Importance
Gr 1: History of Information Systems and its Importance
 
Ethics in computing
Ethics in computingEthics in computing
Ethics in computing
 
Structure of iso 27001
Structure of iso 27001Structure of iso 27001
Structure of iso 27001
 
An Overview of Ethics for IT Professionals
An Overview of Ethics for IT ProfessionalsAn Overview of Ethics for IT Professionals
An Overview of Ethics for IT Professionals
 
A History of Microsoft Windows
A History of Microsoft WindowsA History of Microsoft Windows
A History of Microsoft Windows
 
Chapter16 designing distributed and internet systems
Chapter16 designing distributed and internet systemsChapter16 designing distributed and internet systems
Chapter16 designing distributed and internet systems
 
Presentation of ict impacts
Presentation of ict impactsPresentation of ict impacts
Presentation of ict impacts
 
Internet History And Growth
Internet History And GrowthInternet History And Growth
Internet History And Growth
 
World Wide Web and Internet
World Wide Web and InternetWorld Wide Web and Internet
World Wide Web and Internet
 
Information Systems Development and Acquisition
Information Systems Development and AcquisitionInformation Systems Development and Acquisition
Information Systems Development and Acquisition
 
Objectives of the it act.docx
Objectives of the it act.docxObjectives of the it act.docx
Objectives of the it act.docx
 
Ethical issues of IS
Ethical issues of ISEthical issues of IS
Ethical issues of IS
 
02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security
 
Network operating systems
Network operating systemsNetwork operating systems
Network operating systems
 
Information Security Policies and Standards
Information Security Policies and StandardsInformation Security Policies and Standards
Information Security Policies and Standards
 
Internet intranet extranet aaa
Internet intranet extranet aaaInternet intranet extranet aaa
Internet intranet extranet aaa
 
Computer Ethics
Computer EthicsComputer Ethics
Computer Ethics
 
Chapter 4 MIS
Chapter 4 MISChapter 4 MIS
Chapter 4 MIS
 
Chapter 5 MIS
Chapter 5 MISChapter 5 MIS
Chapter 5 MIS
 
NQA ISO 27001 A Guide to Annex A
NQA ISO 27001 A Guide to Annex ANQA ISO 27001 A Guide to Annex A
NQA ISO 27001 A Guide to Annex A
 

Similar to Privacy and Civil Liberties

CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White PaperDmcenter
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
 
Data Privacy and consent management .. .
Data Privacy and consent management .. .Data Privacy and consent management .. .
Data Privacy and consent management .. .ClinosolIndia
 
Challenges to Achieve Privacy for Online Consumers in Mexico
Challenges to Achieve Privacy for Online Consumers in MexicoChallenges to Achieve Privacy for Online Consumers in Mexico
Challenges to Achieve Privacy for Online Consumers in MexicoJoel A. Gómez Treviño
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Financial Poise
 
Introduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsIntroduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsFinancial Poise
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
Uchi data local presentation 2020
Uchi data local presentation 2020Uchi data local presentation 2020
Uchi data local presentation 2020Christo W. Meyer
 
Data Security and Regulatory Compliance
Data Security and Regulatory ComplianceData Security and Regulatory Compliance
Data Security and Regulatory ComplianceLifeline Data Centers
 
Privacy and Data Protection CLE Presentation for Touro Law Center
Privacy and Data Protection CLE Presentation for Touro Law CenterPrivacy and Data Protection CLE Presentation for Touro Law Center
Privacy and Data Protection CLE Presentation for Touro Law CenterJonathan Ezor
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Financial Poise
 
social, legal and ethical issues of e-commerce..
social, legal and ethical issues of e-commerce..social, legal and ethical issues of e-commerce..
social, legal and ethical issues of e-commerce..home based
 
HIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to knowHIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to knowShred-it
 
FCE Briefing GDPR and Equal Opportunities Monitoring MAY18
FCE Briefing GDPR and Equal Opportunities Monitoring MAY18FCE Briefing GDPR and Equal Opportunities Monitoring MAY18
FCE Briefing GDPR and Equal Opportunities Monitoring MAY18Fife Centre for Equalities
 

Similar to Privacy and Civil Liberties (20)

CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White Paper
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hr
 
Data Privacy and consent management .. .
Data Privacy and consent management .. .Data Privacy and consent management .. .
Data Privacy and consent management .. .
 
POPI Seminar FINAL
POPI Seminar FINALPOPI Seminar FINAL
POPI Seminar FINAL
 
Challenges to Achieve Privacy for Online Consumers in Mexico
Challenges to Achieve Privacy for Online Consumers in MexicoChallenges to Achieve Privacy for Online Consumers in Mexico
Challenges to Achieve Privacy for Online Consumers in Mexico
 
Dpl november colombia
Dpl november colombiaDpl november colombia
Dpl november colombia
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for Dummies
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
 
Introduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsIntroduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and Requirements
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data Security
 
Uchi data local presentation 2020
Uchi data local presentation 2020Uchi data local presentation 2020
Uchi data local presentation 2020
 
ClientAdvisoryNote - Obama's Privacy Action Plan
ClientAdvisoryNote - Obama's Privacy Action PlanClientAdvisoryNote - Obama's Privacy Action Plan
ClientAdvisoryNote - Obama's Privacy Action Plan
 
Privacy - USC 2005
Privacy - USC 2005Privacy - USC 2005
Privacy - USC 2005
 
Data Security and Regulatory Compliance
Data Security and Regulatory ComplianceData Security and Regulatory Compliance
Data Security and Regulatory Compliance
 
Privacy and Data Protection CLE Presentation for Touro Law Center
Privacy and Data Protection CLE Presentation for Touro Law CenterPrivacy and Data Protection CLE Presentation for Touro Law Center
Privacy and Data Protection CLE Presentation for Touro Law Center
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
 
social, legal and ethical issues of e-commerce..
social, legal and ethical issues of e-commerce..social, legal and ethical issues of e-commerce..
social, legal and ethical issues of e-commerce..
 
Privacy Needs to be Personal
Privacy Needs to be PersonalPrivacy Needs to be Personal
Privacy Needs to be Personal
 
HIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to knowHIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to know
 
FCE Briefing GDPR and Equal Opportunities Monitoring MAY18
FCE Briefing GDPR and Equal Opportunities Monitoring MAY18FCE Briefing GDPR and Equal Opportunities Monitoring MAY18
FCE Briefing GDPR and Equal Opportunities Monitoring MAY18
 

More from Upekha Vandebona

Software Engineering Ethics
Software Engineering EthicsSoftware Engineering Ethics
Software Engineering EthicsUpekha Vandebona
 
Need for Software Engineering
Need for Software EngineeringNeed for Software Engineering
Need for Software EngineeringUpekha Vandebona
 
Characteristics of Software
Characteristics of SoftwareCharacteristics of Software
Characteristics of SoftwareUpekha Vandebona
 
Introduction to Software Engineering
Introduction to Software EngineeringIntroduction to Software Engineering
Introduction to Software EngineeringUpekha Vandebona
 
Porter Forces and eBusiness Models
Porter Forces and eBusiness ModelsPorter Forces and eBusiness Models
Porter Forces and eBusiness ModelsUpekha Vandebona
 
Porter Forces and eBusiness Strategies
Porter Forces and eBusiness StrategiesPorter Forces and eBusiness Strategies
Porter Forces and eBusiness StrategiesUpekha Vandebona
 
Revenue Models for e-Business on The Web
Revenue Models for e-Business on The WebRevenue Models for e-Business on The Web
Revenue Models for e-Business on The WebUpekha Vandebona
 
Michael Porter’s Five Forces
Michael Porter’s Five ForcesMichael Porter’s Five Forces
Michael Porter’s Five ForcesUpekha Vandebona
 
eCommerce Business Strategies
eCommerce Business StrategieseCommerce Business Strategies
eCommerce Business StrategiesUpekha Vandebona
 
Supply Chain Management, Customer Relationship Management and Knowledge Manag...
Supply Chain Management, Customer Relationship Management and Knowledge Manag...Supply Chain Management, Customer Relationship Management and Knowledge Manag...
Supply Chain Management, Customer Relationship Management and Knowledge Manag...Upekha Vandebona
 
Direct to Customer Interaction through eBusiness
Direct to Customer Interaction through eBusinessDirect to Customer Interaction through eBusiness
Direct to Customer Interaction through eBusinessUpekha Vandebona
 
eBusiness Benefits and Issues
eBusiness Benefits and IssueseBusiness Benefits and Issues
eBusiness Benefits and IssuesUpekha Vandebona
 
Orientation of eBusiness Applications
Orientation of eBusiness ApplicationsOrientation of eBusiness Applications
Orientation of eBusiness ApplicationsUpekha Vandebona
 
Professional and Ethical, Issues and Responsibilities
Professional and Ethical, Issues and ResponsibilitiesProfessional and Ethical, Issues and Responsibilities
Professional and Ethical, Issues and ResponsibilitiesUpekha Vandebona
 
Organizational Context - Processes
Organizational Context - ProcessesOrganizational Context - Processes
Organizational Context - ProcessesUpekha Vandebona
 
Professional Communication in Computing - Writing
Professional Communication in Computing - WritingProfessional Communication in Computing - Writing
Professional Communication in Computing - WritingUpekha Vandebona
 
Professional Communication in Computing
Professional Communication in ComputingProfessional Communication in Computing
Professional Communication in ComputingUpekha Vandebona
 
Virtual Valipilla - Air Gesture Based Tool for Practicing Writing
Virtual Valipilla - Air Gesture Based Tool for Practicing WritingVirtual Valipilla - Air Gesture Based Tool for Practicing Writing
Virtual Valipilla - Air Gesture Based Tool for Practicing WritingUpekha Vandebona
 

More from Upekha Vandebona (20)

Software Engineering Ethics
Software Engineering EthicsSoftware Engineering Ethics
Software Engineering Ethics
 
Need for Software Engineering
Need for Software EngineeringNeed for Software Engineering
Need for Software Engineering
 
Characteristics of Software
Characteristics of SoftwareCharacteristics of Software
Characteristics of Software
 
Introduction to Software Engineering
Introduction to Software EngineeringIntroduction to Software Engineering
Introduction to Software Engineering
 
Porter Forces and eBusiness Models
Porter Forces and eBusiness ModelsPorter Forces and eBusiness Models
Porter Forces and eBusiness Models
 
Porter Forces and eBusiness Strategies
Porter Forces and eBusiness StrategiesPorter Forces and eBusiness Strategies
Porter Forces and eBusiness Strategies
 
Revenue Models for e-Business on The Web
Revenue Models for e-Business on The WebRevenue Models for e-Business on The Web
Revenue Models for e-Business on The Web
 
Michael Porter’s Five Forces
Michael Porter’s Five ForcesMichael Porter’s Five Forces
Michael Porter’s Five Forces
 
eCommerce Business Strategies
eCommerce Business StrategieseCommerce Business Strategies
eCommerce Business Strategies
 
Supply Chain Management, Customer Relationship Management and Knowledge Manag...
Supply Chain Management, Customer Relationship Management and Knowledge Manag...Supply Chain Management, Customer Relationship Management and Knowledge Manag...
Supply Chain Management, Customer Relationship Management and Knowledge Manag...
 
eBusiness Roadmap
eBusiness RoadmapeBusiness Roadmap
eBusiness Roadmap
 
eBusiness Environment
eBusiness EnvironmenteBusiness Environment
eBusiness Environment
 
Direct to Customer Interaction through eBusiness
Direct to Customer Interaction through eBusinessDirect to Customer Interaction through eBusiness
Direct to Customer Interaction through eBusiness
 
eBusiness Benefits and Issues
eBusiness Benefits and IssueseBusiness Benefits and Issues
eBusiness Benefits and Issues
 
Orientation of eBusiness Applications
Orientation of eBusiness ApplicationsOrientation of eBusiness Applications
Orientation of eBusiness Applications
 
Professional and Ethical, Issues and Responsibilities
Professional and Ethical, Issues and ResponsibilitiesProfessional and Ethical, Issues and Responsibilities
Professional and Ethical, Issues and Responsibilities
 
Organizational Context - Processes
Organizational Context - ProcessesOrganizational Context - Processes
Organizational Context - Processes
 
Professional Communication in Computing - Writing
Professional Communication in Computing - WritingProfessional Communication in Computing - Writing
Professional Communication in Computing - Writing
 
Professional Communication in Computing
Professional Communication in ComputingProfessional Communication in Computing
Professional Communication in Computing
 
Virtual Valipilla - Air Gesture Based Tool for Practicing Writing
Virtual Valipilla - Air Gesture Based Tool for Practicing WritingVirtual Valipilla - Air Gesture Based Tool for Practicing Writing
Virtual Valipilla - Air Gesture Based Tool for Practicing Writing
 

Recently uploaded

DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersSabitha Banu
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxAshokKarra1
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomnelietumpap1
 
Science 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxScience 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxMaryGraceBautista27
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYKayeClaireEstoconing
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17Celine George
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4MiaBumagat1
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...Nguyen Thanh Tu Collection
 
Q4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptxQ4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptxnelietumpap1
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfTechSoup
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designMIPLM
 
4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptxmary850239
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Celine George
 

Recently uploaded (20)

DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptx
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choom
 
Science 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxScience 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptx
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
 
Q4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptxQ4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptx
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-design
 
4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17
 

Privacy and Civil Liberties

  • 1. Chapter 9 - Privacy and Civil Liberties IT 5105 – Professional Issues in IT Upekha Vandebona upe.vand@gmail.com Regulations Abroad [USA and EU] Ref : George W. Reynolds, “Ethics in Information Technology” , 5th Edition.
  • 2. Privacy Violations for Making Decisions  Hire a job candidate (Specifically in IT industry)  Consumers’ purchasing habits and financial condition for target marketing efforts to consumers who are most likely to buy their products and services.
  • 3. Privacy Violations for Making Decisions - Defending Arguments  Organizations also need basic information about customers to serve them better.  It is hard to imagine an organization having productive relationships with its customers without having data about them.
  • 4. Right to Privacy/ Information Privacy  Information privacy is the combination of communications privacy (the ability to communicate with others without those communications being monitored by other persons or organizations) data privacy (the ability to limit access to one’s personal data by other individuals and organizations in order to exercise a substantial degree of control over that data and its use).
  • 5. Areas  Financial Data,  Health Information,  Children’s Personal Data,  Fair Information Practices,  Electronic Surveillance, and Access to Government Records. ***
  • 6. Financial Data  Individuals must reveal much of their personal financial data in order to take advantage of the wide range of financial products and services available.  To access many of these financial products and services, individuals must use a personal logon name, password, account number, or PIN.  The inadvertent loss or disclosure of this personal financial data carries a high risk of loss of privacy and potential financial loss.
  • 7. Gramm-Leach-Bliley Act (1999) - USA  GLBA or Financial Services Modernization Act.  Three key rules that affect personal privacy  Implications after the law was passed.
  • 8. 1) Financial Privacy Rule  This rule established mandatory guidelines for the collection and disclosure of personal financial information by financial organizations.  Under this provision, financial institutions must provide a privacy notice to each consumer that explains what data about the consumer is gathered, with whom that data is shared, how the data is used, and how the data is protected.
  • 9. 1) Financial Privacy Rule  The notice must also explain the consumer’s right to opt out  to refuse to give the institution the right to collect and share personal data with unaffiliated parties.  Anytime a company’s privacy policy is changed, customers must be contacted again and given the right to opt out.  The privacy notice must be provided to the consumer at the time the consumer relationship is formed and once each year thereafter.
  • 10. 1) Financial Privacy Rule  Customers who take no action automatically opt in and give financial institutions the right to share personal data, such as annual earnings, net worth, employers, personal investment information, loan amounts, and Social Security numbers, to other financial institutions.
  • 11. 2) Safeguards Rule  This rule requires each financial institution to document a data security plan describing the company’s preparation and plans for the ongoing protection of clients’ personal data.
  • 12. 3) Pretexting Rule  This rule addresses attempts by people to access personal information without proper authority by such means as impersonating an account holder or phishing.  GLBA encourages financial institutions to implement safeguards against pretexting.
  • 13. Health Information  The use of electronic medical records and the subsequent interlinking and transferring of this electronic information among different organizations has become widespread.  Individuals fear intrusions into their health data by employers, schools, insurance firms, law enforcement agencies, and even marketing firms looking to promote their products and services.
  • 14. HIPPA - Health Insurance Portability Act - USA -1996  To improve the portability and continuity of health insurance coverage; to reduce fraud, waste, and abuse in health insurance and healthcare delivery; and to simplify the administration of health insurance.
  • 15. HIPPA - Health Insurance Portability Act  Requires healthcare organizations to employ standardized electronic transactions, codes, and identifiers to enable them to fully digitize medical records, thus making it possible to exchange medical data over the Internet.
  • 16. Privacy Under the HIPAA Provisions  Healthcare providers must obtain written consent from patients prior to disclosing any information in their medical records.  Thus, patients need to sign a HIPAA disclosure form each time they are treated at a hospital, and such a form must be kept on file with their primary care physician.  In addition, healthcare providers are required to keep track of everyone who receives information from a patient’s medical file.
  • 17. Privacy Under the HIPAA Provisions  Healthcare companies must appoint a privacy officer to develop privacy policies and procedures as well as train employees on how to handle sensitive patient data.  These actions must address the potential for unauthorized access to data by outside hackers as well as the more likely threat of internal misuse of data.
  • 18. Privacy Under the HIPAA Provisions  HIPAA assigns responsibility to healthcare organizations, as the originators of individual medical data, for certifying that their business partners also comply with HIPAA security and privacy rules.
  • 19. Children’s Personal Data  Facts How much hours teens spend on surfing the web per week? Does parents have the idea what they are looking at online? High percentage of teens have received an online request for personal information. High percentage of children have been approached online by a stranger.
  • 20. Children’s Personal Data  Many people feel that there is a need to protect children from being exposed to inappropriate material and online predators; becoming the target of harassment; divulging personal data; and becoming involved in gambling or other inappropriate behavior.  To date, only a few laws have been implemented to protect children online.  How does this conflict with freedom of expression?
  • 21. FERPA - Family Educational Rights and Privacy Act (1974) - USA  Assigns certain rights to parents regarding their children’s educational records.  These rights transfer to the student once the student reaches the age of 18 or if he or she attends a school beyond the high school level.  Under FERPA, the presumption is that a student’s records are private and not available to the public without the consent of the student.
  • 22. FERPA - Family Educational Rights and Privacy Act (1974) - USA  These rights include the right to access educational records maintained by a school; the right to demand that educational records be disclosed only with student consent; the right to amend educational records; and the right to file complaints against a school for disclosing educational records in violation of FERPA
  • 23. COPPA - Children’s Online Privacy Protection Act (1998) - USA  As an attempt to give parents control over the collection, use, and disclosure of their children’s personal information; it does not cover the dissemination of information to children.  Any Web site that caters to children must offer comprehensive privacy policies, notify parents or guardians about its data collection practices, and receive parental consent before collecting any personal information from children under 13 years of age.
  • 24. COPPA - Children’s Online Privacy Protection Act (1998) - USA  The law has had a major impact and has required many companies to spend hundreds of thousands of dollars to make their sites compliant; other companies eliminated preteens as a target audience.
  • 25. Fair Information Practices  Fair information practices is a term for a set of guidelines that govern the collection and use of personal data.  Various organizations as well as countries have developed their own set of such guidelines and call them by different names.
  • 26. Fair Information Practices  The overall goal of such guidelines is to stop the unlawful storage of personal data, eliminate the storage of inaccurate personal data, and prevent the abuse or unauthorized disclosure of such data.
  • 27. Fair Information Practices  For some organizations and countries, a key issue is the flow of personal data across national boundaries (transborder data flow).  Fair information practices are important because they form the underlying basis for many national laws addressing data privacy and data protection issues.
  • 28. European Union Data Protection Directive (1995)  Requires any company doing business within the borders of the countries comprising the European Union to implement a set of privacy directives on the fair and appropriate use of information.  Basically, this directive requires member countries to ensure that data transferred to non-European Union (EU) countries is protected.
  • 29. European Union Data Protection Directive (1995)  It also bars the export of data to countries that do not have data privacy protection standards comparable to those of the EU.  For example, in 2012, the European Commission approved New Zealand as a country that provides “adequate protection” of personal data under the directive so that personal information from Europe may flow freely to New Zealand.
  • 30. EU Data Protection Directive Rules  Notice—An individual has the right to know if his or her personal data is being collected, and any data must be collected for clearly stated, legitimate purposes.  Choice—An individual has the right to elect not to have his or her personal data collected.  Use—An individual has the right to know how personal data will be used and the right to restrict its use.  Security—Organizations must “implement appropriate technical and organizations measures” to protect personal data, and the individual has the right to know what these measures are.  Correction—An individual has the right to challenge the accuracy of the data and to provide corrected data.  Enforcement—An individual has the right to seek legal relief through appropriate channels to protect privacy rights.
  • 31. What is the Sri Lankan Context?
  • 32. MCQ  The purpose of the Bill of Rights was to; a) grant additional powers to the government b) identify exceptions to specific portions of the Constitution c) identify additional rights of individuals d) identify requirements for being a “good” citizen
  • 33. MCQ  In USA under the provisions of ___________, healthcare providers must obtain written consent from patients prior to disclosing any information in their medical records. a) HIPAA b) COPPA c) Computer Crimes Act No. 24 of 2007 d) FERPA e) ADA Section 508
  • 34. MCQ  According to the Children’s Online Privacy Protection Act, a Web site that caters to children must: a) offer comprehensive privacy policies b) notify parents or guardians about its data collection practices c) receive parental consent before collecting any personal information from preteens d) all of the above
  • 35. MCQ  In USA, ________ is a federal law that assigns certain rights to parents regarding their children’s educational records. a) HIPAA b) COPPA c) Computer Crimes Act No. 24 of 2007 d) FERPA e) ADA Section 508
  • 36. MCQ  Which of the following identifies the numbers dialed for outgoing calls? a) pen register b) wiretap c) trap and trace d) all of the above
  • 37. True / False ?  Sri Lanka has a single, overarching national data privacy policy. True or False?  The European philosophy of addressing privacy concerns employs strict government regulation, including enforcement by a set of commissioners; it differs greatly from the U.S. philosophy of having no federal privacy policy. True or False?
  • 38. Fill Blanks  A(n)____________ is a text file that a Web site can download to a visitor’s hard drive to identify visitors on subsequent visits.
  • 39. Short Answers  What is a pen register?
  • 40. Justify  Are surveillance cameras worth the cost in terms of resources and loss of privacy, given the role that they play in deterring or solving crimes?  Do you feel that information systems to fight terrorism should be developed and used even if they infringe the privacy rights of ordinary citizens? Mail me the justification if anyone interested to answer
  • 41. Justify  Why do employers monitor workers? Do you think they have the right to do so? Mail me the justification if anyone interested to answer
  • 42. What Would You Do? - Scenario 1  You are a recent college graduate with only a year of experience with your employer. You were recently promoted to Head of Administration of email services.  You are quite surprised to receive a phone call at home on a Saturday from the Chief Financial Officer of the firm asking that you immediately delete all email from all email servers, including the archive and back-up servers, that is older than six months.
  • 43. What Would You Do? - Scenario 1  He states that the reason for his request is that there have been an increasing number of complaints about the slowness of email services. In addition, he says he is concerned about the cost of storing so much email.  This does not sound right to you because you recently have taken several measures that have speeded up email services.  An alarm goes off when you recall muted conversations in the lunchroom last week about an officer of the company passing along inside trade information to an outsider.  What do you say to the Chief Financial Officer? Why?
  • 44. What Would You Do? - Scenario 2  You are a new brand manager for a product line of gardening equipments. You are considering collecting information from various organizations about the people who are going to retiring from their service. The information which includes list of names and their mailing addresses, places of living, lands owned, email addresses, annual income received, and highest level of education achieved.  You could use the data to identify likely purchasers of your gardening equipments, and you could then send those people emails announcing the new product line and touting its many features.  List the advantages and disadvantages of such a marketing strategy. Would you recommend this means of promotion in this instance? Why or why not?
  • 45. What Would You Do? - Scenario 3  Your company is rolling out a training program to ensure that everyone is familiar with the company’s Internet usage policy.  As a member of the Human Resources Department, you have been asked to develop a key piece of the training relating to why this policy is needed.  What kind of concerns can you expect your audience to raise? How can you deal with this anticipated resistance to the policy?

Editor's Notes

  1. , including credit cards, checking and savings accounts, loans, payroll direct deposit, and brokerage accounts. Individuals should be concerned about how this personal data is protected by businesses and other organizations and whether or not it is shared with other people or companies.
  2. Is a bank deregulation law. Repealed Glass-Steagall law. Glass-Steagall prohibited any one institution from offering investment, commercial banking, and insurance services; individual companies were only allowed to offer one of those types of financial service products. GLBA enabled such entities to merge. After the law was passed, financial institutions resorted to mass mailings to contact their customers with privacy-disclosure forms. As a result, many people received a dozen or more similar-looking forms—one from each financial institution with which they did business. However, most people did not take the time to read the long forms, which were printed in small type and full of legalese. Rather than making it easy for customers to opt out, the documents required that consumers send one of their own envelopes to a specific address and state in writing that they wanted to opt out—all this rather than sending a simple prepaid postcard that allowed customers to check off their choice. As a result, most customers threw out the forms without grasping their full implications and thus, by default, agreed to opt in to the collection and sharing of their personal data.
  3. Individuals are rightly concerned about the erosion of privacy of data concerning their health.
  4. (billing agents, insurers, debt collectors, research firms, government agencies, and charitable organizations)
  5. c
  6. a
  7. d
  8. d
  9. a
  10. F T
  11. Email Deletion Policy - Verbal? Approvals? 1 year experience/ recent promotion Inform relevant parties - No allegation